Ga naar inhoud

Na virus werkt flashplayer niet


Aanbevolen berichten

Beste leden van het forum,

Sinds vorige week had een vriendin van mij een zwaar probleem van een virus,

Wat scans gedaan, is verwijdert samen met ene boel geinfecteerde bestanden van drivers etc...

Nu alles geinstaleert zelf al eens combofix gedaan maar er is 1 iets wat maar niet lukt.

Haar flash player werkt niet zoals het hoort, filmpjes op youtube geven geen of groen beeld, geluid werkt wel. herinstaleren lukt niet, telkens het verwijdert is en je wilt filmpje bekijken krijgje 2 seconden flashplayer instaleren en zoef het filmpje is geladen en weer geen beeld...

Heeft iemand ervaring of oplossingen?

hier is de hjk log :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:35:33, on 7/03/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Eline\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Browse2save - {7DAF29BE-BE42-BB1C-96C3-C0DEE10697E0} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Search-NewTab - {B641E041-7ABB-11AC-6DA4-91200525DC05} - C:\ProgramData\Search-NewTab\5120f19f29c16.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eline\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8890 bytes

Mvg Tim,

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: Browse2save - {7DAF29BE-BE42-BB1C-96C3-C0DEE10697E0} - (no file)

O2 - BHO: Search-NewTab - {B641E041-7ABB-11AC-6DA4-91200525DC05} - C:\ProgramData\Search-NewTab\5120f19f29c16.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map :

C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

- - - Updated - - -

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    startupall;
    filesrcm;
    


  • Klik op de knop "Options" en vink nu de onderstaande opties aan.


    • Recently Created
    • Empty Temp Folders
    • Shortcut Fix
    • IE Defaults
    • Reset Hosts
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Ok dit is het logje :

Zoek.exe Version 4.0.0.2 Updated 08-March-2013

Tool run by Eline on za 09/03/2013 at 18:16:01,75.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-618716693-47333609-2372873370-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\BrowseToSave" deleted

"C:\Program Files (x86)\WebSearch" deleted

"C:\Program Files (x86)\PriceGong" deleted

"C:\Users\Eline\AppData\Roaming\OpenCandy" deleted

"C:\ProgramData\RightClick" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Search-NewTab" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-03-07 17:56:54 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-03-07 17:56:54 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-03-07 17:56:54 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-03-07 17:56:54 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-03-07 17:56:54 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-03-04 19:42:39 A117DA4D8BE1DFED5FE195656E4CCE04 598023071 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\Eline\AppData\Local\Temp ====

2013-03-01 20:00:55 A620A735458E04AE0CF471319B6D6E7D 897448 ----a-w- C:\Users\Eline\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

====== C:\Windows\SysWOW64 =====

2013-03-08 17:23:55 D516524130D5755101A7FC9D5464ABA6 691568 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-03-08 17:23:55 AD5E4B3C498DDDE612465E3FA5468EC8 71024 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-03-08 17:14:15 F003B6C8BFD5F675A4DD398D2A8AEB63 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2013-03-04 19:15:51 76A2BD420185B468B6DE89AED1EEAE40 65408 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys

2013-03-04 19:15:51 0A83FFF1AEF6113EF8DCBB32D5014AB1 177672 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys

2013-02-13 12:13:37 B62A953F2BF3922C8764A29C34A22899 1913192 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2013-02-13 12:13:37 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS

====== C:\Windows\Tasks ======

2013-03-08 17:23:56 6254C70DAB59922CB32A7F4F0EBC1E7A 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-03-04 19:58:15 -------- d-----w- C:\Program Files\ATI

2013-02-20 19:41:39 -------- d-----w- C:\Program Files\Microsoft Silverlight

======= C:\Program Files (x86) =====

2013-03-04 19:59:56 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-03-04 19:59:54 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-02-20 19:41:39 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight

======= C: =====

====== C:\Users\Eline\AppData\Roaming ======

2013-03-07 18:09:06 -------- d-----w- C:\users\Eline\AppData\Roaming\TeamViewer

2013-03-07 18:03:47 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-03-07 18:03:47 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-03-07 18:03:47 -------- d-----w- C:\users\Default User\AppData\Local\temp

