[OPGELOST] Windows Vista Virtumonde

[lolleflikker]

ComboFix log:

ComboFix 08-05-15.3 - Gebruiker 2008-05-18 15:11:24.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.922 [GMT 2:00]

Gestart vanuit: C:\Users\Gebruiker\Downloads\ComboFix.exe

Command switches used :: C:\Users\Gebruiker\Downloads\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

C:\Windows\System32\aitoftlb.exe

C:\Windows\System32\bmsjcojk.dll

C:\Windows\System32\gqxxceaj.dll

C:\Windows\System32\jbpxfyhe.dll

C:\Windows\System32\ltyjhywy.dll

C:\Windows\System32\oeukhhjv.dll

C:\Windows\System32\oncbpjbt.exe

C:\Windows\System32\qqagjtbu.exe

C:\Windows\System32\rtaslpxu.dll

C:\Windows\System32\woegcpcq.dll

C:\Windows\System32\woxxmcon.dll

C:\Windows\System32\wrvjkkpg.exe

C:\Windows\System32\xpsgvbnu.dll

C:\Windows\System32\yxpsbyae.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\System32\aitoftlb.exe

C:\Windows\System32\bmsjcojk.dll

C:\Windows\System32\gqxxceaj.dll

C:\Windows\System32\jbpxfyhe.dll

C:\Windows\System32\ltyjhywy.dll

C:\Windows\System32\ltyjhywy.dll\

C:\Windows\System32\oeukhhjv.dll

C:\Windows\System32\oncbpjbt.exe

C:\Windows\System32\qqagjtbu.exe

C:\Windows\System32\rtaslpxu.dll

C:\Windows\System32\woegcpcq.dll

C:\Windows\System32\woxxmcon.dll

C:\Windows\System32\wrvjkkpg.exe

C:\Windows\System32\xpsgvbnu.dll

C:\Windows\System32\yxpsbyae.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 12:51 --------- d-----w C:\Program Files\Bouwsoft

2008-05-18 08:50 --------- d-----w C:\Program Files\Windows Mail

2008-05-18 08:49 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-18 07:40 --------- d-----w C:\Program Files\Trend Micro

2008-05-17 13:55 9 ----a-w C:\Users\Gebruiker\AppData\Roaming\mdb.bin

2008-05-17 09:13 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-05-17 08:43 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-05-17 08:37 --------- d--h--w C:\Program Files\Wolfenstein - Enemy Territory

2008-05-14 15:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-05-14 15:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-14 14:34 --------- d-----w C:\ProgramData\Macrovision

2008-05-14 14:34 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared

2008-05-14 14:30 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-14 14:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-13 05:50 --------- d-----w C:\ProgramData\Trend Micro

2008-05-12 09:53 2,108 ----a-w C:\Users\Gebruiker\AppData\Roaming\wklnhst.dat

2008-05-10 06:54 --------- d-----w C:\ProgramData\NVIDIA

2008-05-05 19:18 --------- d--h--w C:\Program Files\EA GAMES

2008-05-03 18:46 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-05-03 18:46 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Atari

2008-05-03 18:37 --------- d-----w C:\Program Files\Common Files\PocketSoft

2008-05-03 18:33 --------- d--h--w C:\Program Files\Atari

2008-04-30 17:09 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Roxio

2008-04-30 13:43 --------- d-----w C:\Program Files\Fuji Fotoservice

2008-04-26 06:36 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-04-24 14:33 --------- d-----w C:\Program Files\Sun

2008-04-24 14:32 --------- d-----w C:\Program Files\Java

2008-04-23 17:35 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Autodesk

2008-04-23 17:35 --------- d-----w C:\Program Files\DWG TrueView 2009

2008-04-23 17:35 --------- d-----w C:\Program Files\Common Files\Autodesk Shared

2008-04-23 17:33 --------- d-----w C:\ProgramData\Autodesk

2008-04-17 20:20 174 --sha-w C:\Program Files\desktop.ini

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Journal

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Defender

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-17 20:11 --------- d-----w C:\Program Files\Windows Calendar

