Ga naar inhoud

pc start niet meer op na virusmelding

Criz

Door Criz
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

Criz Verkenner

Criz

Geplaatst:
  • Auteur
Geplaatst:

De log van MBAM:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4535

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

3-9-2010 18:06:07

mbam-log-2010-09-03 (18-06-07).txt

Scantype: Snelle scan

Objecten gescand: 156656

Verstreken tijd: 12 minuut/minuten, 24 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 7

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 3

Bestanden geïnfecteerd: 14

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83ae426e-2e31-4652-8f87-f1f0da651c80} (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

C:\Documents and Settings\PC\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Documents and Settings\PC\Local Settings\Temp\1F2.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\1F3.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\1F4.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\1F6.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\mwcxsaonre.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\rxcsoawmen.tmp (Adware.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\st_witty820_1930.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\xocrnwmase.tmp (Adware.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\xsnaemwocr.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\2A3QETAR\mediafix70700en02[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Temp\utt978.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

---------- Post toegevoegd om 16:15 ---------- Vorige post was om 16:13 ----------

En de log van Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:14:38, on 3-9-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\B17WV4AU\HijackThis[1].exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {58C0DB29-2464-45B6-A2A6-7860939F3295} - c:\windows\system32\bwzgtve.dll (file missing)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [ccApp] -

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://assets.wrts.nl (HKLM)

O15 - Trusted Zone: Wrts (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230233343918

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 12645 bytes

---------- Post toegevoegd om 16:19 ---------- Vorige post was om 16:15 ----------

Overigens, toen ik de computer opnieuw opstartte, kreeg ik weer een BSOD te zien. Dus ik moest opnieuw in de veilige modus komen. Ik heb met MBAM de geïnfecteerde bestanden verwijderd, maar nog zit er iets niet goed dan? Of ben ik nog niet klaar met het proces?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  • Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
Criz Verkenner

Criz

Geplaatst:
  • Auteur
Geplaatst:

Oke, combofix geïnstalleerd. Alleen er is een probleem, ik krijg mijn norton niet uitgeschakeld. Ik kan zelf norton niet openen. Ik krijg telkens bericht dat norton niet geopend kan worden in de veilige modus. Wat ik dan wel weer kan is een volledige systeemscan uitvoeren, maar daarmee open ik niet het hoofdscherm waar ik het kan uitschakelen... Ik kan het er misschien wel afgooien? Ik was toch al van plan om een ander antivirus te installeren, omdat norton er niks van bakt en alleen maar de pc trager maakt.

Link naar reactie
Delen op andere sites
Kurtt Grootmeester

Kurtt

Geplaatst:
Geplaatst:

Elk antivirus programma maakt je pc trager. Spijtig genoeg heb je ze nodig. Maar er zijn er enkele die erg weinig achtergrondgeheugen gebruiken zoals Avira en Avast.

Je mag via Configuratiescherm Norton verwijderen, tenzij je natuurlijk maandelijks een bedrag moet betalen voor de updates. Dan zou ik deze nog houden tot de licentie verstreken is.

Link naar reactie
Delen op andere sites
Criz Verkenner

Criz

Geplaatst:
  • Auteur
Geplaatst:

Oke, heb uiteindelijk toch combifox kunnen laten draaien. Na 3x opnieuw opgestart te worden en vele controles, zit ik nu weer in het normale scherm en niet meer in de veilige modus. Ik post nog een log van Combifox:

