Documenten weg

Skylinertje · 4 november 2012

2 dagen terug had ik een probleem op de computer. Bij Internet Explorer zei hij steeds dat er een fout was opgekomen en dat hij explorer terug moest herstarten.

Gisteren deed ik een scan, eerst met AVG, daarna met Spyware doctor. Ze gaven beiden infecties aan. Er zaten infecties in mijn services.exe, wat uiteraard totaal niet ok is. Ze konden deze ook niet zomaar verwijderen of terug in orde brengen. Er waren ook nog enkele andere infecties, maar dit konden ze grotendeels oplossen.

Uiteindelijk deed ik nog Malwarebytes' Anti-Malware (MBAM).

Omdat AVG een trial was, heb ik deze terug verwijderd (op de goede manier via configuratiescherm).

Na dit alles en opnieuw opstarten, is er iets heel raar gebeurd. Mijn documenten zijn weg.... outlook kan ik niet meer openen omdat hij het pst bestand niet vindt, dit staat onder die map van Mijn documenten. MAAR: mijn muziek, mijn afbeeldingen, ... staan wel allemaal nog op de pc.

Het is nu echt wel een ramp, want het was jammer genoeg effe geleden dat ik nog een backup had uitgevoerd. Er staat heel veel belangrijke info die ik nodig heb. Ben dus echt wel in paniek.

Heb al systeemherstel proberen doen van donderdag, maar dit doet hij niet. Hij doet het herstel zoals het zou moeten, pc start dan terug op en dan geeft hij foutmelding. Dit komt wellicht doordat er die infectie in die services. exe zit.

Heeft iemand een oplossing?

Zal ik mijn documenten effectief allemaal kwijt zijn, waarvoor ik echt vrees...?

Graag enige hulp aub en hopelijk wat goed nieuws.

Ik weet niet of die Combofix en zo een oplossing kan bieden...?

Bedankt

kape · 5 november 2012

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Skylinertje · 13 november 2012

Tool is vastgelopen.

Kan dit niet opnieuw doen.

Blijft steeds halverwege hangen.

kape · 14 november 2012

Verwijder de huidige tool via Combofix /Uninstall (let op de spatie vóór de /), download een nieuwe versie en laat het scannen in "veilige modus".

Skylinertje · 14 november 2012

ComboFix 12-11-13.02 - <Naam> 2012-11-14 12:55:26.1.8 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6127.4544 [GMT 1:00]

Gestart vanuit: c:\users\Naam\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\StartSearch plugin

C:\Thumbs.db

c:\users\Naam\AppData\Local\assembly\tmp

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\@

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\L\00000004.@

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\L\201d3dde

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\U\00000004.@

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\U\00000008.@

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\U\000000cb.@

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\U\80000000.@

c:\windows\Installer\{dd0bd7b0-a732-9892-fd78-617160c2080d}\U\80000064.@

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))

.

2012-11-14 12:04 . 2012-11-14 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-03 13:01 . 2012-11-03 13:01 -------- d-----w- c:\users\Naam\AppData\Roaming\Malwarebytes

2012-11-03 13:01 . 2012-11-03 13:01 -------- d-----w- c:\programdata\Malwarebytes

2012-11-03 13:01 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-03 13:01 . 2012-11-10 23:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-03 11:30 . 2012-06-22 13:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2012-11-03 11:30 . 2012-06-22 13:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2012-11-03 11:30 . 2012-06-22 13:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2012-11-03 11:11 . 2012-06-22 10:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys

2012-11-03 11:08 . 2012-06-22 14:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-11-03 11:08 . 2012-11-03 11:30 -------- d-----w- c:\programdata\PC Tools

2012-11-03 11:08 . 2012-11-03 11:08 -------- d-----w- c:\users\Naam\AppData\Roaming\TestApp

2012-11-03 10:54 . 2012-11-03 10:54 -------- d-----w- c:\users\Naam\AppData\Roaming\TuneUp Software

2012-11-03 10:49 . 2012-11-03 15:16 -------- d-----w- c:\programdata\MFAData

2012-11-03 10:49 . 2012-11-03 13:38 -------- d-----w- c:\users\Naam\AppData\Local\Avg2013

2012-11-03 10:49 . 2012-11-03 10:49 -------- d-----w- c:\users\Naam\AppData\Local\MFAData

2012-11-03 10:32 . 2012-11-03 10:32 -------- d-----w- c:\users\Naam\AppData\Roaming\Fighters

2012-11-03 10:32 . 2012-11-03 10:32 -------- d-----w- c:\programdata\Fighters

2012-11-03 10:32 . 2012-11-03 10:32 -------- d-----w- c:\program files\Fighters

2012-11-03 10:32 . 2012-11-03 10:32 -------- d-----w- c:\program files (x86)\Fighters

2012-11-03 10:26 . 2012-11-03 10:34 -------- d-----w- c:\users\Naam\AppData\Roaming\Systweak

2012-11-03 10:26 . 2012-09-21 11:05 17080 ----a-w- c:\windows\system32\roboot64.exe

2012-11-02 12:44 . 2012-11-02 12:44 22064 ----a-w- c:\windows\DCEBoot64.exe

2012-10-29 16:22 . 2012-11-02 10:18 -------- d-----w- c:\program files (x86)\CD & DVD Label Maker