2008-04-17 19:49 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-04-17 19:49 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-04-17 19:11 47,560 ----a-w C:\Windows\System32\SPReview.exe

2008-04-17 19:11 152,576 ----a-w C:\Windows\System32\SPWizUI.dll

2008-04-13 14:09 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-04-13 14:09 --------- d-----w C:\Program Files\Realtek

2008-04-11 14:57 2,025 ---ha-w C:\Program Files\Battlefield 2142 Demo.lnk

2008-04-11 14:52 --------- d--h--w C:\Program Files\Electronic Arts

2008-04-09 15:24 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-04-06 17:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\muvee Technologies

2008-04-06 17:00 --------- d---a-w C:\Program Files\Common Files\LightScribe

2008-04-06 16:46 --------- d-----w C:\ProgramData\Zenturi

2008-04-06 14:26 --------- d-----w C:\ProgramData\Roxio

2008-04-06 14:09 --------- d-----w C:\Program Files\QuickTime

2008-04-06 14:08 --------- d-----w C:\ProgramData\Apple Computer

2008-04-06 14:08 --------- d-----w C:\ProgramData\Apple

2008-04-06 14:08 --------- d-----w C:\Program Files\Apple Software Update

2008-04-06 12:56 --------- d-----w C:\Program Files\Photo Story 3 for Windows

2008-03-30 17:07 36,368 ----a-w C:\Windows\system32\drivers\tmpreflt.sys

2008-03-30 17:07 204,816 ----a-w C:\Windows\system32\drivers\tmxpflt.sys

2008-03-30 16:50 1,169,240 ----a-w C:\Windows\system32\drivers\vsapint.sys

2008-03-25 06:44 22,328 ----a-w C:\Users\Gebruiker\AppData\Roaming\PnkBstrK.sys

2008-03-22 13:07 --------- d-----w C:\Program Files\Microsoft Games

2008-03-09 11:56 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe

2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll

2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll

2002-08-23 11:37 20,480 ----a-w C:\Program Files\Setup OCX.exe

2008-01-26 20:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-26 20:21 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-26 20:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((( snapshot@2008-05-18_10.32.50.66 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-18 08:22:51 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-05-18 09:14:50 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-05-18 13:11:13 6,230,016 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT

+ 2007-08-28 22:38:10 500,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\MORPH9.DLL

+ 2007-08-28 22:38:46 9,584,512 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\MSPUB.EXE

+ 2007-08-24 02:43:28 138,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\PRTF9.DLL

+ 2007-08-28 22:39:14 625,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\PTXT9.DLL

+ 2007-08-24 02:43:36 593,296 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\PUBCONV.DLL

+ 2007-08-28 22:16:00 350,064 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WINWORD.EXE

+ 2007-09-06 17:03:02 4,280,176 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WRD12CNV.DLL

+ 2007-08-28 23:07:58 24,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WRD12EXE.EXE

+ 2007-09-06 16:56:32 17,490,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\WWLIB.DLL

- 2008-04-09 13:03:05 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-05-18 08:49:53 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

- 2008-04-09 13:03:06 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-05-18 08:49:54 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-04-09 13:03:05 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

+ 2008-05-18 08:49:54 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

- 2008-04-09 13:03:06 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-05-18 08:49:54 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-04-09 13:03:06 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-05-18 08:49:54 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-04-09 13:03:05 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-05-18 08:49:54 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

- 2008-04-09 13:03:05 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-05-18 08:49:54 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

- 2008-04-09 13:03:06 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-05-18 08:49:54 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

- 2008-04-09 13:03:06 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-05-18 08:49:54 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-04-09 13:03:05 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-05-18 08:49:53 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-05-18 09:14:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-05-18 09:14:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-05-18 07:51:52 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-05-18 08:32:36 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-05-18 08:23:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-05-18 09:15:17 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-05-18 08:13:13 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-05-18 08:32:32 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-05-18 08:23:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-05-18 09:15:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-05-18 09:15:33 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-05-17 08:37:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-05-18 09:14:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-05-09 12:35:06 16,863,864 ----a-w C:\Windows\System32\MRT.exe