ComboFix 10-09-02.04 - PC 03-09-2010 20:02:32.1.2 - x86

Gestart vanuit: c:\documents and settings\PC\Bureaublad\ComboFix.exe

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\PC\LOCALS~1\Temp\install_flash_player.exe

c:\documents and settings\PC\Application Data\B16AB583E88322B7BD1C104879BFC72F

c:\documents and settings\PC\Application Data\B16AB583E88322B7BD1C104879BFC72F\enemies-names.txt

c:\documents and settings\PC\Application Data\B16AB583E88322B7BD1C104879BFC72F\local.ini

c:\documents and settings\PC\Application Data\B16AB583E88322B7BD1C104879BFC72F\mediafix70700en02.exe

c:\documents and settings\PC\Local Settings\Application Data\Windows Server

c:\documents and settings\PC\Local Settings\Application Data\Windows Server\server.dat

c:\program files\HyperCam Toolbar\tbHElper.dll

c:\windows\10104sz9295.bin

c:\windows\107159acktool1az.bin

c:\windows\1335zhacktoo9680.bin

c:\windows\136dthze5t29890.bin

c:\windows\13z51not-a-viru9315.bin

c:\windows\1454zhacktool929.bin

c:\windows\16538trzj959.bin

c:\windows\16985vzr5s793.bin

c:\windows\19528not-5-ziru91e2.bin

c:\windows\1z84spar5e2859.bin

c:\windows\1z867h9cktool3cb5.bin

c:\windows\2080do95loader2z15.bin

c:\windows\23090h5cktoolz51.bin

c:\windows\23537za9ktool5f9.bin

c:\windows\23789ha9kt5ol54az.bin

c:\windows\241825a9ktool3a1z.bin

c:\windows\24595not-5-v9zus6c2.bin

c:\windows\2460s9yware29z35.bin

c:\windows\25678not-a-vzr9s51.bin

c:\windows\25687spambotzc59.bin

c:\windows\25775zpy5159.bin

c:\windows\25ae5ir9928z.bin

c:\windows\26072zpy2495.bin

c:\windows\27c5bzckdoor9911.bin

c:\windows\2871z5irus5d9.bin

c:\windows\29c5th5efz443.bin

c:\windows\29czb5ckdoor2738.bin

c:\windows\31938spa5bot319z.bin

c:\windows\322azhi591083.bin

c:\windows\39z29w5rm5e6.bin

c:\windows\3ad9spywarz5475.bin

c:\windows\3d81backzoor4579.bin

c:\windows\3e2d5pyw9ze3062.bin

c:\windows\47559roj47cz.bin

c:\windows\55dct9ief753z.bin

c:\windows\565steal23z95.bin

c:\windows\57e49parze1509.bin

c:\windows\598zsp5rse1416.bin

c:\windows\59easzeal5699.bin

c:\windows\5dthrezt254859.bin

c:\windows\5zafspyware5199.bin

c:\windows\6163downlozde93569.bin

c:\windows\61z2t5reat259539.bin

c:\windows\63b0b9ckdzor5250.bin

c:\windows\6424sp5zs91792.bin

c:\windows\65339teal25z0.bin

c:\windows\653dspywa9ez635.bin

c:\windows\6758threat969z0.bin

c:\windows\69e0s5yware2869z.bin

c:\windows\79d7zparse5142.bin

c:\windows\84379o5m4a2z.bin

c:\windows\911cbackdozr653.bin

c:\windows\92795zj639.bin

c:\windows\9685addzar5450.bin

c:\windows\97dzvi5631.bin

c:\windows\9z45troj453.bin

c:\windows\9z4775py2a3.bin

c:\windows\9z89thief2590.bin

c:\windows\ac0z9reat275325.bin

c:\windows\system32\10630worm52z9.bin

c:\windows\system32\10dddowz5oade9984.bin

c:\windows\system32\13e4zp95se2069.bin

c:\windows\system32\14356sp9mbot35z.bin

c:\windows\system32\1581a9dware115z.bin

c:\windows\system32\15857sp9mbzt704.bin

c:\windows\system32\15968nzt-a-virus5245.bin

c:\windows\system32\15986zirus513.bin

c:\windows\system32\1709zhacktool5f5.bin

