Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

  • Reacties 27
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Geplaatst:

ComboFix 12-07-21.01 - dirk 23/07/2012 13:20:13.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2429.1314 [GMT 2:00]

Gestart vanuit: c:\users\dirk\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2 .lnk

c:\windows\system32\drivers\etc\hosts.ics

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-23 to 2012-07-23 ))))))))))))))))))))))))))))))

.

.

2012-07-23 11:54 . 2012-07-23 11:54 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-07-23 11:54 . 2012-07-23 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-23 10:24 . 2012-07-23 10:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22C6C561-A12F-4E0C-9E8C-B7A0B8122703}\offreg.dll

2012-07-20 14:03 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22C6C561-A12F-4E0C-9E8C-B7A0B8122703}\mpengine.dll

2012-07-19 14:47 . 2012-07-19 14:47 -------- d-----w- c:\program files\Hewlett-Packard

2012-07-19 14:47 . 2012-07-19 14:47 -------- d-----w- c:\program files\HP Photo Creations

2012-07-19 14:47 . 2012-07-19 14:47 -------- d-----w- c:\programdata\HP Photo Creations

2012-07-19 14:46 . 2012-07-19 14:46 -------- d-----w- c:\users\dirk\AppData\Roaming\HpUpdate

2012-07-19 14:45 . 2011-06-08 16:06 544616 ------w- c:\windows\system32\HPDiscoPMa211.dll

2012-07-19 14:40 . 2012-07-19 14:40 -------- d-----w- c:\programdata\HP

2012-07-19 14:40 . 2012-07-19 14:46 -------- d-----w- c:\program files\HP

2012-07-19 14:39 . 2012-07-19 14:52 -------- d-----w- c:\users\dirk\AppData\Local\HP

2012-07-13 01:44 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 08:44 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-12 08:44 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-12 08:44 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-12 08:44 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-12 08:44 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-12 08:44 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-09 14:12 . 2012-07-09 14:12 -------- d-----w- c:\program files\iPod

2012-07-09 14:12 . 2012-07-09 14:16 -------- d-----w- c:\program files\iTunes

2012-07-05 18:54 . 2012-07-05 18:54 -------- d-----w- c:\users\dirk\AppData\Local\Scansoft

2012-07-05 18:11 . 2012-07-05 18:11 -------- d-----w- c:\program files\Nuance

2012-07-05 18:09 . 2012-07-05 18:09 -------- d-----w- c:\programdata\InstallShield

2012-07-05 18:06 . 2012-07-05 18:06 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2012-07-05 18:06 . 2012-07-05 18:06 -------- d-----w- c:\program files\ScanSoft

2012-07-05 18:06 . 2012-07-05 18:10 -------- d-----w- c:\programdata\ScanSoft

2012-07-05 17:57 . 2012-07-05 17:57 -------- d-----r- c:\users\dirk\AppData\Roaming\Brother

2012-07-05 17:51 . 2012-07-05 17:51 -------- d-----w- c:\programdata\Brother

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 11:46 . 2010-10-14 07:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-21 05:42 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 05:42 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 05:41 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 05:41 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 05:42 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 05:42 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 05:41 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-21 05:41 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-21 05:41 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-03-05 19:10 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-01 14:03 . 2012-06-14 10:24 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-17 16:02 . 2012-05-22 20:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-06-12 13:49 . 2010-06-12 13:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-19 68856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-12 30192]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]

"Skytel"="Skytel.exe" [2008-09-19 1833504]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]

"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2009-07-01 5668864]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SANTIS USB and PC Card Utility.lnk - c:\program files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-4-2 491520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 21:59]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 21:59]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773876927-1981744324-3705480347-1000Core.job

- c:\users\dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 21:59]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773876927-1981744324-3705480347-1000UA.job

- c:\users\dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 21:59]

.

2012-07-23 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{E50DD964-1464-4ED5-AF0E-326454107249}.job

- c:\windows\system32\msfeedssync.exe [2012-03-09 06:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0210&m=aspire_8530

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.36\AMVConverter\grab.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 195.130.130.131 195.130.131.131

FF - ProfilePath - c:\users\dirk\AppData\Roaming\Mozilla\Firefox\Profiles\3ukzxx1s.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.bearshare.com//web?src=ffb&appid=44&systemid=2&sr=0&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-23 13:55

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-07-23 14:05:46

ComboFix-quarantined-files.txt 2012-07-23 12:05

ComboFix2.txt 2010-10-31 08:48

.

Pre-Run: 176.404.217.856 bytes beschikbaar

Post-Run: 178.447.175.680 bytes beschikbaar

.

- - End Of File - - C9675B553279B3737239670FA6655EDC

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

Firefox::

FF - ProfilePath - c:\users\dirk\AppData\Roaming\Mozilla\Firefox\Profiles\3ukzxx1s.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Geplaatst:

ComboFix 12-07-21.01 - dirk 23/07/2012 19:33:53.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2429.1158 [GMT 2:00]

Gestart vanuit: c:\users\dirk\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\dirk\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-23 to 2012-07-23 ))))))))))))))))))))))))))))))

.

.

