Ga naar inhoud

beeldscherm zonder picto's en taakbalk na opstart, enkel veilige modus is mogelijk

dasjka

Door dasjka
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

  • Reacties 41
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download Unhide.exe naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.

  • Dubbelklik op "Unhide.exe" om de tool te starten.
  • Let op!!! Windows Vista & 7 gebruikers dienen "Unhide.exe" als administrator uit te voeren "Rechtermuisknop uitvoeren als administrator",
  • Wacht rustig af totdat de tool gereed is en doe in de tussentijd verder niets op de computer.
  • Als de tool gereed is krijgt u het onderstaande scherm te zien, met de melding "Your files should now be visible"
    • 4d9d78e700801-unhide..jpg

    [*] Vermeld in uw volgende bericht of u deze melding heeft gekregen.

Link naar reactie
Delen op andere sites
dasjka Leerling

dasjka

Geplaatst:
  • Auteur
Geplaatst:

Ik heb het een tweede maal gedaan, voor zekerheid ivm administrator functie.

Log:

Unhide by Lawrence Abrams (Grinler)

Bleeping Computer - Computer Help and Discussion

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

Unhide.exe - A introduction as to what this program does

Program started at: 09/13/2012 03:31:20 PM

Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 179649 files processed.

Processing the D:\ drive

Finished processing the D:\ drive. 17008 files processed.

Processing the F:\ drive

Finished processing the F:\ drive. 0 files processed.

Processing the G:\ drive

Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive

Finished processing the H:\ drive. 0 files processed.

The C:\Users\Dasjka\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: Unhide.exe - A introduction as to what this program does

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 09/13/2012 03:32:07 PM

Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)

Als ik pc opnieuw opstart krijg ik niets meer, enkel nog zwart scherm. Veilige modus nog steeds ok.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties (mag via "veilige modus met netwerkverbinding):

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
dasjka Leerling

dasjka

Geplaatst:
  • Auteur
Geplaatst:

Gevonden! Ja sorry, pc-leek

ComboFix 12-09-13.03 - Dasjka 14/09/2012 11:01:25.5.2 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1461 [GMT 2:00]

Gestart vanuit: c:\users\Dasjka\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-14 to 2012-09-14 ))))))))))))))))))))))))))))))

.

.

2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\UpdatusUser.Dasjka-PC\AppData\Local\temp

2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-13 09:59 . 2012-09-13 09:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-13 09:59 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-12 14:32 . 2012-09-12 14:32 -------- d-----w- c:\programdata\AVAST Software

2012-09-12 13:05 . 2012-09-14 08:07 -------- d-----w- c:\users\Dasjka\AppData\Local\Htc

2012-09-12 13:05 . 2012-09-12 13:05 -------- d-----w- c:\users\Dasjka\AppData\Roaming\HTC

2012-09-12 11:54 . 2012-09-12 11:54 -------- d-----w- c:\programdata\PCSettings

2012-09-11 09:33 . 2012-09-11 09:43 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard

2012-09-11 09:28 . 2012-09-11 09:43 -------- d-----w- c:\users\Dasjka\AppData\Local\NPE

2012-09-08 13:18 . 2012-09-11 08:35 -------- d-----w- c:\program files (x86)\SweetIM

2012-09-08 13:18 . 2012-09-08 13:18 -------- d-----w- c:\programdata\SweetIM

2012-08-27 17:08 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\YourFileDownloader

2012-08-27 17:08 . 2012-08-27 17:08 -------- d-----w- c:\users\Dasjka\AppData\Roaming\YourFileDownloader

2012-08-27 11:49 . 2012-09-13 08:13 -------- d-----w- c:\users\Dasjka\bureaublad

2012-08-27 11:10 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\uTorrent

2012-08-27 10:55 . 2012-09-13 10:02 -------- d-----w- c:\programdata\OptimizerPro1

2012-08-27 10:53 . 2012-09-13 08:14 -------- d-----w- c:\programdata\InstallMate

2012-08-26 23:11 . 2012-08-26 23:11 -------- d-----w- c:\program files (x86)\Gophoto.it

2012-08-26 22:46 . 2012-09-14 08:08 -------- d-----w- c:\users\Dasjka\AppData\Roaming\uTorrent

2012-08-26 22:44 . 2012-08-26 22:45 -------- d-----w- c:\users\Dasjka\AppData\Roaming\.Tribler

