Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
fazantje
(tu)
Als alles klaar is, denk ook aan prullenbak legen, herstelpunten verwijderen en wachtwoorden veranderen.
Groetjes Huib;)
Computer loopt weer als een trein! Alvast vriendelijk bedankt.
Wist bij TDSS niet hoe een update te doen maar misschien is dit al de meest recente versie?
En hoe volg ik de instructies van Ben op?
Log TDSSKiller en vervolgens Hijack:
2011/08/30 20:04:57.0328 5244 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/30 20:04:57.0500 5244 ================================================================================
2011/08/30 20:04:57.0500 5244 SystemInfo:
2011/08/30 20:04:57.0500 5244
2011/08/30 20:04:57.0500 5244 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/30 20:04:57.0500 5244 Product type: Workstation
2011/08/30 20:04:57.0500 5244 ComputerName: CNU8403GS3-NG
2011/08/30 20:04:57.0703 5244 UserName: mea
2011/08/30 20:04:57.0703 5244 Windows directory: C:\WINDOWS
2011/08/30 20:04:57.0703 5244 System windows directory: C:\WINDOWS
2011/08/30 20:04:57.0703 5244 Processor architecture: Intel x86
2011/08/30 20:04:57.0703 5244 Number of processors: 2
2011/08/30 20:04:57.0703 5244 Page size: 0x1000
2011/08/30 20:04:57.0703 5244 Boot type: Normal boot
2011/08/30 20:04:57.0703 5244 ================================================================================
2011/08/30 20:04:57.0984 5244 Initialize success
2011/08/30 20:05:04.0171 5392 ================================================================================
2011/08/30 20:05:04.0171 5392 Scan started
2011/08/30 20:05:04.0171 5392 Mode: Manual;
2011/08/30 20:05:04.0171 5392 ================================================================================
2011/08/30 20:05:04.0546 5392 Accelerometer (a0baabb7d3549460e3f8c5ad6f778683) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2011/08/30 20:05:04.0609 5392 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/30 20:05:04.0656 5392 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/30 20:05:04.0718 5392 ADIHdAudAddService (ff60db2aca88543c025eacba25cee5c1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/30 20:05:04.0796 5392 ADM851X (e8b85009b41a010ee95fe3fc5c7808ad) C:\WINDOWS\system32\DRIVERS\ADM851X.SYS
2011/08/30 20:05:04.0906 5392 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/08/30 20:05:04.0968 5392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/30 20:05:05.0031 5392 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/30 20:05:05.0171 5392 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/30 20:05:05.0656 5392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/30 20:05:05.0734 5392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/30 20:05:05.0828 5392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/30 20:05:05.0890 5392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/30 20:05:05.0937 5392 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/30 20:05:05.0984 5392 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/30 20:05:06.0046 5392 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/30 20:05:06.0093 5392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/30 20:05:06.0156 5392 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/30 20:05:06.0203 5392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/30 20:05:06.0250 5392 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/30 20:05:06.0359 5392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/30 20:05:06.0406 5392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/30 20:05:06.0468 5392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/30 20:05:06.0562 5392 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/30 20:05:06.0718 5392 cmudau (25cae5c2fec8c1b3d376ae9fd45278cd) C:\WINDOWS\system32\drivers\cmudaxu.sys
2011/08/30 20:05:06.0765 5392 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/30 20:05:06.0953 5392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/30 20:05:07.0046 5392 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/30 20:05:07.0125 5392 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/30 20:05:07.0171 5392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/30 20:05:07.0218 5392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/30 20:05:07.0312 5392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/30 20:05:07.0359 5392 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2011/08/30 20:05:07.0406 5392 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2011/08/30 20:05:07.0500 5392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/30 20:05:07.0578 5392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/30 20:05:07.0625 5392 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/30 20:05:07.0656 5392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/30 20:05:07.0703 5392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/30 20:05:07.0750 5392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/30 20:05:07.0812 5392 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/30 20:05:07.0875 5392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/30 20:05:07.0953 5392 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/08/30 20:05:08.0015 5392 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/30 20:05:08.0078 5392 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/30 20:05:08.0156 5392 hpdskflt (9f620e11b80b74f4dab50a81a5df357f) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2011/08/30 20:05:08.0265 5392 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/08/30 20:05:08.0328 5392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/30 20:05:08.0453 5392 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/30 20:05:08.0734 5392 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/30 20:05:08.0890 5392 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/30 20:05:08.0937 5392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/30 20:05:09.0078 5392 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/30 20:05:09.0125 5392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/30 