Fake Alert nederlandse politie!!!

paulettecancrinus · 16 nov 2011

Veiligheidsmodus heeft ook geen zin. Het virus crasht alle handelingen die je wil doen.
Aangifte doen heeft in die zin zin, dat hoe meer mensen zich op welke manier dan ook melden, de omvang van het probleem duidelijk wordt. Kan geen kwaad. En ik hoop maar dat ik hiermee mensen heb kunnen allarmeren. En ook dat heeft weinig zin, want ik heb inmiddels begrepen dat als het fake alert (ongeacht virus scan) binnenkomt, je eigenlijk al niets meer kan doen, totdat er een oplossing is gevonden...
Op tijd je documenten extern opslaan en dan maar opnieuw installeren, denk ik.

Nogmaals dank voor de reacties. Als ik toch nog een oplossing vind, zal ik het direct melden.

Abraham54 · 16 nov 2011

Hoi Paulette, download en brandt met een veilige PC een Linux-Live zoals Knoppix, UBuntu, Open Suse Gnome.

Boot jouw PC dan vervolgens vanaf die Linux-CD en laat deze helemaal opstarten.

Nadaat Linux de HD's heeft herkent (gemount) kan je middels kopiren en plakken de bestanden die je redden wil naar een veilige lokatie verplaatsten.

paulettecancrinus · 17 nov 2011

Opgelost! Je start windows op in veilige modus met opdrachtprompt - regedit - HKEYCurrentUser - software - microsoft - windows - current version - run, vervolgens klik je op vasja, eindigend op upd.exe. en verwijderen...

Abraham54 · 17 nov 2011

Of het probleem dan ook werkelijk opgelost is, is maar de vraag.
Datelfde geldt voor het terugzetten naar een eerder Systeemherstelpunt.

Want het Windows register wordt op tientallen plekken aangepast door het virus!

Maar laten we dan maar eens voortgaan met het onderzoek.

Probeer nu of het volgende wel wil:

Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:

Allereerst:

Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
Malwarebytes MBAM opstarten:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
- Let op:
  - Malwarebytes verstrekt nu de volledige versie van MBAM.
  - Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
  - Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
  - Zodoende zal MBAM als gratis versie verder te gebruiken zijn
- Doe ook nog het volgende:
  - Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  - Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Scannen:
- Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
- Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
- Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
- Klik nu eerst op OK om de melding weg te klikken
- Klik vervolgens rechtsonder op de knop Bekijk resultaten.
- Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
- Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
- Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
- Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
- Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.

paulettecancrinus · 17 nov 2011

Je had gelijk. mbam heeft er meer uitgehaald dan avg
Dankjewel!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 8182

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17-11-2011 14:48:23
mbam-log-2011-11-17 (14-48-23).txt

Scantype: Snelle scan
Objecten gescand: 177027
Verstreken tijd: 12 minuut/minuten, 38 seconde

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 23
Registerwaarden genfecteerd: 1
Registerdata genfecteerd: 0
Mappen genfecteerd: 12
Bestanden genfecteerd: 11

Geheugenprocessen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels genfecteerd:
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\hblite (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registerwaarden genfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hblite@hblite.com (Adware.HotBar) -> Value: hblite@hblite.com -> Quarantined and deleted successfully.

Registerdata genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen genfecteerd:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\hblite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\hblite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\hblite\bin\11.0.358.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\hblite\bin\11.0.358.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\hblite\bin\11.0.358.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\hblite\bin\11.0.358.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files (x86)\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files (x86)\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Bestanden genfecteerd:
c:\Users\user\AppData\Local\Temp\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\hblite\bin\11.0.358.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

Abraham54 · 17 nov 2011

We gaan door hoor!

Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:

Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier
vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:

Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

ComboFix opstarten:

Windows 2000 en Windows XP: start ComboFix.exe middels dubbelklik op ComboFix.exe.
Windows Vista en Windows 7: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor "Als Administrator uitvoeren".

ComboFix is opgestart:

Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt

Belangrijke opmerking:

Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
Illegal operation attempted on a registery key that has been marked for deletion.
Start dan de computer opnieuw op.

paulettecancrinus · 17 nov 2011

Hoi Abraham,
Het duurde even, maar dan heb je ook wat...