2012-08-26 22:31 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\smartdl

2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe

2012-08-17 21:03 . 2012-08-17 21:03 -------- d-----w- C:\found.004

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 08:13 . 2012-01-04 13:47 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-14 22:29 . 2012-07-29 08:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-14 22:29 . 2012-02-11 09:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 18:15 . 2012-08-14 20:57 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 22:16 . 2012-08-14 20:57 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-14 20:57 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-14 20:57 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-14 20:57 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-07-03 18:56 . 2012-07-03 18:56 73728 ----a-w- c:\windows\SysWow64\afasrv64.exe

2012-06-29 04:55 . 2012-08-15 08:17 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-29 04:09 . 2012-08-15 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-29 04:01 . 2012-06-29 04:01 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-06-29 03:56 . 2012-08-15 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 03:49 . 2012-08-15 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-29 03:49 . 2012-08-15 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 03:48 . 2012-08-15 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 03:47 . 2012-08-15 08:17 237056 ----a-w- c:\windows\system32\url.dll

2012-06-29 03:45 . 2012-08-15 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-29 03:44 . 2012-08-15 08:17 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-29 03:43 . 2012-08-15 08:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 03:42 . 2012-08-15 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-29 03:40 . 2012-08-15 08:17 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-29 03:39 . 2012-08-15 08:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 03:35 . 2012-08-15 08:17 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-29 00:16 . 2012-08-15 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-29 00:09 . 2012-08-15 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-29 00:08 . 2012-08-15 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 08:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 08:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe

.

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[-] 2012-01-04 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[-] 2012-01-04 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-09-13_15.34.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-09-14 08:36 45182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-14 08:36 45404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-04 14:01 . 2012-09-14 08:36 13886 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2723141858-125272428-662678617-1000_UserData.bin

- 2009-07-14 04:46 . 2012-09-13 15:35 92560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2012-09-14 09:10 92560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-09-13 15:32 . 2012-09-13 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-14 09:07 . 2012-09-14 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-09-13 15:32 . 2012-09-13 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-09-14 09:07 . 2012-09-14 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-11-21 16:48 . 2012-09-13 16:36 701548 c:\windows\system32\perfh013.dat

- 2010-11-21 16:48 . 2012-09-05 07:16 701548 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-09-05 07:16 616032 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-09-13 16:36 616032 c:\windows\system32\perfh009.dat

+ 2010-11-21 16:48 . 2012-09-13 16:36 133580 c:\windows\system32\perfc013.dat

- 2010-11-21 16:48 . 2012-09-05 07:16 133580 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-09-13 16:36 106412 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-09-05 07:16 106412 c:\windows\system32\perfc009.dat

- 2009-07-14 04:45 . 2012-09-13 15:35 7083571 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-09-14 09:10 7083571 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Registry Mechanic"="c:\users\Dasjka\Desktop\rminstall_RevenueWire207_10.0.1.140.exe" [bU]

"Spotify Web Helper"="c:\users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 1192664]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-27 896400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [bU]

"USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 7377920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 HMFAxCore49faa33f15a1ac700ece463855b34160;HMFAxCore49faa33f15a1ac700ece463855b34160;c:\windows\system32\drivers\HMFAxCore49faa33f15a1ac700ece463855b34160.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 60288]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 36368]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe [x]

S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-18 96768]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]

S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 22:29]

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000Core.job

- c:\users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000UA.job

- c:\users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 7377920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 195.130.131.131

FF - ProfilePath - c:\users\Dasjka\AppData\Roaming\Mozilla\Firefox\Profiles\4oxvarww.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2723141858-125272428-662678617-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2723141858-125272428-662678617-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Voltooingstijd: 2012-09-14 11:14:14 - machine werd herstart

ComboFix-quarantined-files.txt 2012-09-14 09:14

ComboFix2.txt 2012-09-13 16:18

.

Pre-Run: 287.978.958.848 bytes beschikbaar

Post-Run: 287.669.080.064 bytes beschikbaar

.

- - End Of File - - 6011D360C04A25C34513540B7FBDE6B3

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files (x86)\SweetIM

c:\programdata\SweetIM

c:\program files (x86)\YourFileDownloader

c:\users\Dasjka\AppData\Roaming\YourFileDownloader

c:\programdata\OptimizerPro1

c:\programdata\InstallMate

C:\found.004

C:\found.003

C:\found.002

C:\found.001

C:\found.000

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USBestCR"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.