2013-03-02 20:59:53 30461F6ABD67CB8185B76F4A1B50A0C3 85360 ----a-w- C:\users\Eline\AppData\Local\GDIPFONTCACHEV1.DAT

2013-02-24 15:39:16 -------- d-----w- C:\users\Eline\AppData\Locallow\Simple Adblock

2013-02-17 15:07:12 -------- d-----w- C:\users\Eline\AppData\Local\Google

2013-02-10 20:31:39 -------- d-----w- C:\users\Eline\AppData\Local\Activision

2013-02-07 18:40:44 -------- d-----w- C:\users\Eline\AppData\Roaming\Advanced Chemistry Development

====== C:\Users\Eline ======

2013-03-07 18:03:47 -------- d-----w- C:\Users\Public\AppData

2013-03-04 20:00:00 -------- d-----w- C:\ProgramData\ATI

2013-02-17 15:22:30 -------- d-----w- C:\ProgramData\TEMP

2013-02-07 18:42:15 -------- d-----w- C:\ProgramData\Advanced Chemistry Development

====== C: exe-files ==

2013-03-08 17:50:09 8AACF49DC9CB10096357B9A859B5609A 53248 ----a-w- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\fetchsymbols.exe

2013-03-08 17:23:55 D516524130D5755101A7FC9D5464ABA6 691568 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-03-07 18:26:05 06CBCFB4055AEE9B06B4139CD66C8F77 701808 ----a-w- C:\Users\Eline\Downloads\uninstall_flash_player.exe

2013-03-07 18:20:52 01A26D7E991E53515E90B3010C3F66D8 27640048 ----a-w- C:\Users\Eline\Downloads\media.player.codec.pack.v4.2.5.setup.exe

2013-03-07 17:56:54 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-03-07 17:56:54 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-03-07 17:56:54 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-03-07 17:56:54 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-03-07 17:56:54 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-03-04 19:53:26 6E3E13F59D9A6631B81D7E574044E656 153548912 ----a-w- C:\Users\Eline\Downloads\13-1_vista_win7_win8_64_dd_ccc_whql.exe

=== C: other files ==

2013-03-08 21:32:04 22AA668155C6DD6CBAF308AE5FAFF215 10025 ----a-w- C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V00E1M3K\classic[1].zip

2013-03-04 19:15:51 76A2BD420185B468B6DE89AED1EEAE40 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-03-04 19:15:51 0A83FFF1AEF6113EF8DCBB32D5014AB1 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-618716693-47333609-2372873370-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAEMON Tools Lite"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarenaPlus]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GarenaPlus"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Garena Plus\\GarenaMessenger.exe\" -autolaunch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWS]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LWS"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SDTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/03/2013 18:23]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.4\pricegong.crx[]

Browse2save - Eline - Default\Extensions\gokmoamiegopiooihhdmodghiakcfdbf

Search-NewTab - Eline - Default\Extensions\ojebhdfjnfnhcilgppmjpenombfooana

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Search"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="Search"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Yahoo Url="{searchTerms} - Yahoo!-Zoekresultaten"

{32C7AE05-1FB6-4d60-A0EB-707A3B5A7B42} Google Url="{searchTerms - Google zoeken}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== shortcuts on Users Desktops ======================

C:\Users\Eline\Desktop\Crysis2.lnk - C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\avast Free Antivirus.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\3D Viewer.lnk - C:\ACDFREE12\SHOW3D.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\ChemBasic.lnk - C:\ACDFREE12\CBEDIT.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\ChemSketch.lnk - C:\ACDFREE12\CHEMSK.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\CHNMR Viewer.lnk - C:\ACDFREE12\CHNMRVIEW.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\3D Viewer User's Guide.lnk - C:\ACDFREE12\DOCS\3D.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\ChemBasic User's Guide.lnk - C:\ACDFREE12\DOCS\CHEMBAS.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\ChemSketch Reference Manual.lnk - C:\ACDFREE12\DOCS\CHEMSK_R.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\ChemSketch Tutorial.lnk - C:\ACDFREE12\DOCS\CHEMSK_T.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\Database Forms Manager User's Guide.lnk - C:\ACDFREE12\DOCS\FORMSMAN.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\I-Lab via ChemSketch User's Guide.lnk - C:\ACDFREE12\DOCS\ILAB.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\IUPAC Recommendations for Drawing of Stereoisomers.lnk - C:\ACDFREE12\DOCS\IUPAC_STEREO.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\GUIDES\Web Search Add-on User's Guide.lnk - C:\ACDFREE12\DOCS\CS_WSRCH.PDF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\INSTALL\Install ChemBasic Goodies.lnk - C:\ACDFREE12\CBINSTAL.EXE EXAMPLES\CHEMBAS\GOODIES\CBINSTAL.INF