[hjt]
combofix 11-11-17.03 - user 17-11-2011 16:42:58.1.2 - x64
microsoft windows 7 home premium 6.1.7600.0.1252.31.1043.18.3999.2311 [gmt 1:00]
gestart vanuit: c:\users\user\desktop\combofix.exe
av: microsoft security essentials *disabled/updated* {108dac43-c256-20b7-bb05-914135da5160}
sp: microsoft security essentials *disabled/updated* {abec4da7-e46c-2f39-81b5-aa334e5d1bdd}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\install.exe
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\openoffice.org 3.2 .lnk
c:\users\user\videos\vlc-1.1.5-win32.exe
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))
.
.
2011-11-17 15:55 . 2011-11-17 15:55 69000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{447edbd5-1d21-42d5-81af-7b17e1fc9b12}\offreg.dll
2011-11-17 15:54 . 2011-11-17 15:54 -------- d-----w- c:\users\default\appdata\local\temp
2011-11-17 15:22 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0828c035-b9d0-49e8-97b3-f3a7a9d40cd0}\mpengine.dll
2011-11-17 13:52 . 2011-11-17 13:52 -------- d-----w- c:\windows\system32\macromed
2011-11-17 13:29 . 2011-11-17 13:29 -------- d-----w- c:\users\user\appdata\roaming\malwarebytes
2011-11-17 13:28 . 2011-11-17 13:28 -------- d-----w- c:\programdata\malwarebytes
2011-11-17 13:28 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 13:08 . 2011-11-17 13:24 -------- d-----w- c:\users\user\appdata\roaming\systweak
2011-11-17 13:08 . 2011-09-30 14:37 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-11-17 12:40 . 2011-11-17 12:40 -------- d-----w- c:\users\user\appdata\roaming\vlc
2011-11-17 11:57 . 2011-11-17 11:57 -------- d-----w- c:\users\user\appdata\roaming\avg2012
2011-11-17 11:56 . 2011-11-17 11:56 -------- d--h--w- c:\programdata\common files
2011-11-17 11:55 . 2011-11-17 15:34 -------- d-----w- c:\programdata\avg2012
2011-11-17 11:54 . 2011-11-17 11:54 -------- d-----w- c:\program files (x86)\avg
2011-11-17 11:46 . 2011-11-17 15:08 -------- d-----w- c:\programdata\mfadata
2011-11-17 11:32 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{447edbd5-1d21-42d5-81af-7b17e1fc9b12}\mpengine.dll
2011-11-17 11:32 . 2011-11-17 11:32 -------- d-----w- c:\program files (x86)\common files\java
2011-11-17 11:31 . 2011-11-17 11:31 -------- d-----w- c:\programdata\ask
2011-11-17 11:31 . 2011-10-03 04:06 472808 ----a-w- c:\windows\syswow64\deployjava1.dll
2011-11-09 07:21 . 2011-10-01 05:28 886784 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 07:21 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\common files\system\wab32.dll
2011-11-09 07:21 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:21 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 05:36 . 2011-08-15 05:08 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-26 05:36 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\internet explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 13:53 . 2011-06-11 08:43 414368 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2011-10-10 22:52 . 2011-10-10 22:52 917840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b668e6fd-8f05-49e2-b739-c81a8cab631e}\gapaengine.dll
2011-10-07 04:16 . 2010-09-01 18:40 8570192 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-01 03:21 . 2011-10-13 06:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 06:15 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-13 06:15 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-13 06:15 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 06:15 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 06:15 233472 ----a-w- c:\windows\syswow64\oleacc.dll
2011-08-20 05:45 . 2011-10-13 06:15 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-13 06:15 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-13 06:15 981504 ----a-w- c:\windows\syswow64\wininet.dll
2011-08-20 04:35 . 2011-10-13 06:15 44544 ----a-w- c:\windows\syswow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-13 06:15 482816 ----a-w- c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-13 06:15 386048 ----a-w- c:\windows\syswow64\html.iec
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"hpadvisor"=c:\program files (x86)\hewlett-packard\hp advisor\hpadvisor.exe [2009-07-15 1668664]
"msnmsgr"=c:\program files (x86)\windows live\messenger\msnmsgr.exe [2010-04-16 3872080]
"swg"=c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe [2010-12-26 39408]
"skype"=c:\program files (x86)\skype\phone\skype.exe [2011-10-13 17351304]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"hpcam_menu"=c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe [2009-02-25 218408]
"qlbctrl.exe"=c:\program files (x86)\hewlett-packard\hp quick launch buttons\qlbctrl.exe [2010-02-25 323640]
"nortononlinebackupreminder"=c:\program files (x86)\symantec\norton online backup\activation\nobuactivation.exe [2009-05-12 581480]
"updateprcshortcut"=c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe [2009-05-19 222504]
"adobe reader speed launcher"=c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [2011-01-31 35760]
"easybits recovery"=c:\program files (x86)\easybits for kids\ezrecover.exe [2009-06-22 60464]
"hp software update"=c:\program files (x86)\hp\hp software update\hpwuschd2.exe [2008-12-08 54576]
"wirelessassistant"=c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe [2009-07-23 498744]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2010-09-21 932288]
"quicktime task"=c:\program files (x86)\quicktime\qttask.exe [2010-11-29 421888]
"ituneshelper"=c:\program files (x86)\itunes\ituneshelper.exe [2011-06-07 421160]
"applesyncnotifier"=c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe [2011-04-20 58656]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2011-06-09 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_users\.default\software\microsoft\windows\currentversion\policies\system]
"wallpaperstyle"= 2