c:\windows\system32\1970zwor54ad.bin

c:\windows\system32\19dfthz5f890.bin

c:\windows\system32\19z635py33a.bin

c:\windows\system32\1z342worm4559.bin

c:\windows\system32\1z512spy34f9.bin

c:\windows\system32\1z815not-a-virus495.bin

c:\windows\system32\20263noz-a-v9rus5e0.bin

c:\windows\system32\22560t9oj2az.bin

c:\windows\system32\24996spy995z.bin

c:\windows\system32\25505w9rmc4z.bin

c:\windows\system32\259fba5kdoor18z1.bin

c:\windows\system32\25z6vir1590.bin

c:\windows\system32\27z95vi5us239.bin

c:\windows\system32\29847zpa9bot55d.bin

c:\windows\system32\300559rmz52.bin

c:\windows\system32\30729spambot23z5.bin

c:\windows\system32\30829hac95oolz3.bin

c:\windows\system32\30905not5a-vizus65a.bin

c:\windows\system32\31547trz9705.bin

c:\windows\system32\3498w9r5z21.bin

c:\windows\system32\3657zi91198.bin

c:\windows\system32\3d74stea95z3.bin

c:\windows\system32\3z845hacktoo94af.bin

c:\windows\system32\4185t5oze9.bin

c:\windows\system32\4255baczdoor2941.bin

c:\windows\system32\49z7a5d9are831.bin

c:\windows\system32\4db5th9ezt21139.bin

c:\windows\system32\51efsteal2z159.bin

c:\windows\system32\5386zt9al798.bin

c:\windows\system32\5392viru53z8.bin

c:\windows\system32\5590vzr5579.bin

c:\windows\system32\585zthi5f1799.bin

c:\windows\system32\5957spy9zf.bin

c:\windows\system32\59835troz6e3.bin

c:\windows\system32\5d0e9hiez574.bin

c:\windows\system32\5de29parsz489.bin

c:\windows\system32\5e1cvir5945z.bin

c:\windows\system32\5e2zdownload9r550.bin

c:\windows\system32\5e96zir2905.bin

c:\windows\system32\6259spambzt5bd.bin

c:\windows\system32\6423th5ez1299.bin

c:\windows\system32\6571spzware18469.bin

c:\windows\system32\6786spywzre598.bin

c:\windows\system32\68ezdo5nloade91517.bin

c:\windows\system32\6995szarse25799.bin

c:\windows\system32\69bddown9za5er289.bin

c:\windows\system32\69e2s5ealz735.bin

c:\windows\system32\6d7d9parse58z.bin

c:\windows\system32\6ecz59eal2566.bin

c:\windows\system32\7555spz5139.bin

c:\windows\system32\7919s9arse2657z.bin

c:\windows\system32\7e5bspyz9re589.bin

c:\windows\system32\7z485hie9284.bin

c:\windows\system32\9055viz1172.bin

c:\windows\system32\91z5thief2520.bin

c:\windows\system32\92f7sza5se2748.bin

c:\windows\system32\96995zorm55f.bin

c:\windows\system32\96zaddware519.bin

c:\windows\system32\99cev5r8z5.bin

c:\windows\system32\99z9virus5de.bin

c:\windows\system32\9c53threzt28529.bin

c:\windows\system32\a81ste9l518z.bin

c:\windows\system32\bwzgtve.dll

c:\windows\system32\drivers\vrrneprd.sys

c:\windows\system32\drivers\xrgbmsgc.sys

c:\windows\system32\oqonyrc.dll

c:\windows\system32\z8023wo5m5559.bin

c:\windows\system32\z85thi5f9715.bin

c:\windows\system32\z9719not-a-9irus5d8.bin

c:\windows\system32\zf59vir2659.bin

c:\windows\z3525worm7a19.bin

c:\windows\z3aet9reat51896.bin

Besmet exemplaar van c:\windows\system32\drivers\atapi.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NQIVFYZL

-------\Legacy_VRRNEPRD

-------\Service_nqivfyzl

-------\Service_vrrneprd

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))))

.