2012-10-29 16:19 . 2012-10-29 16:19 -------- d-----w- c:\program files\Microsoft Silverlight

2012-10-29 16:19 . 2012-10-29 16:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-10-29 16:19 . 2012-11-02 10:07 -------- d-----w- c:\programdata\Tarma Installer

2012-10-29 16:10 . 2012-10-29 17:23 -------- d-----w- c:\programdata\NCH Software

2012-10-29 16:10 . 2012-10-29 20:26 -------- d-----w- c:\program files (x86)\NCH Software

2012-10-29 16:10 . 2012-10-29 16:10 -------- d-----w- c:\users\Naam\AppData\Roaming\NCH Software

2012-10-28 11:46 . 2012-10-28 11:46 -------- d-----w- c:\users\Naam\AppData\Local\TimeParadox

2012-10-23 18:06 . 2012-10-23 18:06 -------- d-----w- c:\program files (x86)\Common Files\Java

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-10 14:45 . 2011-07-12 02:46 287303 ----a-w- C:\DUMP41df.tmp

2012-10-10 11:26 . 2012-04-01 09:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-10 11:26 . 2011-07-19 08:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-24 13:32 . 2012-09-08 10:52 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2011-10-15 09:44 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-21 11:01 . 2012-10-08 15:27 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 11:01 . 2011-07-16 18:41 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 11:01 . 2011-07-16 18:41 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2011-06-29 1937736]

.

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-15 39408]

"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-23 98304]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-07-21 44672]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-14 1255736]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-01 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]

S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]

S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]

S3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - PCTSDInjDriver64

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:26]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 09:25]

.

2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 09:25]

.

2012-11-13 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-05-29 11:22]

.

2012-11-13 c:\windows\Tasks\HPCeeScheduleForNaam.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-11-12 c:\windows\Tasks\HPCeeScheduleForNaam-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-11-14 c:\windows\Tasks\SLOW-PCfighter64-Naam-Notification.job

- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2012-03-02 16:07]

.

2012-11-14 c:\windows\Tasks\SLOW-PCfighter64-Naam-Startup.job

- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2012-03-02 16:07]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-08-15 37888]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-27 489472]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.nieuwsblad.be/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Naam\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9wqm.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - www.sporting.be

FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=9fcabc6b-1860-11e1-a5bc-e069958c83f8&q=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-10-23 20:06; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-03 12:11; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files (x86)\PC Tools\PC Tools Security\BDT\Firefox

FF - ExtSQL: !HIDDEN! 2011-07-15 11:58; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS VERWIJDERD - - - -

.

BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

Toolbar-10 - (no file)

Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-MsMpSvc

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\PC Tools\PC Tools Security\pctsSvc.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe

c:\progra~2\COMMON~1\Nokia\MPLATF~1\NOKIAM~1.EXE

c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-11-14 13:37:58 - machine werd herstart

ComboFix-quarantined-files.txt 2012-11-14 12:37

.

Pre-Run: 1 153 013 215 232 bytes beschikbaar

Post-Run: 1 158 582 824 960 bytes beschikbaar

.

- - End Of File - - 1E61AD07C76597059E30EC341C96E8BE

PS: Ik heb overal waar mijn echte naam stond (naam van computer en gebruiker ook mijn echte naam) veranderd in Naam.

Skylinertje · 14 november 2012

Ik heb dat dus uitgevoerd.

Moest weg en wilde mijn pc afsluiten. 2 updates te installeren.

we zijn ondertussen meer dan 5 uur verder en het is nog steeds: update 2 van 2 installeren.

Da's toch niet normaal?

Ik zie wel dat pc nog steeds bezig is, is niet vastgelopen of zo. Kan ik mijn pc nu "abrupt" stoppen, want ik weet niet of ik hierop moet blijven wachten.... is echt al meer dan 5 uur.

kape · 15 november 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\DUMP41df.tmp

Folder::

c:\programdata\Tarma Installer

Firefox::

FF - ProfilePath - c:\users\Naam\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9wqm.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Skylinertje · 15 november 2012

ComboFix 12-11-14.01 - Naam 2012-11-15 10:06:08.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6127.3516 [GMT 1:00]

Gestart vanuit: c:\users\Naam\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Naam\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\DUMP41df.tmp"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . konden niet verwijderd worden

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . konden niet verwijderd worden

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))

.

2012-11-15 09:40 . 2012-11-15 09:40 -------- d-----w- c:\windows\SysWow64\WCID

2012-11-15 09:27 . 2012-11-15 09:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-14 14:34 . 2012-08-07 15:18 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFAEBA77-C190-407D-9569-C96350A4BAA8}\gapaengine.dll

2012-11-14 14:34 . 2012-11-14 14:34 -------- d-----w- C:\f3513152111646150af7f67f

2012-11-14 14:32 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBB3029F-941E-4CCC-97F2-56161CD165FE}\mpengine.dll

2012-11-14 14:19 . 2012-11-14 14:19 -------- d-----w- C:\fbf4e4962b869f12765b4055

2012-11-14 14:19 . 2012-11-14 14:19 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-11-14 14:19 . 2012-11-14 14:19 -------- d-----r- c:\program files (x86)\Skype