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shellexecutehooks]
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\msmpsvc]
@="service"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
.
r1 cchypyvy;cchypyvy;c:\windows\system32\drivers\cchypyvy.sys [x]
r1 hkrmccfk;hkrmccfk;c:\windows\system32\drivers\hkrmccfk.sys [x]
r1 mxjahzpl;mxjahzpl;c:\windows\system32\drivers\mxjahzpl.sys [x]
r1 ogtlepij;ogtlepij;c:\windows\system32\drivers\ogtlepij.sys [x]
r2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google update service (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 136176]
r3 ewusbnet;huawei usb-ndis miniport;c:\windows\system32\drivers\ewusbnet.sys [x]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 136176]
r3 hwusbfake;huawei datacard usb fake;c:\windows\system32\drivers\ewusbfake.sys [x]
r3 mpnwmon;microsoft malware protection network driver;c:\windows\system32\drivers\mpnwmon.sys [x]
r3 netw5v64;stuurprogramma voor intel(r) wireless wifi link 5000 series-adapter voor 64-bits windows vista;c:\windows\system32\drivers\netw5v64.sys [x]
r3 nisdrv;microsoft network inspection system;c:\windows\system32\drivers\nisdrvwfp.sys [x]
r3 nissrv;microsoft network inspection;c:\program files\microsoft security client\antimalware\nissrv.exe [2011-04-27 288272]
r3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys [x]
r3 srvhsfhda;srvhsfhda;c:\windows\system32\drivers\vstazl6.sys [x]
r3 srvhsfv92;srvhsfv92;c:\windows\system32\drivers\vstdpv6.sys [x]
r3 srvhsfwinac;srvhsfwinac;c:\windows\system32\drivers\vstcnxt6.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [x]
r3 yukonw7;ndis6.2 miniport driver for marvell yukon ethernet controller;c:\windows\system32\drivers\yk62x64.sys [x]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [x]
s2 aestfilters;andrea st filters service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\aestsr64.exe [2009-03-02 89600]
s2 ezsharedsvc;easybits shared services for windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 hpdrvmntsvc.exe;hp quick synchronization service;c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe [2010-10-14 92216]
s2 hpsrv;hp service;c:\windows\system32\hpservice.exe [x]
s3 com4qlbex;com4qlbex;c:\program files (x86)\hewlett-packard\hp quick launch buttons\com4qlbex.exe [2010-02-25 227896]
s3 intchdmiaddservice;intel(r) high definition audio hdmi;c:\windows\system32\drivers\intchdmi.sys [x]
.
.
hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\svchost - netsvcs
ezsharedsvc
.
inhoud van de 'gedeelde taken' map
.
2011-11-17 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 12:02]
.
2011-11-17 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 12:02]
.
2011-11-13 c:\windows\tasks\googleupdatetaskusers-1-5-21-2281543014-1057846268-3283991645-1000core.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2010-08-31 11:12]
.
2011-11-17 c:\windows\tasks\googleupdatetaskusers-1-5-21-2281543014-1057846268-3283991645-1000ua.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2010-08-31 11:12]
.
2011-11-10 c:\windows\tasks\hpceescheduleforuser.job
- c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe [2009-10-07 02:22]
.
.
--------- x86-64 -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"amicosinglun64"=c:\program files (x86)\amicosinglun\amicosinglun64.exe [2009-07-16 323072]
"systrayapp"=c:\program files\idt\wdm\sttray64.exe [2009-07-22 450048]
"apoint"=c:\program files\apoint2k\apoint.exe [2009-06-29 318464]
"smartmenu"=c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe [2009-07-21 610872]
"sunjavaupdatesched"=c:\program files\java\jre6\bin\jusched.exe [2009-09-18 171520]
"igfxtray"=c:\windows\system32\igfxtray.exe [2010-08-25 161304]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2010-08-25 386584]
"persistence"=c:\windows\system32\igfxpers.exe [2010-08-25 415256]
"msc"=c:\program files\microsoft security client\msseces.exe [2011-06-15 1436736]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"loadappinit_dlls"=0x0
.
------- bijkomende scan -------
.
ustart page = hxxp://www.google.nl/
ulocal page = c:\windows\system32\blank.htm
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = *.local
ie: e&xporteren naar microsoft excel - c:\progra~2\micros~1\office12\excel.exe/3000
ie: google sidewiki... - c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
tcp: dhcpnameserver = 192.168.0.1
.
- - - - orphans verwijderd - - - -
.
urlsearchhooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
wow6432node-hkcu-run-ares - c:\program files (x86)\ares\ares.exe
webbrowser-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
webbrowser-{30f9b915-b755-4826-820b-08fba6bd249d} - (no file)
webbrowser-{d4027c7f-154a-4066-a1ad-4243d8127440} - (no file)
addremove-adobe shockwave player - c:\windows\system32\adobe\shockwave 11\uninstaller.exe
addremove-easybits magic desktop - c:\windows\system32\ezmduninstall.exe
addremove-{08db3902-2ce0-474d-bce3-0177766ce9f1} - c:\program files (x86)\installshield installation information\{08db3902-2ce0-474d-bce3-0177766ce9f1}\setup.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil11e_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil11e_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.10"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}]
@denied: (a 2) (everyone)
@="iflashbroker4"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files (x86)\bonjour\mdnsresponder.exe
c:\program files (x86)\cyberlink\shared files\richvideo.exe
c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe
.
**************************************************************************
.
voltooingstijd: 2011-11-17 17:02:20 - machine werd herstart
combofix-quarantined-files.txt 2011-11-17 16:02
.
pre-run: 256.603.873.280 bytes beschikbaar
post-run: 257.797.402.624 bytes beschikbaar
.
- - end of file - - c13ee48b2bbe72703abc81f95d95cda6