20:05:09.0171 5392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/30 20:05:09.0234 5392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/30 20:05:09.0281 5392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/30 20:05:09.0328 5392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/30 20:05:09.0359 5392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/30 20:05:09.0421 5392 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/30 20:05:09.0484 5392 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/30 20:05:09.0546 5392 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/30 20:05:09.0593 5392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/30 20:05:09.0640 5392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/30 20:05:09.0812 5392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/30 20:05:09.0890 5392 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/30 20:05:09.0953 5392 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/30 20:05:10.0015 5392 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/30 20:05:10.0062 5392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/30 20:05:10.0156 5392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/30 20:05:10.0234 5392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/30 20:05:10.0296 5392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/30 20:05:10.0359 5392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/30 20:05:10.0390 5392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/30 20:05:10.0421 5392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/30 20:05:10.0468 5392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/30 20:05:10.0515 5392 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/30 20:05:10.0609 5392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/30 20:05:10.0656 5392 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/30 20:05:10.0734 5392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/30 20:05:10.0781 5392 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/30 20:05:10.0843 5392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/30 20:05:10.0890 5392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/30 20:05:10.0953 5392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/30 20:05:11.0000 5392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/30 20:05:11.0078 5392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/30 20:05:11.0125 5392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/30 20:05:11.0328 5392 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/08/30 20:05:11.0500 5392 NGS (7b3238743de29edbd48f7524bae0d60e) c:\program files\norman\nvc\bin\ngs.sys
2011/08/30 20:05:11.0578 5392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/30 20:05:11.0640 5392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/30 20:05:11.0765 5392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/30 20:05:11.0812 5392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/30 20:05:11.0875 5392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/30 20:05:11.0953 5392 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/30 20:05:12.0015 5392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/30 20:05:12.0093 5392 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/30 20:05:12.0156 5392 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/30 20:05:12.0265 5392 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/30 20:05:12.0343 5392 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/30 20:05:12.0687 5392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/30 20:05:12.0734 5392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/30 20:05:12.0765 5392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/30 20:05:13.0031 5392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/30 20:05:13.0062 5392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/30 20:05:13.0109 5392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/30 20:05:13.0156 5392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/30 20:05:13.0187 5392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/30 20:05:13.0234 5392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/30 20:05:13.0281 5392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/30 20:05:13.0375 5392 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/30 20:05:13.0453 5392 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/30 20:05:13.0546 5392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/30 20:05:13.0593 5392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/30 20:05:13.0640 5392 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/30 20:05:13.0750 5392 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2011/08/30 20:05:13.0812 5392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/30 20:05:13.0890 5392 sftfs (db6f7f071e82a5a0f23ce7b8058c28eb) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfsXP.sys
2011/08/30 20:05:13.0937 5392 sftplay (2cc61154d33a0b6c13eeaaf5beaa52bd) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplayXP.sys
2011/08/30 20:05:14.0000 5392 Sftredir (188dfc4d8306a92304d4218e67892acd) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
2011/08/30 20:05:14.0031 5392 sftvol (c47b1c4c7b5617dcc24a5e46c23c9009) C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvolXP.sys
2011/08/30 20:05:14.0156 5392 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/30 20:05:14.0296 5392 SNP2UVC (869d33035d5ca4b5bc58777b8fd1f47f) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/08/30 20:05:14.0406 5392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/30 20:05:14.0500 5392 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/30 20:05:14.0500 5392 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
2011/08/30 20:05:14.0515 5392 sptd - detected LockedFile.Multi.Generic (1)