2010-09-03 15:28 . 2010-09-03 15:28 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes

2010-09-03 15:28 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-03 15:28 . 2010-09-03 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-03 15:28 . 2010-09-03 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-03 15:28 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-03 13:33 . 2010-09-03 13:33 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2010-08-23 19:25 . 2010-08-23 19:25 -------- d-----w- c:\program files\QuickTime

2010-08-23 19:19 . 2010-08-23 19:19 -------- d-----w- c:\program files\iPod

2010-08-23 19:14 . 2010-08-23 19:14 -------- d-----w- c:\program files\Bonjour

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-03 18:29 . 2010-03-02 07:18 -------- d-----w- c:\documents and settings\PC\Application Data\LimeWire

2010-09-03 18:27 . 2010-01-04 13:12 -------- d-----w- c:\program files\DNA

2010-09-03 18:27 . 2010-01-04 13:12 -------- d-----w- c:\documents and settings\PC\Application Data\DNA

2010-09-03 18:19 . 2010-02-15 11:10 -------- d-----w- c:\program files\HyperCam Toolbar

2010-09-03 17:39 . 2009-10-04 08:08 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-30 13:02 . 2009-10-04 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-08-23 19:23 . 2010-02-17 10:46 -------- d-----w- c:\program files\Safari

2010-08-23 19:20 . 2010-05-18 13:44 -------- d-----w- c:\program files\iTunes

2010-08-23 19:19 . 2009-11-18 15:56 -------- d-----w- c:\program files\Common Files\Apple

2010-08-17 15:29 . 2010-01-23 09:57 -------- d-----w- c:\program files\PHPNukeEN

2010-08-17 09:38 . 2008-12-25 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-17 09:36 . 2004-08-04 12:00 536876 ----a-w- c:\windows\system32\perfh013.dat

2010-08-17 09:36 . 2004-08-04 12:00 101510 ----a-w- c:\windows\system32\perfc013.dat

2010-07-18 12:08 . 2010-07-18 11:36 -------- d-----w- c:\program files\Silkroad

2010-07-17 14:09 . 2010-07-17 09:19 -------- d-----w- c:\program files\Metin2

2010-07-10 12:44 . 2010-07-10 12:44 -------- d-----w- c:\documents and settings\PC\Application Data\Xilisoft

2010-07-10 12:43 . 2010-07-10 12:43 -------- d-----w- c:\program files\Xilisoft

2010-07-09 11:58 . 2009-10-04 08:13 -------- d-----w- c:\program files\Norton Internet Security

2010-07-06 04:50 . 2010-03-30 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-06-30 12:33 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-04 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2008-12-25 18:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:43 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2009-04-05 09:17 . 2009-04-05 09:17 307336 ----a-w- c:\program files\Everest_Poker.exe

2009-04-05 08:53 . 2009-04-05 08:53 10405264 ----a-w- c:\program files\PokerStarsInstall.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-04 323392]

"Google Update"="c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-08 135664]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-30 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="-" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-05 26248]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-03 202256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PC\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57719:TCP"= 57719:TCP:Pando Media Booster

"57719:UDP"= 57719:UDP:Pando Media Booster

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27-5-2010 22:39 102448]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [13-6-2009 18:11 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [13-6-2009 18:11 79104]

S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?]

S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21-3-2009 18:45 685816]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - COMHOST

*NewlyCreated* - VRRNEPRD

*Deregistered* - vrrneprd

.

Inhoud van de 'Gedeelde Taken' map

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-823518204-839522115-1003Core.job

- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 07:50]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-823518204-839522115-1003UA.job

- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 07:50]

2009-11-20 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]

2009-11-20 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-01-07 19:23]

2010-08-27 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan - PC.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 21:38]

2010-09-03 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-823518204-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-823518204-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: wrts.nl\assets

Trusted Zone: wrts.nl\www

FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\f4jemltx.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\f4jemltx.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\PC\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Musicnotes\npmusicn.dll

FF - plugin: c:\program files\Musicnotes\NPSibelius.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-03 20:27

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]

"ImagePath"="-"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3752)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\system32\SearchProtocolHost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Real\RealPlayer\RealPlay.exe

c:\windows\system32\SearchFilterHost.exe

c:\windows\system32\ssstars.scr

.