[/hjt]

Abraham54 · 17 nov 2011

De volgende ronde:

Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok (of Notepad)".

Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster

KILLALL::

File::
c:\windows\system32\drivers\cchypyvy.sys
c:\windows\system32\drivers\hkrmccfk.sys
c:\windows\system32\drivers\mxjahzpl.sys
c:\windows\system32\drivers\ogtlepij.sys

Driver::
cchypyvy
hkrmccfk
mxjahzpl
ogtlepij

Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus en eventuele spywarescanners deaktiveren!

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!

paulettecancrinus · 17 nov 2011

De scan staat nu al 15 min. op voltooid deel 4 en gaat niet verder
Kan ik het opnieuw proberen?

Abraham54 · 17 nov 2011

Doe de scan opnieuw, maar dan in Veilige modus!

paulettecancrinus · 17 nov 2011

[hjt]
combofix 11-11-17.03 - user 17-11-2011 19:03:55.4.2 - x64 minimal
microsoft windows 7 home premium 6.1.7600.0.1252.31.1043.18.3999.2841 [gmt 1:00]
gestart vanuit: c:\users\user\desktop\combofix.exe
av: microsoft security essentials *disabled/updated* {108dac43-c256-20b7-bb05-914135da5160}
sp: microsoft security essentials *disabled/updated* {abec4da7-e46c-2f39-81b5-aa334e5d1bdd}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
* nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))
.
.
2011-11-17 18:14 . 2011-11-17 18:14 69000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{447edbd5-1d21-42d5-81af-7b17e1fc9b12}\offreg.dll
2011-11-17 18:13 . 2011-11-17 18:13 -------- d-----w- c:\users\default\appdata\local\temp
2011-11-17 15:22 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0828c035-b9d0-49e8-97b3-f3a7a9d40cd0}\mpengine.dll
2011-11-17 13:52 . 2011-11-17 13:52 -------- d-----w- c:\windows\system32\macromed
2011-11-17 13:29 . 2011-11-17 13:29 -------- d-----w- c:\users\user\appdata\roaming\malwarebytes
2011-11-17 13:28 . 2011-11-17 13:28 -------- d-----w- c:\programdata\malwarebytes
2011-11-17 13:28 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 13:08 . 2011-11-17 13:24 -------- d-----w- c:\users\user\appdata\roaming\systweak
2011-11-17 13:08 . 2011-09-30 14:37 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-11-17 12:40 . 2011-11-17 12:40 -------- d-----w- c:\users\user\appdata\roaming\vlc
2011-11-17 11:57 . 2011-11-17 11:57 -------- d-----w- c:\users\user\appdata\roaming\avg2012
2011-11-17 11:56 . 2011-11-17 11:56 -------- d--h--w- c:\programdata\common files
2011-11-17 11:55 . 2011-11-17 15:34 -------- d-----w- c:\programdata\avg2012
2011-11-17 11:54 . 2011-11-17 11:54 -------- d-----w- c:\program files (x86)\avg
2011-11-17 11:46 . 2011-11-17 15:08 -------- d-----w- c:\programdata\mfadata
2011-11-17 11:32 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{447edbd5-1d21-42d5-81af-7b17e1fc9b12}\mpengine.dll
2011-11-17 11:32 . 2011-11-17 11:32 -------- d-----w- c:\program files (x86)\common files\java
2011-11-17 11:31 . 2011-11-17 11:31 -------- d-----w- c:\programdata\ask
2011-11-17 11:31 . 2011-10-03 04:06 472808 ----a-w- c:\windows\syswow64\deployjava1.dll
2011-11-09 07:21 . 2011-10-01 05:28 886784 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 07:21 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\common files\system\wab32.dll
2011-11-09 07:21 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:21 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 05:36 . 2011-08-15 05:08 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-26 05:36 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\internet explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 13:53 . 2011-06-11 08:43 414368 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2011-10-10 22:52 . 2011-10-10 22:52 917840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b668e6fd-8f05-49e2-b739-c81a8cab631e}\gapaengine.dll
2011-10-07 04:16 . 2010-09-01 18:40 8570192 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-01 03:21 . 2011-10-13 06:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 06:15 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-13 06:15 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-13 06:15 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 06:15 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 06:15 233472 ----a-w- c:\windows\syswow64\oleacc.dll
2011-08-20 05:45 . 2011-10-13 06:15 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-13 06:15 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-13 06:15 981504 ----a-w- c:\windows\syswow64\wininet.dll
2011-08-20 04:35 . 2011-10-13 06:15 44544 ----a-w- c:\windows\syswow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-13 06:15 482816 ----a-w- c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-13 06:15 386048 ----a-w- c:\windows\syswow64\html.iec
.
.
((((((((((((((((((((((((((((( snapshot@2011-11-17_15.56.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-17 18:14 16384 c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
- 2009-07-14 04:54 . 2011-11-17 15:55 16384 c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
- 2009-07-14 04:54 . 2011-11-17 15:55 32768 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
+ 2009-07-14 04:54 . 2011-11-17 18:14 32768 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
+ 2009-07-14 04:54 . 2011-11-17 18:14 16384 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
- 2009-07-14 04:54 . 2011-11-17 15:55 16384 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2009-09-17 23:30 . 2011-11-17 17:06 52266 c:\windows\system32\wdi\shutdownperformancediagnostics_systemdata.bin
+ 2009-07-14 05:10 . 2011-11-17 17:06 62802 c:\windows\system32\wdi\bootperformancediagnostics_systemdata.bin
- 2009-07-14 05:10 . 2011-11-17 15:36 62802 c:\windows\system32\wdi\bootperformancediagnostics_systemdata.bin
+ 2010-08-30 10:01 . 2011-11-17 17:06 11974 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\s-1-5-21-2281543014-1057846268-3283991645-1000_userdata.bin
+ 2010-08-31 11:01 . 2011-11-17 18:15 16384 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
- 2010-08-31 11:01 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-17 17:11 78552 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\softwareprotectionplatform\cache\cache.dat
+ 2010-08-31 11:01 . 2011-11-17 18:15 32768 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
- 2010-08-31 11:01 . 2011-11-17 15:56 32768 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
- 2010-08-31 11:01 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2010-08-31 11:01 . 2011-11-17 18:15 16384 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
- 2010-08-30 10:02 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
+ 2010-08-30 10:02 . 2011-11-17 18:15 16384 c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
- 2010-08-30 10:02 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2010-08-30 10:02 . 2011-11-17 18:15 16384 c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2011-11-17 18:13 . 2011-11-17 18:13 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
- 2011-11-17 15:55 . 2011-11-17 15:55 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
+ 2011-11-17 18:13 . 2011-11-17 18:13 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
- 2011-11-17 15:55 . 2011-11-17 15:55 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
+ 2010-08-31 13:35 . 2011-11-17 17:54 282718 c:\windows\system32\wdi\suspendperformancediagnostics_systemdata_s3.bin
+ 2009-09-18 09:18 . 2011-11-17 18:09 707978 c:\windows\system32\perfh013.dat
+ 2009-07-14 02:36 . 2011-11-17 18:09 622052 c:\windows\system32\perfh009.dat
+ 2009-09-18 09:18 . 2011-11-17 18:09 136680 c:\windows\system32\perfc013.dat
+ 2009-07-14 02:36 . 2011-11-17 18:09 109134 c:\windows\system32\perfc009.dat
+ 2009-09-18 02:11 . 2011-11-17 17:59 685472 c:\windows\serviceprofiles\localservice\appdata\local\fontcache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-11-17 18:01 359036 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-system.dat
- 2009-07-14 05:01 . 2011-11-17 15:54 359036 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-system.dat