2011/08/30 20:05:14.0562 5392 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/30 20:05:14.0640 5392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/30 20:05:14.0687 5392 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/30 20:05:14.0750 5392 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/30 20:05:14.0812 5392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/30 20:05:14.0890 5392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/30 20:05:15.0093 5392 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/30 20:05:15.0156 5392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/30 20:05:15.0234 5392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/30 20:05:15.0281 5392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/30 20:05:15.0343 5392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/30 20:05:15.0500 5392 TdxMrMINI (8c2b6c0b7b2e09e03d7b3629a154400d) C:\WINDOWS\system32\DRIVERS\TdxMrMini.sys
2011/08/30 20:05:15.0546 5392 TdxVGAMINI (0cd2a6e2ac432e934ecdcbecb49f71f6) C:\WINDOWS\system32\DRIVERS\TdxVgaMini.sys
2011/08/30 20:05:15.0593 5392 TdxVGAUSB (8421ed8031af5d08a51b6346aff57fcc) C:\WINDOWS\system32\drivers\TdxVGAUSB.sys
2011/08/30 20:05:15.0656 5392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/30 20:05:15.0765 5392 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
2011/08/30 20:05:15.0859 5392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/30 20:05:15.0937 5392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/30 20:05:16.0000 5392 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/30 20:05:16.0062 5392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/30 20:05:16.0093 5392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/30 20:05:16.0156 5392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/30 20:05:16.0187 5392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/30 20:05:16.0218 5392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/30 20:05:16.0234 5392 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/30 20:05:16.0265 5392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/30 20:05:16.0328 5392 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/30 20:05:16.0390 5392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/30 20:05:16.0468 5392 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/30 20:05:16.0562 5392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/30 20:05:16.0671 5392 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/30 20:05:16.0734 5392 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/30 20:05:16.0796 5392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/30 20:05:16.0859 5392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/30 20:05:17.0046 5392 yukonwxp (d57a909f1a9114d5d18a2eacb1afecd5) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/08/30 20:05:17.0093 5392 MBR (0x1B8) (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0
2011/08/30 20:05:17.0109 5392 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/08/30 20:05:17.0125 5392 Boot (0x1200) (6a8a82015243feb69a22a53f8b34ba8d) \Device\Harddisk0\DR0\Partition0
2011/08/30 20:05:17.0156 5392 Boot (0x1200) (d2d637f0c8abad2662888f88faa9b3e0) \Device\Harddisk0\DR0\Partition1
2011/08/30 20:05:17.0156 5392 ================================================================================
2011/08/30 20:05:17.0156 5392 Scan finished
2011/08/30 20:05:17.0156 5392 ================================================================================
2011/08/30 20:05:17.0187 5388 Detected object count: 2
2011/08/30 20:05:17.0187 5388 Actual detected object count: 2
2011/08/30 20:05:23.0859 5388 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/30 20:05:23.0890 5388 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/08/30 20:05:23.0890 5388 \Device\Harddisk0\DR0 - ok
2011/08/30 20:05:23.0890 5388 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/30 20:05:27.0828 5240 Deinitialize success
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:13:19, on 30-8-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TDxVGAUTIL.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,“C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe”,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe” /autostart
O4 - HKLM\..\Run: C:\WINDOWS\system32\TDxVGAUTIL.EXE
O4 - HKLM\..\Run: RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe” -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: C:\Recycle.Bin\Recycle.Bin.exe (User ‘Lokale service’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237553506019
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ng.local
O17 - HKLM\Software\..\Telephony: DomainName = ng.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ng.local
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: eBeam Device Service - Luidia, Inc. - C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
–
End of file - 7322 bytes
Hallo Pieter,
Als eerste doe even geen Bankzaken met deze pc !!(tot alles weer goed is)
Herstart je pc en doe het volgende;
Download combofix HIER
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis logje.
En vertel er bij hoe het staat met je problemen.
Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Voordat je met ComboFix aan de slag gaat
Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht
Log van zoeken:
==================
Zoek.exe by smeenk
Updated 22-03-2011
==================
Windows: Windows XP Professional Service Pack 3 (Build 2600)
Internet Explorer: 8.0.6001.18702
Memory (RAM): 1978 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz
CPU Speed: 507,3 MHz
Sound Card: SoundMAX HD Audio
Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | TARGUS USB2.0 VGA DOCK DEVICE(DISPLAY). | TARGUS USB2.0 VGA DOCK DEVICE(Mirror). | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug en Play-monitor | Plug en Play-monitor | Standaardbeeldscherm | Standaardbeeldscherm |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Intel(R) WiFi Link 5100 AGN - Pakketplanner-minipoort | Marvell Yukon 88E8042 PCI-E Fast Ethernet Controller - Pakketplanner-minipoort
CD / DVD Drives: R: Optiarc DVD RW AD-7581S
Ports: COM3 NOT Present
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 60,0GB | D: 60,0GB | Q: 0,0MB
Hard Disks - Free: C: 37,3GB | D: 52,1GB | Q: 0,0MB
USB Controllers: 8 host controllers.