**************************************************************************

.

Voltooingstijd: 2010-09-03 20:40:28 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-03 18:40

Pre-Run: 382.998.503.424 bytes beschikbaar

Post-Run: 384.942.329.856 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B6C41E364DA373F9F5BE74D5E72E7B40

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Hier heeft Combofix een behoorlijke hap besmette bestanden van de PC gehaald :sad

Dit mag je nog doen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\XDva317.sys

c:\windows\system32\XDva321.sys

Folder::

c:\program files\PHPNukeEN

Driver::

XDva321

XDva317

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
Criz Verkenner

Criz

Geplaatst:
  • Auteur
Geplaatst:

Oke, alle aanwijzingen opgevolgd. CombiFox deed er wel lang over, maar heb uiteindelijk weer een mooie waslijst aan rare termen die me niet veel zeggen

De log van CombiFox:

ComboFix 10-09-02.04 - PC 03-09-2010 21:31:21.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2815.2054 [GMT 2:00]

Gestart vanuit: c:\documents and settings\PC\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\PC\Bureaublad\CFScript.txt

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::

"c:\windows\system32\XDva317.sys"

"c:\windows\system32\XDva321.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\PHPNukeEN

c:\program files\PHPNukeEN\INSTALL.LOG

c:\program files\PHPNukeEN\PHPNukeENToolbarHelper.exe

c:\program files\PHPNukeEN\tbPHP0.dll

c:\program files\PHPNukeEN\tbPHP1.dll

c:\program files\PHPNukeEN\tbPHPN.dll

c:\program files\PHPNukeEN\toolbar.cfg

c:\program files\PHPNukeEN\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_XDVA317

-------\Legacy_XDVA321

-------\Service_XDva317

-------\Service_XDva321

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))))

.

2010-09-03 15:28 . 2010-09-03 15:28 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes

2010-09-03 15:28 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-03 15:28 . 2010-09-03 15:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-03 15:28 . 2010-09-03 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-03 15:28 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-03 13:33 . 2010-09-03 13:33 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2010-08-23 19:25 . 2010-08-23 19:25 -------- d-----w- c:\program files\QuickTime

2010-08-23 19:19 . 2010-08-23 19:19 -------- d-----w- c:\program files\iPod

2010-08-23 19:14 . 2010-08-23 19:14 -------- d-----w- c:\program files\Bonjour

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-03 20:04 . 2010-03-02 07:18 -------- d-----w- c:\documents and settings\PC\Application Data\LimeWire

2010-09-03 20:03 . 2010-01-04 13:12 -------- d-----w- c:\program files\DNA

2010-09-03 20:03 . 2010-01-04 13:12 -------- d-----w- c:\documents and settings\PC\Application Data\DNA

2010-09-03 18:50 . 2009-10-04 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-09-03 18:19 . 2010-02-15 11:10 -------- d-----w- c:\program files\HyperCam Toolbar

2010-09-03 17:39 . 2009-10-04 08:08 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-23 19:23 . 2010-02-17 10:46 -------- d-----w- c:\program files\Safari

2010-08-23 19:20 . 2010-05-18 13:44 -------- d-----w- c:\program files\iTunes

2010-08-23 19:19 . 2009-11-18 15:56 -------- d-----w- c:\program files\Common Files\Apple

2010-08-17 09:38 . 2008-12-25 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-17 09:36 . 2004-08-04 12:00 536876 ----a-w- c:\windows\system32\perfh013.dat

