vastlopen pc na 60 minuten, help

liesbet

08-12-2012 14:49

Beste mensen,
Sinds ruim een week heb ik last van het volgende probleem.
Mijn PC loopt volledig vast na ongeveer 60 minuten. CTRL-ALT-DEL doet ook niks.
Dit probleem is heel consequent, zowel in de veilige modus, als zonder internet verbinding als gewoon.
Er rest mij dan alleen nog een harde start en dan kan ik weer 60 minuten werken.
Systeem herstel van voor het probleem werkt niet. Krijg de volgende melding:
systeemherstel ka het bestand (C:\) niet uitpakken vanaf het herstelpunt. Er is tijdens Systeemherstel een onbekende fout opgetreden. (0x8000ffff)
in de los van Norton vond ik, dat Norton de volgnede Trojans had opgeruimd en in quarantaine gezet:
Trojan.Zbot removed op 7 november
Trojan.Smoaler removed op dinsdag 11 sepember
en de logfile van Norton betreft de activiteiten op de firewall zien er sinds 30 november ook heel anders uit dan ervoor.
Dus daarom wil ik zeker weten, dat ik niet een of ander kwaadaardig virus of ander eng beest aan boord heb.
Ik heb dus braaf de hele lijst met punten in “Voer dit eerst uit” afgewerkt
en drop hierbij de twee logfiles uit Malware-Anti Malware en Hijackthis.
Kan iemand hier naar kijken en mij vertellen of er een kwaadaardig beest aan boord is ?
alvast bedankt,
Liesbet
—————————————–
Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.1.1000
www.malwarebytes.org
Databaseversie: v2012.12.05.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ZiC :: ZIC-PC
Realtime bescherming: Ingeschakeld
5-12-2012 19:51:27
mbam-log-2012-12-05 (19-51-27).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 205577
Verstreken tijd: 1 minuut/minuten, 4 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
——————-
en HijackThis:
———————
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:23, on 8-12-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\ZiC\Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU “C:\Users\ZiC\AppData\Local\Temp\E_SBE4A.tmp” /EF “HKCU”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 10689 bytes
Ben

08-12-2012 16:38

Hallo,
Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop “Partner Service”
Druk op Enter.
Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete “Partner Service”
Druk op Enter.
Start HijackThis;
Klik met de rechtermuis op het programma Hijackthis en kies voor “Uitvoeren als Administrator”
Kies voor ‘Do a system scan only’.
Selecteer alle regels die hier onder staan.
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing)
O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing) (HKCU)
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.
Herstart je pc.
Plaats hierna een nieuw HijackThis logje.
Gr.Ben
liesbet

08-12-2012 17:02

Hoi Ben,
Dank je wel voor je snelle reactie.
en ik heb je instructies opgevolgd.
Hier bij is de log van Hijackthis na het opschonen en na een herstart:
Liesbet
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:58:06, on 8-12-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\ZiC\Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU “C:\Users\ZiC\AppData\Local\Temp\E_SBE4A.tmp” /EF “HKCU”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 10000 bytes
Ben

08-12-2012 17:15

Hallo,
Download ComboFix van >>Hier<<, tevens kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
Liesbet