Firewire (1394): Not Detected
Manufacturer *: Hewlett-Packard
Product Make *: HP Compaq 6730s
AC Power Status: OnLine
BIOS Info: AT/AT COMPATIBLE | 06/12/08 | HPQOEM - f
Time Zone: West-Europa (standaardtijd)
Battery: Unknown
Motherboard *: Hewlett-Packard 30E8
System Serial Number: CNU8403GS3
Sun Java version: 1.6.0_12
Country: Nederland
Language: NLD
Files recently created/modified:
======C:\WINDOWS====
======C:\DOCUME~1\mea\LOCALS~1\Temp====
======C:\WINDOWS\system32=====
======C:\WINDOWS\system32\drivers=====
2011-08-28 17:17:13 41272 —-a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2011-08-28 17:17:00 22712 —-a-w- C:\WINDOWS\System32\drivers\mbam.sys
2011-08-16 15:37:52 66616 —-a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2011-08-16 15:37:52 45416 —-a-w- C:\WINDOWS\System32\drivers\avgntdd.sys
2011-08-16 15:37:52 28520 —-a-w- C:\WINDOWS\System32\drivers\ssmdrv.sys
2011-08-16 15:37:52 22360 —-a-w- C:\WINDOWS\System32\drivers\avgntmgr.sys
2011-08-16 15:37:52 138192 —-a-w- C:\WINDOWS\System32\drivers\avipbb.sys
2011-08-15 12:44:43 96200 —-a-w- C:\WINDOWS\System32\drivers\CDAVFS.sys
======C:\WINDOWS\Tasks======
======C:\WINDOWS\Temp======
=======C:\Program Files=====
2011-08-29 20:10:21 ——– d—–w- C:\Program Files\Lavalys
2011-08-29 15:49:57 ——– d—–w- C:\Program Files\CCleaner
2011-08-28 17:16:59 ——– d—–w- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-16 15:37:51 ——– d—–w- C:\Program Files\Avira
2011-08-15 11:15:22 ——– d—–w- C:\Program Files\Spybot - Search & Destroy
2011-08-15 11:00:07 ——– d—–w- C:\Program Files\Sophos
2011-08-14 20:12:15 ——– d—–w- C:\Program Files\Panda Security
2011-08-10 17:19:21 ——– d—–w- C:\Program Files\InternetCalls.com
=======H:=====
======C:\Documents and Settings\mea\Application Data======
2011-08-16 17:31:59 ——– d—–w- C:\Documents and Settings\mea\Application Data\Avira
2011-08-16 15:37:51 ——– d—–w- C:\Documents and Settings\All Users\Application Data\Avira
2011-08-15 11:15:22 ——– d—–w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-08-15 10:57:54 ——– d—–w- C:\Documents and Settings\mea\Application Data\QuickScan
2011-08-15 10:45:20 ——– d—–w- C:\Documents and Settings\mea\Application Data\Sammsoft
2011-08-14 21:50:25 ——– d—–w- C:\Documents and Settings\mea\Application Data\AVG10
2011-08-14 21:48:12 ——– d–h–w- C:\Documents and Settings\All Users\Application Data\Common Files
2011-08-14 21:46:39 ——– d—–w- C:\Documents and Settings\All Users\Application Data\AVG10
2011-08-14 21:40:37 ——– d—–w- C:\Documents and Settings\All Users\Application Data\MFAData
2011-08-10 17:19:25 ——– d—–w- C:\Documents and Settings\mea\Application Data\InternetCalls
======C:\Documents and Settings\mea======
======C:\WINDOWS\Downloaded Program Files====
=============
======C:==exe-files==
2011-08-30 18:29:05 1406768 —-a-w- C:\Documents and Settings\mea\Bureaublad\TDSSKiller.exe
2011-08-30 18:04:51 1406768 —-a-w- C:\Documents and Settings\mea\Local Settings\Temp\Rar$EX09.593\TDSSKiller.exe
2011-08-30 18:03:35 1406768 —-a-w- C:\Documents and Settings\mea\Local Settings\Temp\Rar$EX02.921\TDSSKiller.exe
2011-08-29 15:49:16 3480352 —-a-w- C:\Documents and Settings\mea\Bureaublad\ccsetup310.exe
2011-08-28 18:01:03 709968 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
2011-08-28 17:17:13 366640 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2011-08-28 17:17:05 449584 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2011-08-28 17:17:03 1047656 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
2011-08-26 10:33:49 16409960 —-a-w- C:\Documents and Settings\mea\Bureaublad\spybotsd162.exe
===C:=other files==
2011-08-30 18:02:57 1390139 —-a-w- C:\Documents and Settings\mea\Bureaublad\tdsskiller.zip
2011-08-28 17:17:13 41272 —-a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-28 17:17:12 46416 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
2011-08-28 17:17:08 2224176 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
2011-08-28 17:17:07 521264 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
2011-08-28 17:17:07 174128 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
2011-08-28 17:17:00 77648 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
2011-08-28 17:17:00 22712 —-a-w- C:\WINDOWS\system32\drivers\mbam.sys
==================
“Silent Runners.vbs”, revision 63, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
———————————
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe”
“InternetCalls” = “”C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe“ -nosplash -minimized”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe”
“Persistence” = “C:\WINDOWS\system32\igfxpers.exe”
“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“SoftGridTray” = “”C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe“ /autostart”
“TDxVGAUTIL” = “C:\WINDOWS\system32\TDxVGAUTIL.EXE”
“CmUsbSound” = “RunDll32 cmcnfgu.cpl,CMICtrlWnd”
“WatchDog” = “C:\Program Files\InterVideo\DVD Check\DVDCheck.exe”
“avgnt” = “”C:\Program Files\Avira\AntiVir Desktop\avgnt.exe“ /min”
“TkBellExe” = “”C:\Program Files\Common Files\Real\Update_OB\realsched.exe“ -osboot”
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = “Outlook Express”
\StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM…CLSID} = “RealPlayer Download and Record Plugin for Internet Explorer”
\InProcServer32\(Default) = “C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll”
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = “Windows Live Aanmelden - Help”
