Mededeling

Collapse
No announcement yet.

Trojan.Agent/Gen-Killfiles

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan.Agent/Gen-Killfiles

    Hoi lieve mensen hier,

    Sorry dat ik alweer zo snel een beroep op jullie doe, maar kennelijk val ik momenteel in de prijzen....

    Ik opende een voor mij bekende (bridge)site en gelijk begon de pc te shaken en moeilijk te doen.
    Een scan gedraaid met Malwarebytes, maar die vond niks. Vervolgens vond Superantispyware bovenstaande trojan.

    De DDS volgt hieronder, bij de Gmerscan krijg ik een bluescreen met een crashdump.
    Graag jullie hulp, alvast heel veel dank!


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.45.2
    Run by Ingrid at 18:38:32 on 2013-10-25
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.894.169 [GMT 2:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wAininit.exe
    C:\Windows\system32\lsm.Aexe
    C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\HitmanPro.Alert\hmpalert.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\EMET 4.0\EMET_Agent.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Program Files\Comodo\COMODO Internet Security\cis.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.nu.nl/
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [EMET Agent] "c:\program files\emet 4.0\EMET_agent.exe"
    mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableSecureUIAPath = dword:1
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{1ED079DF-F8E1-4697-9BBF-E2AA44ACA00F} : DHCPNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wot - <Clsid value has no data>
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-4-2 102728]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-24 239168]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-24 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-24 656320]
    R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-10-7 22056]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-7-8 584496]
    R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-6-17 47696]
    R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-6-17 32080]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-10-7 4153784]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-10-22 574272]
    R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2013-7-6 14376]
    R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2013-3-4 45824]
    R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2012-8-11 19712]
    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-7 21504]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2013-3-4 56960]
    R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2012-3-18 72704]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 gupdate1c95be95f058815;Google Update Service (gupdate1c95be95f058815);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 133104]
    S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-10-7 57944]
    S3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2013-7-3 50200]
    S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 131288]
    S3 hcdriver;EHCI Compliance Test Tool Device Driver;c:\windows\system32\drivers\hcdriver.sys [2012-3-23 50688]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    .
    =============== Created Last 30 ================
    .
    2013-10-16 12:37:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-11 10:50:57 -------- d-----w- c:\windows\ERUNT
    2013-10-09 07:07:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2013-10-09 06:58:28 798208 ----a-w- c:\windows\system32\FntCache.dll
    2013-10-09 06:57:54 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-10-09 06:57:50 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-10-09 06:57:49 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-10-09 06:57:49 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-10-09 06:57:49 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-10-09 06:57:46 2050048 ----a-w- c:\windows\system32\win32k.sys
    2013-10-09 06:52:41 532480 ----a-w- c:\windows\system32\comctl32.dll
    2013-10-08 15:07:49 -------- d-----w- c:\users\ingrid\appdata\local\temp
    2013-10-08 15:01:06 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-10-07 09:34:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    .
    ==================== Find3M ====================
    .
    2013-10-09 08:10:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-10-09 08:10:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-24 10:54:03 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2013-09-24 10:54:02 584496 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2013-09-24 10:54:01 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2013-09-24 10:53:51 36000 ----a-w- c:\windows\system32\cmdcsr.dll
    2013-09-24 10:53:51 354240 ----a-w- c:\windows\system32\guard32.dll
    2013-09-24 10:53:35 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
    2013-09-24 10:53:34 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
    2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-19 12:29:29 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2013-09-19 12:25:10 47368 ----a-w- c:\windows\system32\certsentry.dll
    2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-08-07 19:47:24 564312 ----a-w- c:\windows\system32\hmpalert.dll
    2013-08-07 19:47:24 14376 ----a-w- c:\windows\system32\drivers\hmpalert.sys
    2013-08-07 02:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-08-01 03:16:32 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-08-01 02:49:15 37376 ----a-w- c:\windows\system32\cdd.dll
    .
    ============= FINISH: 18:41:08,30 ===============

  • #2
    Download Zoek.zip naar het bureaublad.
    1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
    2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

    • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
      Code:
      Delta;
      emptyclsid;
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults; 
      filesrcm;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Hoi Juisterr,

      Een klein probleempje hier: zoek.exe heeft gedraaid, de pc moest opnieuw opgestart worden, maar ik krijg geen log. Ook niet als ik zoek.exe weer opnieuw opstart....
      Nu zal het ongetwijfeld ergens op de pc staan. Weet jij misschien waar ik het kan vinden?