08-12-2012 18:10

Hoi Ben,
Hier is het logbestandje van Combofix:
en kan je me ook vertellen van welk beestje/virus/malware je denkt dat ik last heb?
Liesbet
ComboFix 12-12-07.01 - ZiC 08-12-2012 18:01:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.12264.10317
Gestart vanuit: c:\users\ZiC\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-11-08 to 2012-12-08 ))))))))))))))))))))))))))))))
.
.
2012-12-08 17:03 . 2012-12-08 17:03 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-12-08 12:06 . 2012-06-05 07:37 256904 —-a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-12-05 18:51 . 2012-12-05 18:51 ——– d—–w- c:\users\ZiC\AppData\Roaming\Malwarebytes
2012-12-05 18:50 . 2012-12-05 18:50 ——– d—–w- c:\programdata\Malwarebytes
2012-12-05 18:50 . 2012-12-05 18:50 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 18:50 . 2012-09-29 18:54 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 08:17 . 2012-07-26 07:49 2560 —-a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui
2012-11-30 08:17 . 2012-07-26 04:55 785512 —-a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-30 08:17 . 2012-07-26 04:55 54376 —-a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-30 08:17 . 2012-07-26 02:36 9728 —-a-w- c:\windows\system32\Wdfres.dll
2012-11-30 08:14 . 2012-07-26 02:26 87040 —-a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-30 08:14 . 2012-07-26 02:26 198656 —-a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-30 08:14 . 2012-07-26 03:08 229888 —-a-w- c:\windows\system32\WUDFHost.exe
2012-11-30 08:14 . 2012-07-26 03:08 84992 —-a-w- c:\windows\system32\WUDFSvc.dll
2012-11-30 08:14 . 2012-07-26 03:08 744448 —-a-w- c:\windows\system32\WUDFx.dll
2012-11-30 08:14 . 2012-07-26 03:08 45056 —-a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-30 08:14 . 2012-07-26 03:08 194048 —-a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 14:26 . 2012-09-25 22:47 78336 —-a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 14:26 . 2012-09-25 22:46 95744 —-a-w- c:\windows\system32\synceng.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-30 08:14 . 2011-03-14 14:08 66395536 —-a-w- c:\windows\system32\MRT.exe
2012-11-30 07:53 . 2012-04-12 16:43 697272 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-30 07:53 . 2011-07-06 22:29 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 00:47 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 00:47 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 00:47 561664 —-a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 13:32 . 2012-08-25 15:12 477168 —-a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2012-04-15 20:47 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 09:10 2048 —-a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 09:10 2048 —-a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“swg”=“c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
.
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
“CLMLServer”=“c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20121205.001\IDSvia64.sys
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
2012-01-22 16:16 750064 —-a-w- c:\programdata\Partner\Partner64.dll
.
“RTHDVCPL”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“MedionReminder”=“c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe”
.
“MedionReminder”=“c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
“ImagePath”=“\”c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\“ /s \”NIS\“ /m \”c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\“ /prefetch:1”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (2) (LocalSystem)
“Progid”=“ChromeHTML”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-12-08 18:04:35
ComboFix-quarantined-files.txt 2012-12-08 17:04
.
Pre-Run: 69.797.687.296 bytes beschikbaar
Post-Run: 71.012.290.560 bytes beschikbaar
.
- - End Of File - - 7B707831D7B772A3A311578325A037FD
Ben

08-12-2012 18:57

Hallo,
Doe onderstaande:
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
startupall;
filesrcm;
iedefaults;
c:\programdata\Partner;f
Partner Service;s
;r
emptyclsid;
emptyjava;
emptyflash;
emptyiecache;
emptytemp;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
Liesbet