+ 2010-08-30 11:57 . 2011-11-17 18:01 715460 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-s-1-5-21-2281543014-1057846268-3283991645-1000-8192.dat
- 2010-08-30 11:57 . 2011-11-17 15:54 715460 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-s-1-5-21-2281543014-1057846268-3283991645-1000-8192.dat
+ 2009-07-14 04:45 . 2011-11-17 15:59 3777877 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\softwareprotectionplatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-17 13:53 3777877 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\softwareprotectionplatform\tokens.dat
- 2009-07-14 02:34 . 2011-11-17 15:39 10223616 c:\windows\system32\smi\store\machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-17 17:18 10223616 c:\windows\system32\smi\store\machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"hpadvisor"=c:\program files (x86)\hewlett-packard\hp advisor\hpadvisor.exe [2009-07-15 1668664]
"msnmsgr"=c:\program files (x86)\windows live\messenger\msnmsgr.exe [2010-04-16 3872080]
"swg"=c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe [2010-12-26 39408]
"skype"=c:\program files (x86)\skype\phone\skype.exe [2011-10-13 17351304]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"hpcam_menu"=c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe [2009-02-25 218408]
"qlbctrl.exe"=c:\program files (x86)\hewlett-packard\hp quick launch buttons\qlbctrl.exe [2010-02-25 323640]
"nortononlinebackupreminder"=c:\program files (x86)\symantec\norton online backup\activation\nobuactivation.exe [2009-05-12 581480]
"updateprcshortcut"=c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe [2009-05-19 222504]
"adobe reader speed launcher"=c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [2011-01-31 35760]
"easybits recovery"=c:\program files (x86)\easybits for kids\ezrecover.exe [2009-06-22 60464]
"hp software update"=c:\program files (x86)\hp\hp software update\hpwuschd2.exe [2008-12-08 54576]
"wirelessassistant"=c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe [2009-07-23 498744]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2010-09-21 932288]
"quicktime task"=c:\program files (x86)\quicktime\qttask.exe [2010-11-29 421888]
"ituneshelper"=c:\program files (x86)\itunes\ituneshelper.exe [2011-06-07 421160]
"applesyncnotifier"=c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe [2011-04-20 58656]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2011-06-09 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_users\.default\software\microsoft\windows\currentversion\policies\system]
"wallpaperstyle"= 2
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shellexecutehooks]
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\msmpsvc]
@="service"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
.
r1 cchypyvy;cchypyvy;c:\windows\system32\drivers\cchypyvy.sys [x]
r1 hkrmccfk;hkrmccfk;c:\windows\system32\drivers\hkrmccfk.sys [x]
r1 mxjahzpl;mxjahzpl;c:\windows\system32\drivers\mxjahzpl.sys [x]
r1 ogtlepij;ogtlepij;c:\windows\system32\drivers\ogtlepij.sys [x]
r2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google update service (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 136176]
r3 ewusbnet;huawei usb-ndis miniport;c:\windows\system32\drivers\ewusbnet.sys [x]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 136176]
r3 hwusbfake;huawei datacard usb fake;c:\windows\system32\drivers\ewusbfake.sys [x]
r3 mpnwmon;microsoft malware protection network driver;c:\windows\system32\drivers\mpnwmon.sys [x]
r3 netw5v64;stuurprogramma voor intel(r) wireless wifi link 5000 series-adapter voor 64-bits windows vista;c:\windows\system32\drivers\netw5v64.sys [x]
r3 nisdrv;microsoft network inspection system;c:\windows\system32\drivers\nisdrvwfp.sys [x]
r3 nissrv;microsoft network inspection;c:\program files\microsoft security client\antimalware\nissrv.exe [2011-04-27 288272]
r3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys [x]
r3 srvhsfhda;srvhsfhda;c:\windows\system32\drivers\vstazl6.sys [x]
r3 srvhsfv92;srvhsfv92;c:\windows\system32\drivers\vstdpv6.sys [x]
r3 srvhsfwinac;srvhsfwinac;c:\windows\system32\drivers\vstcnxt6.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [x]
r3 yukonw7;ndis6.2 miniport driver for marvell yukon ethernet controller;c:\windows\system32\drivers\yk62x64.sys [x]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [x]
s2 aestfilters;andrea st filters service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\aestsr64.exe [2009-03-02 89600]
s2 ezsharedsvc;easybits shared services for windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 hpdrvmntsvc.exe;hp quick synchronization service;c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe [2010-10-14 92216]
s2 hpsrv;hp service;c:\windows\system32\hpservice.exe [x]
s3 com4qlbex;com4qlbex;c:\program files (x86)\hewlett-packard\hp quick launch buttons\com4qlbex.exe [2010-02-25 227896]
s3 intchdmiaddservice;intel(r) high definition audio hdmi;c:\windows\system32\drivers\intchdmi.sys [x]
.
.
hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\svchost - netsvcs
ezsharedsvc
.
inhoud van de 'gedeelde taken' map
.
2011-11-17 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 12:02]
.
2011-11-17 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 12:02]
.
2011-11-13 c:\windows\tasks\googleupdatetaskusers-1-5-21-2281543014-1057846268-3283991645-1000core.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2010-08-31 11:12]
.
2011-11-17 c:\windows\tasks\googleupdatetaskusers-1-5-21-2281543014-1057846268-3283991645-1000ua.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2010-08-31 11:12]
.
2011-11-10 c:\windows\tasks\hpceescheduleforuser.job
- c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe [2009-10-07 02:22]
.
.
--------- x86-64 -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"amicosinglun64"=c:\program files (x86)\amicosinglun\amicosinglun64.exe [2009-07-16 323072]
"systrayapp"=c:\program files\idt\wdm\sttray64.exe [2009-07-22 450048]
"apoint"=c:\program files\apoint2k\apoint.exe [2009-06-29 318464]
"smartmenu"=c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe [2009-07-21 610872]
"sunjavaupdatesched"=c:\program files\java\jre6\bin\jusched.exe [2009-09-18 171520]
"igfxtray"=c:\windows\system32\igfxtray.exe [2010-08-25 161304]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2010-08-25 386584]
"persistence"=c:\windows\system32\igfxpers.exe [2010-08-25 415256]
"msc"=c:\program files\microsoft security client\msseces.exe [2011-06-15 1436736]
.
------- bijkomende scan -------
.
ustart page = hxxp://www.google.nl/
ulocal page = c:\windows\system32\blank.htm
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = *.local
ie: e&xporteren naar microsoft excel - c:\progra~2\micros~1\office12\excel.exe/3000
ie: google sidewiki... - c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
tcp: dhcpnameserver = 192.168.0.1
.
- - - - orphans verwijderd - - - -
.
webbrowser-{30f9b915-b755-4826-820b-08fba6bd249d} - (no file)
webbrowser-{d4027c7f-154a-4066-a1ad-4243d8127440} - (no file)
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil11e_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil11e_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.10"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}]
@denied: (a 2) (everyone)
@="iflashbroker4"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files (x86)\bonjour\mdnsresponder.exe
c:\program files (x86)\cyberlink\shared files\richvideo.exe
c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe
c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
.
**************************************************************************
.
voltooingstijd: 2011-11-17 19:20:37 - machine werd herstart
combofix-quarantined-files.txt 2011-11-17 18:20
combofix2.txt 2011-11-17 16:02
.
pre-run: 257.666.105.344 bytes beschikbaar
post-run: 257.601.040.384 bytes beschikbaar
.
- - end of file - - 67b0b8bc00547cbd1e9a1d104832378d