- 2008-05-17 14:41:02 101,896 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-05-18 09:21:39 101,896 ----a-w C:\Windows\System32\perfc009.dat

- 2008-05-17 14:41:02 127,694 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-05-18 09:21:39 127,694 ----a-w C:\Windows\System32\perfc013.dat

- 2008-05-17 14:41:02 589,884 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-05-18 09:21:39 589,884 ----a-w C:\Windows\System32\perfh009.dat

- 2008-05-17 14:41:02 670,076 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-05-18 09:21:39 670,076 ----a-w C:\Windows\System32\perfh013.dat

- 2008-05-09 20:50:55 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2008-05-18 09:29:26 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2008-05-17 14:38:24 6,454 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3694928960-2974550801-1051636681-1001_UserData.bin

+ 2008-05-18 09:16:52 6,884 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3694928960-2974550801-1051636681-1001_UserData.bin

- 2008-05-17 14:38:24 58,262 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-05-18 09:16:52 58,626 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-05-17 08:39:29 40,050 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-05-18 09:16:48 40,470 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-04-27 15:39:49 117,722,708 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-05-18 08:31:20 117,741,779 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-04-16 00:49:12 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat

+ 2008-04-16 00:44:28 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat

+ 2008-04-16 00:44:37 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat

+ 2008-04-16 00:43:45 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

"CCUTRAYICON"="FactoryMode" []

"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]

"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]

"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-07 10:21 1398024]

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bouwsoft Beheer.lnk - C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe [25-1-2008 16:38:21 10015392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [14-5-2008 16:30:58 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3694928960-2974550801-1051636681-1001]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DE642749-01B6-4FC2-8B15-6A74F7173769}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{20AF0041-6FA3-4DE1-86BF-27F2F7FD16C4}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{DB36053B-F0BC-4179-91A0-8B755E4ECA4F}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{4E3444E5-27E9-43E7-AC6B-93F74FE6AB9C}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{13454464-D1F8-4323-9E59-314D00E502C5}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{41B27A3A-8688-41DF-A757-561B4FC5574E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{15D4E102-7FDB-4F40-829B-4652E288E46A}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{7685D255-C159-4760-8696-88B18F67B360}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{6BD13F10-2D95-48D9-B4B2-EE76D5AB76D5}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{1B60BDA7-E463-491B-A696-F9F3CFFF2188}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"UDP Query User{12D48E57-ADF7-4A8E-92BD-ECBDAB67156C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"{E5A04F56-B8E9-44AB-8D55-1D0195D079D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{C55F5D5F-6E1C-49AF-ADE8-7B7ADE73544A}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= UDP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II

"UDP Query User{37DD5496-7E18-4BB2-B9B7-14BC61499270}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= TCP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II

"{0B630055-7416-42BA-9619-9E73BBC13736}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{316ABA47-91A3-465B-9904-6924E024495F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{99CCD721-0DF7-4335-9E37-41B144161AD9}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{4324580A-28AB-4CA7-825D-574DC97513A4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{1F3CB6BA-650D-455C-8E0A-523CAFA2F709}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{117F7807-CEAA-4B33-BF9B-EA2432BEE99C}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{E1E5957B-F793-4DCE-AAB4-8E94D7069A3A}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{43063352-C39B-47A4-ACA5-36BE5C34A3BA}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"TCP Query User{546E87A8-E7FB-4998-B019-73085EE67288}C:\\program files\\microsoft games\\fs2002\\fs2002.exe"= UDP:C:\program files\microsoft games\fs2002\fs2002.exe:Microsoft Flight Simulator Module