\InProcServer32\(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll”
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = “Java™ Plug-In 2 SSV Helper”
\InProcServer32\(Default) = “C:\Program Files\Java\jre6\bin\jp2ssv.dll”
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = “JQSIEStartDetectorImpl”
-> {HKLM…CLSID} = “JQSIEStartDetectorImpl Class”
\InProcServer32\(Default) = “C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal-pictogramuitbreiding”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32\(Default) = “C:\WINDOWS\system32\hticons.dll”
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Outlook-extensie voor bestandspictogrammen”
\InProcServer32\(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL”
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll”
“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll”
“{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”
-> {HKLM…CLSID} = “Microsoft Office Metadata Handler”
\InProcServer32\(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll”
“{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”
-> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”
\InProcServer32\(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll”
“{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Universele Plug en Play-apparaten”
-> {HKLM…CLSID} = “Universele Plug en Play-apparaten”
\InProcServer32\(Default) = “C:\WINDOWS\system32\upnpui.dll”
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32\(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll”
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = “C:\Program Files\WinRAR\rarext.dll”
“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32\(Default) = “C:\Program Files\Avira\AntiVir Desktop\shlext.dll”
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32\(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”
-> {HKLM…CLSID} = “WPDShServiceObj Class”
\InProcServer32\(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll”
<> “Userinit” = “C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe“,” , , , , ,
<> igfxcui\DLLName = “igfxdev.dll”
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\0\
DisplayName = “ng-user medewerker startup script”
0\ -> launches: “\\ng.local\ng\system\distribution\clientsetup\symantec-av\run-user-startup-script.bat”
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL”
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<> livecall\CLSID = “{828030A1-22C1-4009-854F-8E305202313F}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = “C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL”
<> msnim\CLSID = “{828030A1-22C1-4009-854F-8E305202313F}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = “C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL”
<> mso-offdap\CLSID = “{3D9F03FA-7A94-11D3-BE81-0050048385D1}”
-> {HKLM…CLSID} = “Data Page Pluggable Protocol mso-offdap Handler”
\InProcServer32\(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL”
<> mso-offdap11\CLSID = “{32505114-5902-49B2-880A-1F7738E5A384}”
-> {HKLM…CLSID} = “Data Page Plugable Protocal mso-offdap11 Handler”
\InProcServer32\(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL”
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32\(Default) = “C:\Program Files\Avira\AntiVir Desktop\shlext.dll”
WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = “C:\Program Files\WinRAR\rarext.dll”
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = “{57CE581A-0CB6-4266-9CA0-19364C90A0B3}”
-> {HKLM…CLSID} = “MBAMShlExt Class”
\InProcServer32\(Default) = “C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll”
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = “C:\Program Files\WinRAR\rarext.dll”
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = “C:\Program Files\WinRAR\rarext.dll”
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = “{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}”
-> {HKLM…CLSID} = “GraphicsShellExt Class”
\InProcServer32\(Default) = “C:\WINDOWS\system32\igfxpph.dll”
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = “{57CE581A-0CB6-4266-9CA0-19364C90A0B3}”
-> {HKLM…CLSID} = “MBAMShlExt Class”
\InProcServer32\(Default) = “C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll”
Shell Extension for Malware scanning\(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32\(Default) = “C:\Program Files\Avira\AntiVir Desktop\shlext.dll”
WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = “C:\Program Files\WinRAR\rarext.dll”
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = “C:\Program Files\WinRAR\rarext.dll”
Group Policies {GPedit.msc branch and setting}:
———————————————–
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“DisablePersonalDirChange” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
“NoDesktopCleanupWizard” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
“NoWelcomeScreen” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
“NoSMConfigurePrograms” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
“Intellimenus” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
“NoWindowsUpdate” = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove links and access to Windows Update}
“RestrictWelcomeCenter” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\
“FormSuggest” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\
“Use FormSuggest” = (REG_SZ) no
{unrecognized setting}
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