08-12-2012 19:16

Hoi Ben,
Voordat ik zoek.exe had uitgevoerd, was de PC weer een keer vastgelopen. (langer dan 60 minuten aan gestaan.)
dus om nu te testen, of het wat geholpen heeft, zal ik weer eerst minimaal 60 minuten moetn wachten.
ik zal alvast hier het logje posten
en meld me over ander half uur weer, om te melden hoe het dan gaat.
tot dan,
liesbet
Zoek.exe Version 3.0.0.4 Updated 08-December-2012
Tool run by ZiC on za 08-12-2012 at 19:04:58,65.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-10871659-1577587028-1665172156-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partner Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Partner Service deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
“c:\programdata\Partner\debug.log” deleted
“c:\programdata\Partner\Partner.exe” deleted
“c:\programdata\Partner\Partner64.dll” deleted
“c:\programdata\Partner” deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2012-12-08 17:00:33 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2012-12-08 17:00:33 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2012-12-08 17:00:33 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2012-12-08 17:00:33 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2012-12-08 17:00:33 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
====== C:\Users\ZiC\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2012-11-30 08:15:27 2AF2FDFAFEC52085F569AC1C88A4C1FA 73216 —-a-w- C:\Windows\SysWOW64\mshtmled.dll
2012-11-30 08:15:27 00721F540637A42E694C42DDD7A2F002 2382848 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2012-11-30 08:15:26 FC4EE980C3BD87D35816EC55007E00B5 1103872 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2012-11-30 08:15:26 E4966988D2BF90B7A5866401B830FA74 420864 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2012-11-30 08:15:26 70D02070AC871E388654C4622215D589 1427968 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2012-11-30 08:15:26 51E6B19ACFACDBB372003EE016287E82 231936 —-a-w- C:\Windows\SysWOW64\url.dll
2012-11-30 08:15:26 3503F9D68A11DAF4B3AC0270F85726CD 176640 —-a-w- C:\Windows\SysWOW64\ieui.dll
2012-11-30 08:15:26 081F82EDB9B37A0FC60700C0DD96347D 142848 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2012-11-30 08:15:25 9CB0D2A9A77D91D9614355EE9FF00519 1129472 —-a-w- C:\Windows\SysWOW64\wininet.dll
2012-11-30 08:15:25 962C8A3AF8CA4ABF553E367368565335 1800704 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2012-11-30 08:15:25 708B31095F51A8170AA9D4DAF32A1A89 607744 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2012-11-30 08:15:25 58F9A2103EC5DF0F2D77851958AB0124 717824 —-a-w- C:\Windows\SysWOW64\jscript.dll
2012-11-30 08:15:24 8D1BB1E5A033E8817EF94A9047630165 12320768 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2012-11-30 08:15:24 50D09C6DBD5D5E447B284116D1A26F62 65024 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2012-11-30 08:15:24 3178C47DB9F1615E5334029607BD3459 1793024 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2012-11-30 08:15:22 A6B73FCB9496DB101F3066CAF5A7DA4B 9738240 —-a-w- C:\Windows\SysWOW64\ieframe.dll
====== C:\Windows\SysWOW64\drivers =====
2012-12-08 12:06:39 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Windows\SysWOW64\drivers\tmcomm.sys
====== C:\Windows\Sysnative =====
2012-11-30 08:17:53 51DFBD18A435BAEC1F71A692373ECE4F 9728 —-a-w- C:\Windows\Sysnative\Wdfres.dll
2012-11-30 08:15:27 22ADC5B4DFEE3DF09F1424423B43B8A7 2382848 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2012-11-30 08:15:27 0B17E54A477B6EF742D2088D6E9BA5C5 96768 —-a-w- C:\Windows\Sysnative\mshtmled.dll
2012-11-30 08:15:26 FF8CD2FD4356FB411FB14C1EC117C668 237056 —-a-w- C:\Windows\Sysnative\url.dll
2012-11-30 08:15:26 F677FFFD0FF78CE64B2DBFB21BB268DB 2312704 —-a-w- C:\Windows\Sysnative\jscript9.dll
2012-11-30 08:15:26 E519FD2CE6D57062400537C95C3B17FD 1346048 —-a-w- C:\Windows\Sysnative\urlmon.dll
2012-11-30 08:15:26 DE35C7EEE60336A117F4E1E47695BC3A 173056 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2012-11-30 08:15:26 AA03ACA22B693F20F0C6FDAA80DBFC8B 248320 —-a-w- C:\Windows\Sysnative\ieui.dll
2012-11-30 08:15:26 11103CC5A1A78E347BBDDAC564256D1A 1494528 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2012-11-30 08:15:25 F83E66031901DC0DCCE30CBC4265A762 599040 —-a-w- C:\Windows\Sysnative\vbscript.dll
2012-11-30 08:15:25 A19DB004D954BBC9C4EC125711E1D1C2 1392128 —-a-w- C:\Windows\Sysnative\wininet.dll
2012-11-30 08:15:25 66A6C95E11193743FCD4C3A70972860B 816640 —-a-w- C:\Windows\Sysnative\jscript.dll
2012-11-30 08:15:25 641BE9D78EE70D3BD9A7AA40B9C14334 729088 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2012-11-30 08:15:25 1485AF99450A5BDF1E06CF8A178B90D4 85504 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2012-11-30 08:15:24 D25968D163EC487A50C8C6A91D4134B4 2144768 —-a-w- C:\Windows\Sysnative\iertutil.dll
2012-11-30 08:15:23 6D4F838E72EEEB3D6FB16A5A45632560 17811968 —-a-w- C:\Windows\Sysnative\mshtml.dll
2012-11-30 08:15:23 180A7380320AF73CCF7F7D8880CA2193 10925568 —-a-w- C:\Windows\Sysnative\ieframe.dll
2012-11-30 08:14:24 F1617F1014D51987D517A4C37A7C733B 45056 —-a-w- C:\Windows\Sysnative\WUDFCoinstaller.dll
2012-11-30 08:14:24 B20F051B03A966392364C83F009F7D17 84992 —-a-w- C:\Windows\Sysnative\WUDFSvc.dll
2012-11-30 08:14:24 B1DF2D87DC8BF6072699AC8301B37796 194048 —-a-w- C:\Windows\Sysnative\WUDFPlatform.dll
2012-11-30 08:14:24 8ABFE00F213F2571498F1B8FD7939A98 229888 —-a-w- C:\Windows\Sysnative\WUDFHost.exe
2012-11-30 08:14:24 25AE683DCB4AE7E6F1B193A0CB9DB35F 744448 —-a-w- C:\Windows\Sysnative\WUDFx.dll
====== C:\Windows\Sysnative\drivers =====
2012-12-05 18:50:52 A8FE8F2783B2929B56F5370A89356CE9 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2012-11-30 08:17:54 933222B19FF3E7EA5F65517EA1F7D57E 3 —-a-w- C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-30 08:17:53 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 —-a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys
2012-11-30 08:17:53 442783E2CB0DA19873B7A63833FF4CB4 785512 —-a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys
2012-11-30 08:14:25 DDA4CAF29D8C0A297F886BFE561E6659 198656 —-a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys
2012-11-30 08:14:25 AB886378EEB55C6C75B4F2D14B6C869F 87040 —-a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys
2012-11-30 08:14:24 933222B19FF3E7EA5F65517EA1F7D57E 3 —-a-w- C:\Windows\Sysnative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 14:27:04 37608401DFDB388CAF66917F6B2D6FB0 1914248 —-a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2012-11-14 14:27:04 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 —-a-w- C:\Windows\Sysnative\drivers\tcpipreg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\ZiC\AppData\Roaming ======
2012-12-08 17:04:37 ——– d—–w- C:\users\Public\AppData\Local\temp
2012-12-08 17:04:37 ——– d—–w- C:\users\Default\AppData\Local\temp
2012-12-08 17:04:37 ——– d—–w- C:\users\Default User\AppData\Local\temp
2012-12-08 12:09:33 A673D9C5B8526FF3BAC691890995AFB9 170944 —-a-w- C:\users\ZiC\AppData\Local\census.cache
2012-12-08 12:09:29 57415224BD880FD6963318746823138A 81700 —-a-w- C:\users\ZiC\AppData\Local\ars.cache
2012-12-08 12:05:40 AFA64560ADAFD2D6EECCD914B43E3FD0 36 —-a-w- C:\users\ZiC\AppData\Local\housecall.guid.cache
====== C:\Users\ZiC ======
2012-12-08 17:04:37 ——– d—–w- C:\Users\Public\AppData
====== C: exe-files ==
2012-12-08 17:00:33 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2012-12-08 17:00:33 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2012-12-08 17:00:33 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2012-12-08 17:00:33 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2012-12-08 17:00:33 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
2012-12-08 13:29:29 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Users\ZiC\Documents\HijackThis\HijackThis.exe
2012-12-05 18:49:34 1EE6BF9C38EDA7A7F688D28C2BA2DBD8 10669952 —-a-w- C:\Users\ZiC\Downloads\mbam-setup-1.65.1.1000.exe
=== C: other files ==
2012-12-08 12:06:39 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Windows\SysWOW64\drivers\tmcomm.sys
2012-12-05 18:50:52 A8FE8F2783B2929B56F5370A89356CE9 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“IAStorIcon”=“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”
“CLMLServer”=“C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Set IE to Default ======================
Old Values:
“DefaultScope”=“{C0CB3545-DC0D-45CD-AF63-74D0D97C14F9}”
New Values:
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
==== All HKCU SearchScopes ======================
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7”
HKCU\*\SearchScopes\{C0CB3545-DC0D-45CD-AF63-74D0D97C14F9} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_nlNL467”
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ZiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ZiC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ZiC\AppData\Local\Temp successfully emptied
Ben