      Comment


      • #4
        Op je C schijf.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Het was even zoeken, maar ik heb het gevonden.
          Hier de log:


          Zoek.exe Version 4.0.0.5 Updated 26-October-2013
          Tool run by Ingrid on za 26-10-2013 at 6:53:21,96.
          Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86
          Running in: Normal Mode Internet Access Detected
          Launched: C:\Users\Ingrid\Desktop\zoek\zoek.exe [Script inserted]

          ==== System Restore Info ======================

          26-10-2013 7:00:20 Zoek.exe System Restore Point Created Succesfully.

          ==== Empty Folders Check ======================

          C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted successfully
          C:\ProgramData\Oracle deleted successfully
          C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted successfully
          C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357} deleted successfully
          C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
          C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} deleted successfully
          C:\Users\Ingrid\AppData\Roaming\FreshDiagnose deleted successfully
          C:\Users\Ingrid\AppData\Roaming\HpUpdate deleted successfully
          C:\Users\Ingrid\AppData\Roaming\TuneUp Software deleted successfully
          C:\Users\Ingrid\AppData\Local\Ashampoo Photo Optimizer 4 deleted successfully
          C:\Users\Ingrid\AppData\Local\Immunet deleted successfully
          C:\Users\Ingrid\AppData\Local\Secunia PSI deleted successfully

          ==== Deleting CLSID Registry Keys ======================

          HKEY_USERS\S-1-5-21-2793848604-3341979812-2886411711-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully

          ==== Deleting CLSID Registry Values ======================


          ==== Deleting Services ======================


          ==== Deleting Files \ Folders ======================

          C:\ProgramData\Malwarebytes' Anti-Malware (portable) not found
          C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} not found
          C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357} not found
          C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
          C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found
          C:\Windows\system32\appdata deleted

          ==== Files Recently Created / Modified ======================

          ====== C:\Windows ====
          2013-10-25 16:49:23 E899B99B9FA6EE936D5A84DD2DC16B02 180465928 ----a-w- C:\Windows\MEMORY.DMP
          ====== C:\Users\Ingrid\AppData\Local\Temp ====
          ====== Java Cache =====
          2013-10-18 08:46:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Ingrid\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-48bb828f
          ====== C:\Windows\system32 =====
          2013-10-25 07:49:15 03C9023AB0FD959BEDAFEC45AD5266A6 357912 ----a-w- C:\Windows\System32\FNTCACHE.DAT
          2013-10-16 12:52:14 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\Windows\System32\javaws.exe
          2013-10-16 12:50:52 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\Windows\System32\javaw.exe
          2013-10-16 12:50:52 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\Windows\System32\java.exe
          2013-10-16 12:37:38 9BF46C7F21E75FA0BB03AA93368CC66C 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
          ====== C:\Windows\system32\drivers =====
          2013-10-09 06:58:07 988670D8343EF9835FB3659DB71B2EFA 638400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
          2013-10-09 06:57:54 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
          2013-10-09 06:57:50 2AE6BCEBD85D31317E433733DAF25888 197632 ----a-w- C:\Windows\System32\drivers\usbhub.sys
          2013-10-09 06:57:49 FE619ED13CE12F5B43C04E3EA061BBD6 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys
          2013-10-09 06:57:49 D457EBD0C3A8B3A3A144355B5EE91CBC 19456 ----a-w- C:\Windows\System32\drivers\usbohci.sys
          2013-10-09 06:57:49 B09C74A41F26B08149707EA5E7F956C2 226304 ----a-w- C:\Windows\System32\drivers\usbport.sys
          ====== C:\Windows\Tasks ======
          2013-10-13 05:29:32 71DF421D6F6655C4B3294B30AF11AE27 4042 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
          2013-10-13 05:29:32 63E9C1446FB87E8325440EAA70738B12 1046 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
          2013-10-09 06:06:07 1014E45549545B85CB7CB941E4371F98 3474 ----a-w- C:\Windows\system32\Tasks\Google Software Updater
          2013-10-09 06:06:05 6C42C552A47B0C0CFB4614A99FB23B18 924 ----a-w- C:\Windows\Tasks\Google Software Updater.job
          ====== C:\Windows\Temp ======
          ======= C:\Program Files =====
          ======= C: =====
          2013-10-11 10:50:51 32E391D07DFB4E2DFC35003DE88B5AD4 2306 ----a-w- C:\DelFix.txt
          ====== C:\Users\Ingrid\AppData\Roaming ======
          2013-10-25 07:53:43 F2A4662258E4DE6964A3F7DE665D85DF 91440 ----a-w- C:\Users\Ingrid\AppData\Local\GDIPFONTCACHEV1.DAT
          2013-10-08 15:07:49 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
          2013-10-08 15:07:49 -------- d-----w- C:\Users\Public\AppData\Local\temp
          2013-10-08 15:07:49 -------- d-----w- C:\Users\Ingrid\AppData\Local\temp
          2013-10-08 15:07:49 -------- d-----w- C:\Users\Default\AppData\Local\temp
          2013-10-08 15:07:49 -------- d-----w- C:\Users\Default User\AppData\Local\temp
          2013-10-08 15:07:49 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
          ====== C:\Users\Ingrid ======
          2013-10-25 16:43:28 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Ingrid\Desktop\6l4iij1f.exe
          2013-10-25 16:37:49 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Ingrid\Desktop\dds.com
          2013-10-25 16:35:23 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Ingrid\Desktop\Defogger.exe
          2013-10-08 15:07:49 -------- d-----w- C:\Users\Public\AppData
          2013-10-07 13:19:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Ingrid\defogger_reenable
          2013-10-05 04:12:15 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1

