Windows loopt vast

Qbez · 22 juni 2012

Blijkbaar te vroeg gejuicht, alles loopt toch weer vast.

Chrome blokkeert volledig na 5min, programma's zoals itunes of games reageren nog steeds niet

of zorgen ervoor dat de pc volledig vastloopt terwijl deze opstarten...

kape · 22 juni 2012

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Qbez · 22 juni 2012

Heb nu een volledig zwart scherm tijdens het opstarten van pc in normale modus. Enkel de muis is nog te zien op het beeld..

---------- Post toegevoegd om 08:18 ---------- Vorige post was om 08:04 ----------

Heb nu een volledig zwart scherm tijdens het opstarten van pc in normale modus. Enkel de muis is nog te zien op het beeld..

dit was voor ik je bovenstaand bericht gelezen heb, nu vind ik het wel niet om mijn avast uit te zetten

Qbez · 22 juni 2012

aub

ComboFix 12-06-21.03 - Jeroen 22/06/2012 8:28.2.4 - x86 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3053.2483 [GMT 2:00]

Gestart vanuit: c:\users\Jeroen\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini

c:\users\Jeroen\AppData\Roaming\Local

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\434317217876_12936.mp4.ddr

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\434317217876_12936.mp4

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\x59ioq.mp4(2).ddp

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\x59ioq.mp4.ddp

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xdib1w.mp4

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xdib1w.mp4(2).ddp

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xdib1w.mp4.ddp

c:\users\Jeroen\AppData\Roaming\Local\Temp\DDM\Settings\xdib1w.mp4.ddr

D:\install.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))

.

2012-06-22 06:36 . 2012-06-22 06:36 -------- d-----w- c:\users\Jeroen\AppData\Local\temp

2012-06-22 06:36 . 2012-06-22 06:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-22 06:16 . 2012-06-22 06:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12267894-2C70-4BBB-84CB-3DDB92251974}\offreg.dll

2012-06-22 05:34 . 2012-06-22 05:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-22 05:34 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 05:19 . 2012-06-22 05:19 -------- d-----w- c:\program files\CCleaner

2012-06-22 05:11 . 2012-06-22 05:11 -------- d-----w- c:\program files\FileHippo.com

2012-06-20 15:52 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12267894-2C70-4BBB-84CB-3DDB92251974}\mpengine.dll

2012-06-20 10:09 . 2012-06-20 10:09 -------- d-----w- c:\users\Jeroen\AppData\Roaming\Malwarebytes

2012-06-20 10:09 . 2012-06-20 10:09 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 17:21 . 2012-06-22 06:14 -------- d-----w- c:\windows\system32\wbem\repository

2012-06-13 10:22 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 10:21 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-13 10:21 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 10:21 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 10:21 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 10:21 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 10:21 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 10:21 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 10:21 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 10:21 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 16:02 . 2012-06-12 16:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-06-12 16:02 . 2012-06-12 16:02 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-05-24 08:36 . 2012-05-24 08:36 -------- d-----w- c:\users\Jeroen\AppData\Roaming\LolClient2

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-02 04:46 . 2012-05-12 16:43 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-02 04:46 . 2012-05-12 16:43 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-30 10:29 . 2012-05-12 16:44 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]

"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2009-01-12 681256]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-12-03 75048]

"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-02-03 210216]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R1 aswKbd;aswKbd; [x]

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-11-21 61424]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 172032]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 5191680]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 125440]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-13 1343400]

S1 CLBStor;InstantBurn Storage Helper Driver; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578087324-4134232735-2624227846-1000Core.job

- c:\users\Jeroen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 11:07]

.

2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578087324-4134232735-2624227846-1000UA.job

- c:\users\Jeroen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 11:07]

.

2012-06-04 c:\windows\Tasks\Norton Security Scan for Jeroen.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2011-01-13 08:48]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2504091

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Jeroen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\g5iovi43.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)

WebBrowser-{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-06-22 08:38:08

ComboFix-quarantined-files.txt 2012-06-22 06:38

.

Pre-Run: 58.202.791.936 bytes beschikbaar

Post-Run: 58.080.555.008 bytes beschikbaar

.

- - End Of File - - B6797DAE0A18FC864788B248B6352197

kape · 22 juni 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Jeroen\AppData\Roaming\Mozilla\Firefox\Profiles\g5iovi43.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

FF - Ext: Conduit Engine : engine@conduit.com -

FF - Ext: Softonic-Eng7 Community Toolbar -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Qbez · 23 juni 2012

aub

ComboFix 12-06-23.05 - Jeroen 23/06/2012 10:53:47.3.4 - x86 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3053.2471 [GMT 2:00]

Gestart vanuit: c:\users\Jeroen\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jeroen\Desktop\CFScript..txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\roboot.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))

.

2012-06-23 08:59 . 2012-06-23 08:59 -------- d-----w- c:\users\Jeroen\AppData\Local\temp

2012-06-23 08:59 . 2012-06-23 08:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 08:42 . 2012-06-23 08:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12267894-2C70-4BBB-84CB-3DDB92251974}\offreg.dll