08-12-2012 19:22

Hallo,
Dit ziet er alvast netjes uit.
We horen het zo wel (tu)
Gr.Ben
Liebset

08-12-2012 20:07

Hoi Ben,
Fijn dat de logjes er goed uitzien.
Maar helaas, mijn PC voelt zich nog steeds ziek, zwak en misselijk.
Nu na 45 minuten liep ie weer vast. Ik heb even gewacht en het scherm sprong eerst op zwart en toen verscheen er heel kort een blauw scherm met een mededeling over een onverwachtte fout.
Hij ging al snel over tot een reboot en bleef hangen met een zwart scherm en de volgende mededeling:
“Reboot and select proper Boot device or Insert boot media in selected Boot device and press a key”
Wat denk je dat ik nu het beste kan doen?
Is het software of hardware?
alvast bedankt voor alle moeite,
Liesbet
fazantje

08-12-2012 20:28

Hoi Liesbet,
Stel zoveel mogelijk veilig wat je wilt bewaren want ik denk dat een onderdeel van jou computer aan het overlijden is.
Ga naar de colega's van het hard- en software prikbord ( zie hier ), en leg daar je vraag neer.
Vertel er bij dat je van hier bent door gestuurd.
Succes,
Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

vastlopen pc na 60 minuten, help

liesbet

Ben

liesbet

Ben

Liesbet

Ben

Liesbet

Ben

Liebset

fazantje