[/hjt]

Abraham54 · 17 nov 2011

Je hebt niet het script gebruikt!

Dus in Veilige modus nu gaan overdoen!

paulettecancrinus · 17 nov 2011

Ik hoop dat het nu goed is gegaan!

[hjt]
combofix 11-11-17.03 - user 17-11-2011 22:09:54.5.2 - x64
microsoft windows 7 home premium 6.1.7600.0.1252.31.1043.18.3999.2720 [gmt 1:00]
gestart vanuit: c:\users\user\desktop\combofix.exe
gebruikte opdracht switches :: c:\users\user\desktop\cfscript.txt
av: microsoft security essentials *disabled/updated* {108dac43-c256-20b7-bb05-914135da5160}
sp: microsoft security essentials *disabled/updated* {abec4da7-e46c-2f39-81b5-aa334e5d1bdd}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
file ::
c:\windows\system32\drivers\cchypyvy.sys
c:\windows\system32\drivers\hkrmccfk.sys
c:\windows\system32\drivers\mxjahzpl.sys
c:\windows\system32\drivers\ogtlepij.sys
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\syswow64\drivers\atapi.sys . . . is genfecteerd!!
.
.
((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\service_cchypyvy
-------\service_hkrmccfk
-------\service_mxjahzpl
-------\service_ogtlepij
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-10-17 to 2011-11-17 ))))))))))))))))))))))))))))))
.
.
2011-11-17 21:30 . 2011-11-17 21:30 69000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{447edbd5-1d21-42d5-81af-7b17e1fc9b12}\offreg.dll
2011-11-17 21:29 . 2011-11-17 21:29 -------- d-----w- c:\users\default\appdata\local\temp
2011-11-17 15:22 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0828c035-b9d0-49e8-97b3-f3a7a9d40cd0}\mpengine.dll
2011-11-17 13:52 . 2011-11-17 13:52 -------- d-----w- c:\windows\system32\macromed
2011-11-17 13:29 . 2011-11-17 13:29 -------- d-----w- c:\users\user\appdata\roaming\malwarebytes
2011-11-17 13:28 . 2011-11-17 13:28 -------- d-----w- c:\programdata\malwarebytes
2011-11-17 13:28 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 13:08 . 2011-11-17 13:24 -------- d-----w- c:\users\user\appdata\roaming\systweak
2011-11-17 13:08 . 2011-09-30 14:37 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-11-17 12:40 . 2011-11-17 12:40 -------- d-----w- c:\users\user\appdata\roaming\vlc
2011-11-17 11:57 . 2011-11-17 11:57 -------- d-----w- c:\users\user\appdata\roaming\avg2012
2011-11-17 11:56 . 2011-11-17 11:56 -------- d--h--w- c:\programdata\common files
2011-11-17 11:55 . 2011-11-17 15:34 -------- d-----w- c:\programdata\avg2012
2011-11-17 11:54 . 2011-11-17 11:54 -------- d-----w- c:\program files (x86)\avg
2011-11-17 11:46 . 2011-11-17 15:08 -------- d-----w- c:\programdata\mfadata
2011-11-17 11:32 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{447edbd5-1d21-42d5-81af-7b17e1fc9b12}\mpengine.dll
2011-11-17 11:32 . 2011-11-17 11:32 -------- d-----w- c:\program files (x86)\common files\java
2011-11-17 11:31 . 2011-11-17 11:31 -------- d-----w- c:\programdata\ask
2011-11-17 11:31 . 2011-10-03 04:06 472808 ----a-w- c:\windows\syswow64\deployjava1.dll
2011-11-09 07:21 . 2011-10-01 05:28 886784 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 07:21 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\common files\system\wab32.dll
2011-11-09 07:21 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:21 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-26 05:36 . 2011-08-15 05:08 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-26 05:36 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\internet explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 13:53 . 2011-06-11 08:43 414368 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2011-10-10 22:52 . 2011-10-10 22:52 917840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b668e6fd-8f05-49e2-b739-c81a8cab631e}\gapaengine.dll
2011-10-07 04:16 . 2010-09-01 18:40 8570192 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-01 03:21 . 2011-10-13 06:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 06:15 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-13 06:15 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-13 06:15 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 06:15 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 06:15 233472 ----a-w- c:\windows\syswow64\oleacc.dll
2011-08-20 05:45 . 2011-10-13 06:15 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-13 06:15 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-13 06:15 981504 ----a-w- c:\windows\syswow64\wininet.dll
2011-08-20 04:35 . 2011-10-13 06:15 44544 ----a-w- c:\windows\syswow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-13 06:15 482816 ----a-w- c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-13 06:15 386048 ----a-w- c:\windows\syswow64\html.iec
.
.
((((((((((((((((((((((((((((( snapshot@2011-11-17_15.56.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-17 21:30 16384 c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
- 2009-07-14 04:54 . 2011-11-17 15:55 16384 c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-17 21:30 32768 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
- 2009-07-14 04:54 . 2011-11-17 15:55 32768 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
- 2009-07-14 04:54 . 2011-11-17 15:55 16384 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2009-07-14 04:54 . 2011-11-17 21:30 16384 c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2009-09-17 23:30 . 2011-11-17 21:07 52456 c:\windows\system32\wdi\shutdownperformancediagnostics_systemdata.bin
- 2009-07-14 05:10 . 2011-11-17 15:36 62802 c:\windows\system32\wdi\bootperformancediagnostics_systemdata.bin
+ 2009-07-14 05:10 . 2011-11-17 21:07 62802 c:\windows\system32\wdi\bootperformancediagnostics_systemdata.bin
+ 2010-08-30 10:01 . 2011-11-17 21:07 11998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\s-1-5-21-2281543014-1057846268-3283991645-1000_userdata.bin
+ 2010-08-31 11:01 . 2011-11-17 21:31 16384 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
- 2010-08-31 11:01 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-17 17:11 78552 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\softwareprotectionplatform\cache\cache.dat
+ 2010-08-31 11:01 . 2011-11-17 21:31 32768 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
- 2010-08-31 11:01 . 2011-11-17 15:56 32768 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
- 2010-08-31 11:01 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2010-08-31 11:01 . 2011-11-17 21:31 16384 c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
- 2010-08-30 10:02 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
+ 2010-08-30 10:02 . 2011-11-17 21:31 16384 c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
+ 2010-08-30 10:02 . 2011-11-17 21:31 16384 c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
- 2010-08-30 10:02 . 2011-11-17 15:56 16384 c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
+ 2011-11-17 21:30 . 2011-11-17 21:30 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
- 2011-11-17 15:55 . 2011-11-17 15:55 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
- 2011-11-17 15:55 . 2011-11-17 15:55 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
+ 2011-11-17 21:30 . 2011-11-17 21:30 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
+ 2010-08-31 13:35 . 2011-11-17 17:54 282718 c:\windows\system32\wdi\suspendperformancediagnostics_systemdata_s3.bin
+ 2009-09-18 09:18 . 2011-11-17 21:11 708216 c:\windows\system32\perfh013.dat
- 2009-09-18 09:18 . 2011-11-17 15:40 708216 c:\windows\system32\perfh013.dat
+ 2009-07-14 02:36 . 2011-11-17 21:11 622250 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-17 15:40 622250 c:\windows\system32\perfh009.dat
+ 2009-09-18 09:18 . 2011-11-17 21:11 136886 c:\windows\system32\perfc013.dat
- 2009-09-18 09:18 . 2011-11-17 15:40 136886 c:\windows\system32\perfc013.dat
+ 2009-07-14 02:36 . 2011-11-17 21:11 109332 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-17 15:40 109332 c:\windows\system32\perfc009.dat
+ 2009-09-18 02:11 . 2011-11-17 21:29 685632 c:\windows\serviceprofiles\localservice\appdata\local\fontcache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-11-17 15:54 359036 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-system.dat