"UDP Query User{9B2F054B-AB04-4FE6-AFF5-63887ADA7AE8}C:\\program files\\microsoft games\\fs2002\\fs2002.exe"= TCP:C:\program files\microsoft games\fs2002\fs2002.exe:Microsoft Flight Simulator Module

"TCP Query User{7920E374-C72B-46B2-915A-53F361913F03}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{10DBE611-8BBB-479E-A3BB-6A3A0173F446}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"{20791D52-89CA-47AB-BB40-C7D30E8A5E5A}"= UDP:C:\Program Files\Microsoft Games\FS2002\fs2000.exe:fs2000

"{9A5BCD6A-3250-45BB-B8B2-ABADA3C771CB}"= TCP:C:\Program Files\Microsoft Games\FS2002\fs2000.exe:fs2000

"TCP Query User{B47AC410-09FF-4C7D-AE59-1E68C9909F87}C:\\program files\\electronic arts\\battlefield 2142\\bf2142.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142.exe:BF2142

"UDP Query User{9F8B0B2D-64C8-4C03-8B35-35853B5E314C}C:\\program files\\electronic arts\\battlefield 2142\\bf2142.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142.exe:BF2142

"{F09D86ED-70F6-468E-B338-A3AEC43003B1}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2

"{A8ECB0EC-2326-44EF-B41B-858328A71AE7}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2

"TCP Query User{AACE6516-BE4C-4D5B-8E6B-97C35FB10C15}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{671BA2AF-E5C6-4C1F-905C-9BA32E20C36A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{0AA75443-5A59-4256-9E56-CE3756518AB5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{2E6C835B-65F8-4E2D-A559-FADD39CC1B48}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{6BA28BEC-173B-4CDA-B988-73149D585459}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET

"UDP Query User{070470BD-D8F5-4D79-9042-4A52AB513F5A}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET

"{969C9FCB-2849-4C58-8A32-3772835F2C3F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2008-03-07 10:21]

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]

R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 17:19]

R2 pgsql-8.1;pg82;"C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe" runservice -N "pgsql-8.1" -D "E:\bsdata\" []

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2008-03-07 10:21]

R2 UseSocketService;UseSocketService;C:\Program Files\Bouwsoft\UseSocketService.exe [2007-11-21 17:25]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 11:49]

R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]

S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 15:16:26

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-18 15:17:48

ComboFix-quarantined-files.txt 2008-05-18 13:17:41

ComboFix2.txt 2008-05-18 08:34:05

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

316 --- E O F --- 2008-05-18 08:50:05

[lolleflikker]

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:19:06, on 18/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\mobsync.exe

C:\hp\kbd\kbd.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3694928960-2974550801-1051636681-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')

O4 - Startup: Bouwsoft Beheer.lnk = C:\oude pc\System\Program Files\Bouwsoft\Bouwsoft Upgrade\Beheer.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6E984CC8-4987-40B9-B9AA-6728A957CA27} (PcVerChk Control) - http://jp.trendmicro.com/jp/support/personal/products/vistasp1/redirect/PcVerChk.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: pg82 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Trend Micro Centrale besturing (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: UseSocketService - Unknown owner - C:\Program Files\Bouwsoft\UseSocketService.exe

--

End of file - 8703 bytes

[kape]

Ziet er nu eigenlijk heel goed uit. Hoe zit het met de problemen ?

[lolleflikker]

Alles blijkt precies weer normaal te werken. Ik scan nog even met Spybot Search And Destroy om te kijken of hij nog wat vindt.

[lolleflikker]

Oke, Spybot Search And Destroy vond niks meer! Dus, ik denk dat die Virtumonde er helemaal af is. Echt heel erg bedankt! Nu 1 dag later werkt alles weer priema en snel! Want ik merkte wel dat de PC trager opstarte enzo. Bedankt!

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Download CCleaner.

Installeer het en start het op. Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

En als je dit achter de rug hebt, mag je een slotje op dit onderwerp zetten

[kape]

Verder geen reactie, dan lijkt alles OK en gaat er een"slotje" op dit onderwerp.