          ====== C: exe-files ==
          2013-10-25 16:43:28 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Ingrid\Desktop\6l4iij1f.exe
          2013-10-25 16:35:23 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Ingrid\Desktop\Defogger.exe
          === C: other files ==
          2013-10-25 16:37:49 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Ingrid\Desktop\dds.com

          ==== Firefox Extensions Registry ======================

          [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
          "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [29-03-2013 06:46]

          ==== Chrome Look ======================

          HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
          idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[06-03-2013 03:26]
          nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePluginFor6.crx[22-04-2013 19:02]

          ==== Set IE to Default ======================

          Old Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Start Page"="http://www.nu.nl/"

          New Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Start Page"="http://www.nu.nl/"

          ==== All HKCU SearchScopes ======================

          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
          "DefaultScope"="{05E5AB91-99D9-46D8-B74A-C0C942449E9D}"
          {05E5AB91-99D9-46D8-B74A-C0C942449E9D} Startpage HTTPS - Nederlands Url="https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=nederlands"
          {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
          {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"
          {D8761509-D5AF-4351-9DF2-98E109559E2E} Ixquick - Nederlands Url="http://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=nederlands"

          ==== Reset Google Chrome ======================

          Nothing found to reset

          ==== Empty IE Cache ======================

          C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\Ingrid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
          C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\Ingrid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
          C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
          C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

          ==== Empty FireFox Cache ======================

          No FireFox Profiles found

          ==== Empty Chrome Cache ======================

          No Chrome User Data found

          ==== Empty All Flash Cache ======================

          Flash Cache Emptied Successfully

          ==== Empty All Java Cache ======================

          Java Cache cleared successfully

          Comment


          • #6
            Ja hoor, dit is het, hoe gaat het nu?

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Dat weet ik eigenlijk niet zo goed...

              Ik ben wel geschrokken van dat bluescreen en de crashdump.
              Is dat nu verholpen denk je?

              Comment


              • #8
                Ja daar schrik je van natuurlijk, een bsod kan letterlijk overal door veroorzaakt worden en het is niet altijd duidelijk wat het veroorzaakt.
                Blijft het tot nu toe weg ?

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Ja, tot nu toe niet meer gezien. (het onstond toen de GMERlog net was begonnen)

                  Comment


                  • #10
                    Kijk het even aan!

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      OK Juisterr, doe ik.

                      Als het weer gebeurt geef ik wel een gil.
                      Hartelijk dank weer voor je hulp!

                      Comment


                      • #12
                        Graag gedaan hoor.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Ik neem aan dat je probleem opgelost is.?

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            Ja hoor Juisterr, volgens mij wel.
                            En ook geen bluescreen meer gezien!

                            Nogmaals bedankt!

                            Comment


                            • #15
                              Download Delfix by Xplode naar het bureaublad.

                              Dubbelklik op Delfix.exe om de tool te starten.
                              Zet nu vinkjes voor de volgende items:
                              • Activate UAC
                              • Remove disinfection tools
                              • Create registry backup
                              • Purge System Restore
                              • Reset system settings

                              Klik nu op "Run" en wacht geduldig tot de tool gereed is.
                              Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X