“Enabled” = (REG_DWORD) dword:0x00000002
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|
Turn off Managing Phishing filter}
Active Desktop and Wallpaper:
—————————–
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
———————
HKCU\Control Panel\Desktop\
Windows Portable Device AutoPlay Handlers
—————————————–
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
IviDVDEventHandler\
“Provider” = “InterVideo WinDVD”
“InvokeProgID” = “Ivi.MediaFile”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = “”C:\Program Files\InterVideo\WinDVD\WinDVD.exe“ %1”
IviVideoCDHandler\
“Provider” = “InterVideo WinDVD”
“InvokeProgID” = “Ivi.MediaFile”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = “”C:\Program Files\InterVideo\WinDVD\WinDVD.exe“ %1”
MSWPDShellNamespaceHandler\
“Provider” = “@%SystemRoot%\System32\WPDShextRes.dll,-501”
“CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}”
“InitCmdLine” = “ ”
-> {HKLM…CLSID} = “WPDShextAutoplay”
\LocalServer32\(Default) = “C:\WINDOWS\system32\WPDShextAutoplay.exe”
RPCDBurningOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.CDBurn.6”
“InvokeVerb” = “open”
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = “”C:\Program Files\Real\RealPlayer\RealPlay.exe“ /burn ”%1“”
RPDeviceOnArrival\
“Provider” = “RealPlayer”
“ProgID” = “RealPlayer.HWEventHandler”
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = “{67E76F1D-BDE2-4052-913C-2752366192D2}”
-> {HKLM…CLSID} = “RealNetworks Scheduler”
\LocalServer32\(Default) = “”C:\Program Files\Common Files\Real\Update_OB\realsched.exe“ -autoplay”
RPDVDBurningOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.DVDBurn.6”
“InvokeVerb” = “open”
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = “”C:\Program Files\Real\RealPlayer\RealPlay.exe“ /burndvd ”%1“”
RPPlayCDAudioOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.AudioCD.6”
“InvokeVerb” = “play”
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = “”C:\Program Files\Real\RealPlayer\RealPlay.exe“ /play %1 ”
RPPlayDVDMovieOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.DVD.6”
“InvokeVerb” = “play”
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = “”C:\Program Files\Real\RealPlayer\RealPlay.exe“ /dvd %1 ”
RPPlayMediaOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.AutoPlay.6”
“InvokeVerb” = “open”
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = “”C:\Program Files\Real\RealPlayer\RealPlay.exe“ /autoplay ”%1“”
Startup items in “mea” & “All Users” startup folders:
—————————————————–
C:\Documents and Settings\mea\Menu Start\Programma's\Opstarten
“Check for TWS Updates” -> shortcut to: “C:\Jts\WiseUpdt.exe /C”
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
“DVD Check” -> shortcut to: “C:\Program Files\InterVideo\DVD Check\DVDCheck.exe”
Enabled Scheduled Tasks:
————————
“Ad-Aware Update (Weekly)” -> launches: “C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair”
“GoogleUpdateTaskMachineCore” -> launches: “C:\Program Files\Google\Update\GoogleUpdate.exe /c”
“GoogleUpdateTaskMachineUA” -> launches: “C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler”
“RealUpgradeScheduledTaskS-1-5-21-2311236319-1964631944-1170399388-1232” -> launches: “C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck”
Winsock2 Service Provider DLLs:
——————————-
Namespace Service Providers
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll”
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll”
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll”
Transport Service Providers
%SystemRoot%\system32\mswsock.dll , 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll , 04 - 05
Toolbars, Explorer Bars, Extensions:
————————————
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Implemented Categories\{00021493-0000-0000-C000-000000000046}\
InProcServer32\(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL”
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe”
Running Services (Display Name, Service Name, Path {Service DLL}):
——————————————————————
Agere Modem Call Progress Audio, AgereModemAudio, “C:\WINDOWS\system32\agrsmsvc.exe”
Application Virtualization Client, sftlist, “”C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe“”
Application Virtualization Service Agent, sftvsa, “”C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe“”
Avira AntiVir Guard, AntiVirService, “”C:\Program Files\Avira\AntiVir Desktop\avguard.exe“”
Avira AntiVir Scheduler, AntiVirSchedulerService, “”C:\Program Files\Avira\AntiVir Desktop\sched.exe“”
eBeam Device Service, eBeam Device Service, “C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe”
IviRegMgr, IviRegMgr, “C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe”
Java Quick Starter, JavaQuickStarterService, “”C:\Program Files\Java\jre6\bin\jqs.exe“ -service -config ”C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf“”
WMI-prestatieadapter, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe”
Print Monitors:
—————
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll”
Hoi Ben en Argus,
Problemen lijken opgelost, allereerst combofixlog vervolgens Hijack:
ComboFix 11-09-04.03 - mea 04-09-2011 21:57:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.1473
Gestart vanuit: c:\documents and settings\mea\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mea\Application Data\7352.E00
c:\windows\IsUn0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-04 to 2011-09-04 ))))))))))))))))))))))))))))))
.