+ 2009-07-14 05:01 . 2011-11-17 21:29 359036 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-system.dat
- 2010-08-30 11:57 . 2011-11-17 15:54 715460 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-s-1-5-21-2281543014-1057846268-3283991645-1000-8192.dat
+ 2010-08-30 11:57 . 2011-11-17 21:29 715460 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-s-1-5-21-2281543014-1057846268-3283991645-1000-8192.dat
- 2009-07-14 04:45 . 2011-11-17 13:53 3777877 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\softwareprotectionplatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-17 15:59 3777877 c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\softwareprotectionplatform\tokens.dat
- 2009-07-14 02:34 . 2011-11-17 15:39 10223616 c:\windows\system32\smi\store\machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-17 21:15 10223616 c:\windows\system32\smi\store\machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"hpadvisor"=c:\program files (x86)\hewlett-packard\hp advisor\hpadvisor.exe [2009-07-15 1668664]
"msnmsgr"=c:\program files (x86)\windows live\messenger\msnmsgr.exe [2010-04-16 3872080]
"swg"=c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe [2010-12-26 39408]
"skype"=c:\program files (x86)\skype\phone\skype.exe [2011-10-13 17351304]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"hpcam_menu"=c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe [2009-02-25 218408]
"qlbctrl.exe"=c:\program files (x86)\hewlett-packard\hp quick launch buttons\qlbctrl.exe [2010-02-25 323640]
"nortononlinebackupreminder"=c:\program files (x86)\symantec\norton online backup\activation\nobuactivation.exe [2009-05-12 581480]
"updateprcshortcut"=c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe [2009-05-19 222504]
"adobe reader speed launcher"=c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [2011-01-31 35760]
"easybits recovery"=c:\program files (x86)\easybits for kids\ezrecover.exe [2009-06-22 60464]
"hp software update"=c:\program files (x86)\hp\hp software update\hpwuschd2.exe [2008-12-08 54576]
"wirelessassistant"=c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe [2009-07-23 498744]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2010-09-21 932288]
"quicktime task"=c:\program files (x86)\quicktime\qttask.exe [2010-11-29 421888]
"ituneshelper"=c:\program files (x86)\itunes\ituneshelper.exe [2011-06-07 421160]
"applesyncnotifier"=c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe [2011-04-20 58656]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2011-06-09 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_users\.default\software\microsoft\windows\currentversion\policies\system]
"wallpaperstyle"= 2
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shellexecutehooks]
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\msmpsvc]
@="service"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
.
r2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google update service (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 136176]
r3 com4qlbex;com4qlbex;c:\program files (x86)\hewlett-packard\hp quick launch buttons\com4qlbex.exe [2010-02-25 227896]
r3 ewusbnet;huawei usb-ndis miniport;c:\windows\system32\drivers\ewusbnet.sys [x]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 136176]
r3 hwusbfake;huawei datacard usb fake;c:\windows\system32\drivers\ewusbfake.sys [x]
r3 mpnwmon;microsoft malware protection network driver;c:\windows\system32\drivers\mpnwmon.sys [x]
r3 netw5v64;stuurprogramma voor intel(r) wireless wifi link 5000 series-adapter voor 64-bits windows vista;c:\windows\system32\drivers\netw5v64.sys [x]
r3 nisdrv;microsoft network inspection system;c:\windows\system32\drivers\nisdrvwfp.sys [x]
r3 nissrv;microsoft network inspection;c:\program files\microsoft security client\antimalware\nissrv.exe [2011-04-27 288272]
r3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys [x]
r3 srvhsfhda;srvhsfhda;c:\windows\system32\drivers\vstazl6.sys [x]
r3 srvhsfv92;srvhsfv92;c:\windows\system32\drivers\vstdpv6.sys [x]
r3 srvhsfwinac;srvhsfwinac;c:\windows\system32\drivers\vstcnxt6.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [x]
r3 yukonw7;ndis6.2 miniport driver for marvell yukon ethernet controller;c:\windows\system32\drivers\yk62x64.sys [x]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [x]
s2 aestfilters;andrea st filters service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\aestsr64.exe [2009-03-02 89600]
s2 ezsharedsvc;easybits shared services for windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 hpdrvmntsvc.exe;hp quick synchronization service;c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe [2010-10-14 92216]
s2 hpsrv;hp service;c:\windows\system32\hpservice.exe [x]
s3 intchdmiaddservice;intel(r) high definition audio hdmi;c:\windows\system32\drivers\intchdmi.sys [x]
.
.
hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\svchost - netsvcs
ezsharedsvc
.
inhoud van de 'gedeelde taken' map
.
2011-11-17 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 12:02]
.
2011-11-17 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-11-30 12:02]
.
2011-11-13 c:\windows\tasks\googleupdatetaskusers-1-5-21-2281543014-1057846268-3283991645-1000core.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2010-08-31 11:12]
.
2011-11-17 c:\windows\tasks\googleupdatetaskusers-1-5-21-2281543014-1057846268-3283991645-1000ua.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2010-08-31 11:12]
.
2011-11-10 c:\windows\tasks\hpceescheduleforuser.job
- c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe [2009-10-07 02:22]
.
.
--------- x86-64 -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"amicosinglun64"=c:\program files (x86)\amicosinglun\amicosinglun64.exe [2009-07-16 323072]
"systrayapp"=c:\program files\idt\wdm\sttray64.exe [2009-07-22 450048]
"apoint"=c:\program files\apoint2k\apoint.exe [2009-06-29 318464]
"smartmenu"=c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe [2009-07-21 610872]
"sunjavaupdatesched"=c:\program files\java\jre6\bin\jusched.exe [2009-09-18 171520]
"igfxtray"=c:\windows\system32\igfxtray.exe [2010-08-25 161304]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2010-08-25 386584]
"persistence"=c:\windows\system32\igfxpers.exe [2010-08-25 415256]
"msc"=c:\program files\microsoft security client\msseces.exe [2011-06-15 1436736]
"combofix"="c:\combofix\cf28235.3xe" [2009-07-14 344576]
.
------- bijkomende scan -------
.
ustart page = hxxp://www.google.nl/
ulocal page = c:\windows\system32\blank.htm
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = *.local
ie: e&xporteren naar microsoft excel - c:\progra~2\micros~1\office12\excel.exe/3000
ie: google sidewiki... - c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll/cmsidewiki.html
tcp: dhcpnameserver = 192.168.0.1
.
- - - - orphans verwijderd - - - -
.
webbrowser-{30f9b915-b755-4826-820b-08fba6bd249d} - (no file)
webbrowser-{d4027c7f-154a-4066-a1ad-4243d8127440} - (no file)
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil11e_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil11e_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.10"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash11e.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}]
@denied: (a 2) (everyone)
@="iflashbroker4"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files (x86)\bonjour\mdnsresponder.exe
c:\program files (x86)\cyberlink\shared files\richvideo.exe
c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe
.
**************************************************************************
.
voltooingstijd: 2011-11-17 22:36:31 - machine werd herstart
combofix-quarantined-files.txt 2011-11-17 21:36
combofix2.txt 2011-11-17 18:20
combofix3.txt 2011-11-17 16:02
.
pre-run: 257.622.876.160 bytes beschikbaar
post-run: 257.151.381.504 bytes beschikbaar
.
- - end of file - - 0e6b5043583eb450c4e86dcc1bbf57ea