2010-08-17 09:36 . 2004-08-04 12:00 101510 ----a-w- c:\windows\system32\perfc013.dat

2010-07-18 12:08 . 2010-07-18 11:36 -------- d-----w- c:\program files\Silkroad

2010-07-17 14:09 . 2010-07-17 09:19 -------- d-----w- c:\program files\Metin2

2010-07-10 12:44 . 2010-07-10 12:44 -------- d-----w- c:\documents and settings\PC\Application Data\Xilisoft

2010-07-10 12:43 . 2010-07-10 12:43 -------- d-----w- c:\program files\Xilisoft

2010-07-09 11:58 . 2009-10-04 08:13 -------- d-----w- c:\program files\Norton Internet Security

2010-07-06 04:50 . 2010-03-30 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-06-30 12:33 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-04 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2008-12-25 18:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:43 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2009-04-05 09:17 . 2009-04-05 09:17 307336 ----a-w- c:\program files\Everest_Poker.exe

2009-04-05 08:53 . 2009-04-05 08:53 10405264 ----a-w- c:\program files\PokerStarsInstall.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-04 323392]

"Google Update"="c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-08 135664]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-30 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-05 26248]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-03 202256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PC\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57719:TCP"= 57719:TCP:Pando Media Booster

"57719:UDP"= 57719:UDP:Pando Media Booster

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27-5-2010 22:39 102448]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [13-6-2009 18:11 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [13-6-2009 18:11 79104]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21-3-2009 18:45 685816]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - COMHOST

.

Inhoud van de 'Gedeelde Taken' map

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-823518204-839522115-1003Core.job

- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 07:50]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-823518204-839522115-1003UA.job

- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 07:50]

2009-11-20 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]

2009-11-20 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-01-07 19:23]

2010-08-27 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan - PC.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 21:38]

2010-09-03 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-823518204-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-823518204-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: wrts.nl\assets

Trusted Zone: wrts.nl\www

FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\f4jemltx.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\f4jemltx.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-PHPNukeEN Toolbar - c:\progra~1\PHPNUK~2\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-03 22:03

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]

"ImagePath"="-"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2640)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-03 22:14:02 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-03 20:13

ComboFix2.txt 2010-09-03 18:40

Pre-Run: 384.882.860.032 bytes beschikbaar

Post-Run: 384.813.920.256 bytes beschikbaar

- - End Of File - - 2616AF97CF936C3C30447D6326F44C81

---------- Post toegevoegd om 20:24 ---------- Vorige post was om 20:20 ----------

Oke, ik kan nu ineens wel weer Hijackthis installeren. Ik het is nu ineens niet meer geblokkeerd door een administratorwijziging...

Hierbij dus ook nog een log van Hijackthis, volgens mij ben ik bijna clean:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:22:39, on 3-9-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\B17WV4AU\HijackThis[1].exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://assets.wrts.nl (HKLM)

O15 - Trusted Zone: Wrts (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230233343918

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 13727 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:
Oke, ik kan nu ineens wel weer Hijackthis installeren. Ik het is nu ineens niet meer geblokkeerd door een administratorwijziging...
Tja, daar zitten de verbeteringen met Combofix voor iets tussen :-)

En het geheel ziet er volkomen netjes uit. Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder HijackThis via Software.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Link naar reactie
Delen op andere sites
  • 2 weken later...
Criz Verkenner

Criz

Geplaatst:
  • Auteur
Geplaatst:

Oke, nog super bedankt voor alles. Ik wist niet dat het met behulp van een aantal programma's mijn hele computer weer schoon kon zijn. Ik kreeg zelfs een melding dat ik te maken had met een rootkit, en die is er ook uit. Vroeger lieten we wel eens iemand langs komen die er wat verstand van had. Maar dan kregen we vaak een helemaal schone computer terug, dus dan waren ook al m'n bestanden kwijt. Jullie worden allemaal heel erg bedankt :)

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.