.
2011-08-29 20:10 . 2011-08-29 20:10 ——– d—–w- c:\program files\Lavalys
2011-08-29 15:52 . 2011-08-31 22:09 ——– d–h–r- c:\documents and settings\mea\Onlangs geopend
2011-08-29 15:49 . 2011-08-29 15:50 ——– d—–w- c:\program files\CCleaner
2011-08-28 17:17 . 2011-07-06 17:52 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-28 17:17 . 2011-07-06 17:52 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-08-28 17:16 . 2011-08-28 18:01 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-08-26 11:55 . 2011-08-26 11:55 ——– d-sh–w- c:\documents and settings\LocalService\IETldCache
2011-08-16 17:31 . 2011-08-16 17:31 ——– d—–w- c:\documents and settings\mea\Application Data\Avira
2011-08-16 15:37 . 2011-08-16 17:33 66616 —-a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-16 15:37 . 2011-08-16 17:33 138192 —-a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-16 15:37 . 2010-06-17 13:27 45416 —-a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-16 15:37 . 2010-06-17 13:27 22360 —-a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-16 15:37 . 2011-08-16 15:37 ——– d—–w- c:\program files\Avira
2011-08-16 15:37 . 2011-08-16 15:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
2011-08-16 14:58 . 2011-08-16 14:58 ——– d-sh–w- c:\documents and settings\mea\IECompatCache
2011-08-15 14:10 . 2011-08-15 14:39 ——– d—–w- C:\Jts
2011-08-15 12:44 . 2011-08-15 12:42 96200 —-a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-08-15 11:15 . 2011-08-29 15:44 ——– d—–w- c:\program files\Spybot - Search & Destroy
2011-08-15 11:15 . 2011-08-29 15:43 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-08-15 11:00 . 2011-08-15 11:00 ——– d—–w- c:\program files\Sophos
2011-08-15 10:57 . 2011-08-15 10:58 ——– d—–w- c:\documents and settings\mea\Application Data\QuickScan
2011-08-15 10:45 . 2011-08-15 10:48 ——– d—–w- c:\documents and settings\mea\Application Data\Sammsoft
2011-08-14 22:04 . 2011-08-14 22:04 ——– d-sh–w- c:\documents and settings\mea\PrivacIE
2011-08-14 21:55 . 2011-08-14 21:55 ——– d-sh–w- c:\documents and settings\mea\IETldCache
2011-08-14 21:50 . 2011-08-14 21:50 ——– d—–w- c:\documents and settings\mea\Application Data\AVG10
2011-08-14 21:48 . 2011-08-14 21:48 ——– d–h–w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-14 21:46 . 2011-08-15 21:08 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-14 21:46 . 2011-08-15 21:07 ——– d—–w- c:\windows\system32\drivers\AVG
2011-08-14 21:40 . 2011-08-15 21:08 ——– d—–w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-14 20:23 . 2010-10-18 11:10 7680 -c—-w- c:\windows\system32\dllcache\iecompat.dll
2011-08-14 20:23 . 2011-06-23 18:31 247808 -c—-w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-14 20:23 . 2011-06-23 18:31 12800 -c—-w- c:\windows\system32\dllcache\xpshims.dll
2011-08-14 20:23 . 2011-06-23 18:31 743424 -c—-w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-14 20:22 . 2011-08-14 20:23 ——– dc-h–w- c:\windows\ie8
2011-08-14 20:12 . 2011-08-14 20:12 ——– d—–w- c:\program files\Panda Security
2011-08-10 17:19 . 2011-09-02 22:21 ——– d—–w- c:\documents and settings\mea\Application Data\InternetCalls
2011-08-10 17:19 . 2011-08-10 17:19 ——– d—–w- c:\program files\InternetCalls.com
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-29 19:59 . 2011-05-05 19:22 1409 —-a-w- c:\windows\QTFont.for
2011-07-15 13:29 . 2008-04-15 12:00 456320 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-15 12:00 10496 —-a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-11-14 10:14 139656 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-15 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-15 12:00 43520 ——w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-15 12:00 385024 ——w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“InternetCalls”=“c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe”
.