[/hjt]

Abraham54 · 17 nov 2011

c:\windows\syswow64\drivers\atapi.sys . . . is genfecteerd!!

En wat ik hier heb geschreven: http://www.nationaalcomputerforum.nl/showthread.php?t=84320

Graag jouw reaktie.

paulettecancrinus · 17 nov 2011

Goed verhaal!
Volgens mij komt het virus binnen via advertenties.

Als ik nu ook java verwijder en de nieuwe versie installeer, denk je dat ik er dan ben? Of moet ik hier nog iets mee:

c:\windows\syswow64\drivers\atapi.sys . . . is genfecteerd!!

Abraham54 · 17 nov 2011

Nee, dat zal niks helpen.

Gewoon gaan voor een schone installatie!

paulettecancrinus · 17 nov 2011

Dus toch proberen mijn bestanden extern op te slaan en de computer volledig opnieuw installeren?

Ik ga me er morgen maar weer over buigen. Dit stomme geintje kost me al 3 dagen!

Nog steeds dankbaar voor je hulp!

Abraham54 · 17 nov 2011

Hoe groot is de HD in je PC dan?

paulettecancrinus · 17 nov 2011

C: schijf 452 GB (waarvan 239GB gebruikt)

Abraham54 · 17 nov 2011

Wat een overkill.

Is jouw PC met Windows 7 gekomen?

Fake Alert nederlandse politie!!!

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Junior lid

Abraham54

Gast

Wij waarderen jouw privacy