2012-07-23 18:00 . 2012-07-23 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-07-23 18:00 . 2012-07-23 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-20 14:03 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22C6C561-A12F-4E0C-9E8C-B7A0B8122703}\mpengine.dll

2012-07-19 14:47 . 2012-07-19 14:47 -------- d-----w- c:\program files\Hewlett-Packard

2012-07-19 14:47 . 2012-07-19 14:47 -------- d-----w- c:\program files\HP Photo Creations

2012-07-19 14:47 . 2012-07-19 14:47 -------- d-----w- c:\programdata\HP Photo Creations

2012-07-19 14:46 . 2012-07-19 14:46 -------- d-----w- c:\users\dirk\AppData\Roaming\HpUpdate

2012-07-19 14:45 . 2011-06-08 16:06 544616 ------w- c:\windows\system32\HPDiscoPMa211.dll

2012-07-19 14:40 . 2012-07-19 14:40 -------- d-----w- c:\programdata\HP

2012-07-19 14:40 . 2012-07-19 14:46 -------- d-----w- c:\program files\HP

2012-07-19 14:39 . 2012-07-19 14:52 -------- d-----w- c:\users\dirk\AppData\Local\HP

2012-07-13 01:44 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 08:44 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-12 08:44 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-12 08:44 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-12 08:44 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-12 08:44 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-12 08:44 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-09 14:12 . 2012-07-09 14:12 -------- d-----w- c:\program files\iPod

2012-07-09 14:12 . 2012-07-09 14:16 -------- d-----w- c:\program files\iTunes

2012-07-05 18:54 . 2012-07-05 18:54 -------- d-----w- c:\users\dirk\AppData\Local\Scansoft

2012-07-05 18:11 . 2012-07-05 18:11 -------- d-----w- c:\program files\Nuance

2012-07-05 18:09 . 2012-07-05 18:09 -------- d-----w- c:\programdata\InstallShield

2012-07-05 18:06 . 2012-07-05 18:06 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2012-07-05 18:06 . 2012-07-05 18:06 -------- d-----w- c:\program files\ScanSoft

2012-07-05 18:06 . 2012-07-05 18:10 -------- d-----w- c:\programdata\ScanSoft

2012-07-05 17:57 . 2012-07-05 17:57 -------- d-----r- c:\users\dirk\AppData\Roaming\Brother

2012-07-05 17:51 . 2012-07-05 17:51 -------- d-----w- c:\programdata\Brother

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 11:46 . 2010-10-14 07:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-21 05:42 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 05:42 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 05:41 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 05:41 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 05:42 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 05:42 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 05:41 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-21 05:41 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-21 05:41 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-03-05 19:10 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-01 14:03 . 2012-06-14 10:24 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-17 16:02 . 2012-05-22 20:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-06-12 13:49 . 2010-06-12 13:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-19 68856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-12 30192]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]

"Skytel"="Skytel.exe" [2008-09-19 1833504]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]

"NoteBurner"="c:\program files\NoteBurner\VTBurnerGUI.exe" [2009-07-01 5668864]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SANTIS USB and PC Card Utility.lnk - c:\program files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-4-2 491520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 21:59]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 21:59]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773876927-1981744324-3705480347-1000Core.job

- c:\users\dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 21:59]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773876927-1981744324-3705480347-1000UA.job

- c:\users\dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 21:59]

.

2012-07-23 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{E50DD964-1464-4ED5-AF0E-326454107249}.job

- c:\windows\system32\msfeedssync.exe [2012-03-09 06:37]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0210&m=aspire_8530

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.36\AMVConverter\grab.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 195.130.130.131 195.130.131.131

FF - ProfilePath - c:\users\dirk\AppData\Roaming\Mozilla\Firefox\Profiles\3ukzxx1s.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-23 20:00

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-07-23 20:08:13

ComboFix-quarantined-files.txt 2012-07-23 18:08

ComboFix2.txt 2012-07-23 12:05

ComboFix3.txt 2010-10-31 08:48

.

Pre-Run: 176.927.027.200 bytes beschikbaar

Post-Run: 176.891.654.144 bytes beschikbaar

.

- - End Of File - - 092620BE7610EA4E9C11EC3EFA07EEA2

Geplaatst:

Ziet er prima uit ... malware als oorzaak mag je nu wel uitsluiten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Geplaatst:

Moeilijk te achterhalen wat de exacte oorzaak van de problemen was. Dus kunnen ook maar "algemene" adviezen gegeven worden om problemen te voorkomen. En dan zijn vooral "kritisch" internetgebruik en het constant updaten van de gebruikte programma's de eerste suggesties.

Geplaatst:

om de een of andere reden kan ik mijn bureaubladafbeelding niet veranderen, het was gisteren verdwenen na al dat scannen en toen ik het wilde herstellen ging het niet meer, ook niet als ik een andere foto probeer. Enig idee, want het is vreemd... dank je voor alle moeite.

Geplaatst:

Download Unhide.exe naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.

  • Dubbelklik op "Unhide.exe" om de tool te starten.
  • Let op!!! Windows Vista & 7 gebruikers dienen "Unhide.exe" als administrator uit te voeren "Rechtermuisknop uitvoeren als administrator",
  • Wacht rustig af totdat de tool gereed is en doe in de tussentijd verder niets op de computer.
  • Als de tool gereed is krijgt u het onderstaande scherm te zien, met de melding "Your files should now be visible"
    • 4d9d78e700801-unhide..jpg

    [*] Vermeld in uw volgende bericht of u deze melding heeft gekregen.

Geplaatst: (aangepast)

Dit is het logje en daaronder zie je een printscreen:

Unhide by Lawrence Abrams (Grinler)

Bleeping Computer - Computer Help and Discussion

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

Unhide.exe - A introduction as to what this program does

Program started at: 07/24/2012 05:23:32 PM

Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 211885 files processed.

Processing the D:\ drive

Finished processing the D:\ drive. 263 files processed.

Processing the G:\ drive

Finished processing the G:\ drive. 2578 files processed.

The C:\Users\dirk\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: Unhide.exe - A introduction as to what this program does

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 07/24/2012 05:35:48 PM

Execution time: 0 hours(s), 12 minute(s), and 15 seconds(s)

aangepast door kape
printscreen mislukt

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.