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“SoftGridTray”=“c:\program files\Microsoft Application Virtualization Client\SFTTray.exe”
“TDxVGAUTIL”=“c:\windows\system32\TDxVGAUTIL.EXE”
“Synchronization Manager”=“c:\windows\system32\mobsync.exe”
“WatchDog”=“c:\program files\InterVideo\DVD Check\DVDCheck.exe”
“avgnt”=“c:\program files\Avira\AntiVir Desktop\avgnt.exe”
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
“BrowserChoice”=“c:\windows\system32\browserchoice.exe”
.
c:\documents and settings\mea\Menu Start\Programma's\Opstarten\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
“DisablePersonalDirChange”= 1 (0x1)
“NoWelcomeScreen”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“RestrictWelcomeCenter”= 1 (0x1)
.
“Script”=\\ng.local\ng\system\distribution\clientsetup\symantec-av\run-user-startup-script.bat
.
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe”=
.
“3389:TCP”= 3389:TCP:Remote Desktop
“65533:TCP”= 65533:TCP:Services
“52344:TCP”= 52344:TCP:Services
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R1 NGS;Norman General Security Driver;c:\program files\Norman\nvc\bin\ngs.sys
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe
R2 eBeam Device Service;eBeam Device Service;c:\program files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
R3 TdxMrMINI;TdxMrMINI;c:\windows\system32\drivers\TdxMrMini.sys
R3 TdxVGAMINI;TdxVGAMINI;c:\windows\system32\drivers\TdxVgaMini.sys
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\72.tmp –> c:\windows\system32\72.tmp
S3 TdxVGAUSB;TARGUS USB2.0 VGA DOCK DEVICE(USB);c:\windows\system32\drivers\TdxVGAUSB.SYS
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-09-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2311236319-1964631944-1170399388-1232.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2311236319-1964631944-1170399388-1232.job
- c:\program files\Real\RealUpgrade\realupgrade.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-CmUsbSound - cmcnfgu.cpl
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-MeMo Leerlingen-cd-rom 241059 - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-04 22:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
“ImagePath”=“\??\c:\windows\system32\72.tmp”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
Voltooingstijd: 2011-09-04 22:03:02
ComboFix-quarantined-files.txt 2011-09-04 20:02
.
Pre-Run: 39.948.791.808 bytes beschikbaar
Post-Run: 40.069.308.416 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
.
- - End Of File - - 406AEEFB2704BB003FAFC90F61FC9B48
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:05:34, on 4-9-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TDxVGAUTIL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe” /autostart
O4 - HKLM\..\Run: C:\WINDOWS\system32\TDxVGAUTIL.EXE
O4 - HKLM\..\Run: %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU\..\Run: “C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe” -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “C:\WINDOWS\system32\browserchoice.exe” /run (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237553506019
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ng.local
O17 - HKLM\Software\..\Telephony: DomainName = ng.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ng.local
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: eBeam Device Service - Luidia, Inc. - C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
–
End of file - 7191 bytes
Hoi pieter,
Logjes zien er weer goed uit.
ComboFix verwijderen:
Ga naar Start > Uitvoeren.
en Geef hier het volgende in: Combofix /Uninstall of kopieer het vet gedrukte en plak deze in uitvoeren, klik daarna op ok.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Voorbeeld:
Laat nu Ccleaner standaard draaien, eerst de cleaner en daarna het register.
Leeg nu je prullenbak, leeg al je herstelpunten, dat doe je als volgt:
Windows XP.
Rechtsklik op Deze Computer.
Kies voor Eigenschappen.
Ga naar het tabblad Systeemherstel.
Plaats een vinkje bij “Systeemherstel op alle stations uitschakelen”.
Herstart de computer.
Schakel systeemherstel weer opnieuw in, door nu het vinkje weg te halen.
Verander al jou wachtwoorden.
Succes,
Huib;)