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0\Uninstall\Uninstall ACD Labs Software.lnk - C:\ACDFREE12\setup\SETUP.EXE -uninstall

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Free Antivirus.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crysis® 2.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow Audio.lnk - C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\ffdshow.ax,configureAudio

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow DXVA Configuration.lnk - C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\ffdshow.ax,configureDXVA

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow VFW.lnk - C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\ff_vfw.dll,configureVFW

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow Video Configuration.lnk - C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\ffdshow.ax,configure

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow x64 Audio.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow x64 DXVA Configuration.lnk - C:\Windows\System32\rundll32.exe C:\Windows\system32\ffdshow.ax,configureDXVA

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow x64 VFW.lnk - C:\Windows\System32\rundll32.exe C:\Windows\system32\ff_vfw.dll,configureVFW

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\ffdshow x64 Video Configuration.lnk - C:\Windows\System32\rundll32.exe C:\Windows\system32\ffdshow.ax,configure

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\Haali Splitter Config.lnk - C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\splitter.ax,Configure

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\LAV Audio Configuration.lnk - C:\Windows\system32\rundll32.exe LAVAudio.ax,OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\LAV Splitter Configuration.lnk - C:\Windows\system32\rundll32.exe LAVSplitter.ax,OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\LAV Video Configuration.lnk - C:\Windows\system32\rundll32.exe LAVVideo.ax,OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\LAV x64 Audio Configuration.lnk - C:\Windows\System32\rundll32.exe C:\Windows\system32\LAVAudio.ax,OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\LAV x64 Splitter Configuration.lnk - C:\Windows\System32\rundll32.exe C:\Windows\system32\LAVSplitter.ax,OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\LAV x64 Video Configuration.lnk - C:\Windows\System32\rundll32.exe C:\Windows\system32\LAVVideo.ax,OpenConfiguration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\Uninstall.lnk - C:\Windows\System32\C2MP\Uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\VSFilter Config.lnk - C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\vsfilter.dll,DirectVobSub

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\VSFilter x64 Config.lnk - C:\Windows\System32\rundll32.exe C:\Windows\system32\vsfilter.dll,DirectVobSub

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\Helpful Resources\How to play unusual files.lnk - C:\Windows\SysWOW64\C2MP\doc_open_with.pdf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab\Search-NewTab.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-NewTab\Uninstall.lnk - C:\ProgramData\Search-NewTab\uninstall.exe /path=C:\ProgramData\Search-NewTab

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMUT22CM will be deleted at reboot

C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JR2GO0UG will be deleted at reboot

C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V00E1M3K will be deleted at reboot

C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WATT9BAD will be deleted at reboot

C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQSEHLPB will be deleted at reboot

C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Eline\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMUT22CM" not found

"C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JR2GO0UG" not found

"C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V00E1M3K" not found

"C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WATT9BAD" not found

"C:\Users\Eline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQSEHLPB" not found

Tim,

Link naar reactie
Delen op andere sites

  • 2 weken later...
Ik had het even over het hoofd gezien maar ik zie nu dat je Combofix al gebruikt hebt ( zonder begeleiding van een analist nooit verstandig) en zou ik daar de uitslag ook van mogen vragen ?

Beste,

Eerst sorry voor het latere antwoord, het was een drukke periode.

Combofix is gebruikt, ik heb hier al reeds gnoeg ervaringen voor correct te gebruiken.

Combofix heeft zoals verwacht geen problemen gevonden.

Het probleem is ondertussen nog steeds niet verandert

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.