PC enorm traag en windows update lukt niet

Lipo · 2 augustus 2013

Hallo, Pc van mijn nichte loopt voor geen meter en windows update lukt ook niet, graag een beetje advies.

dbv.

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 14:29:32, on 2/08/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17267)

FIREFOX: 6.0.1 (nl)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\YourFileDownloader\YourFileUpdater.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Acer\Android Manager\iSync.exe

C:\Program Files\Acer\Updater\iUpdate.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Launch Manager\LMworker.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\helppane.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

C:\Users\dee\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [iSyncData] C:\Program Files\Acer\Android Manager\iSync.exe

O4 - HKLM\..\Run: [AndroidManager] C:\Program Files\Acer\Android Manager\AML.exe

O4 - HKLM\..\Run: [iPatchData] C:\Program Files\Acer\Updater\iUpdate.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - MSN Games - Free Online Games

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - MSN Games - Free Online Games

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--

End of file - 7446 bytes

clarkie · 2 augustus 2013

Dag Lipo,

De experts die je logje analyseren en je verdere instructies geven zijn verwittigd, zodra ze online komen helpen ze je verder. ;-)

kape · 2 augustus 2013

Download ComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
Illegal operation attempted on a registry key that has been marked for deletion.

Lipo · 2 augustus 2013

Hallo,

Zoals gevraagd ComboFix even laten lopen en het logje gepost:

ComboFix 13-08-01.01 - dee 02/08/2013 17:26:13.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.32.1043.18.1013.297 [GMT 2:00]

Gestart vanuit: c:\users\dee\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\FullRemove.exe

c:\windows\system32\kgen.dll

c:\windows\system32\roboot.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-02 to 2013-08-02 ))))))))))))))))))))))))))))))

.

2013-08-02 15:44 . 2013-08-02 15:44 -------- d-----w- c:\users\Gast\AppData\Local\temp

2013-08-02 15:44 . 2013-08-02 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-02 13:20 . 2013-08-02 13:20 -------- d-----w- c:\users\dee\AppData\Roaming\Systweak

2013-08-02 13:19 . 2013-08-02 13:19 -------- d-----w- c:\program files\RegClean Pro

2013-08-02 12:25 . 2013-08-02 15:23 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD3C3316-A746-4734-9209-BB2451B69AEA}\offreg.dll

2013-08-02 11:59 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD3C3316-A746-4734-9209-BB2451B69AEA}\mpengine.dll

2013-08-01 14:28 . 2013-08-01 14:28 -------- d-----w- c:\windows\system32\searchplugins

2013-08-01 14:28 . 2013-08-01 14:28 -------- d-----w- c:\windows\system32\Extensions

2013-08-01 14:18 . 2013-08-01 14:18 -------- d-----w- c:\users\dee\AppData\Roaming\QuickScan

2013-08-01 13:48 . 2013-08-01 13:48 -------- d-----w- c:\programdata\Babylon

2013-08-01 13:47 . 2013-08-01 13:47 -------- d-----w- c:\users\dee\AppData\Roaming\Babylon

2013-08-01 13:47 . 2013-08-01 13:48 -------- d-----w- c:\program files\YourFileDownloader

2013-08-01 13:47 . 2013-08-01 13:47 -------- d-----w- c:\users\dee\AppData\Roaming\YourFileDownloader

2013-08-01 13:24 . 2013-08-01 13:24 -------- d-----w- c:\users\dee\AppData\Roaming\DriverCure

2013-08-01 13:24 . 2013-08-01 13:24 -------- d-----w- c:\users\dee\AppData\Roaming\SpeedyPC Software

2013-08-01 13:22 . 2013-08-01 14:25 -------- d-----w- c:\programdata\SpeedyPC Software

2013-08-01 13:22 . 2013-08-01 13:22 -------- d-----w- c:\program files\SpeedyPC Software

2013-08-01 09:08 . 2013-08-01 09:08 -------- d-----w- c:\users\dee\AppData\Local\Macromedia

2013-08-01 08:22 . 2013-08-01 08:28 -------- d-----w- c:\windows\system32\MRT

2013-08-01 07:45 . 2013-08-01 08:10 -------- d-----w- c:\program files\AppCleaner

2013-07-31 19:02 . 2013-08-01 08:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-31 16:35 . 2013-01-04 04:55 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-07-31 16:35 . 2013-01-04 04:55 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-07-31 16:18 . 2013-07-31 18:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-07-31 16:18 . 2013-07-31 16:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-01 08:32 . 2011-08-29 10:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-31 12:00 . 2011-08-30 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-09-04 20:05 . 2011-08-30 14:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-03 9398888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]

"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]

"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]

"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-07-21 492096]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-06-16 14:33 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"Facebook Update"="c:\users\dee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Persistence"=c:\windows\system32\igfxpers.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-20 357182]

R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [2010-06-17 82768]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-03-19 38240]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 08:33]

.

2013-08-02 c:\windows\Tasks\RegClean Pro_DEFAULT.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2013-08-02 11:49]

.

2013-08-02 c:\windows\Tasks\RegClean Pro_UPDATES.job

- c:\program files\RegClean Pro\RegCleanPro.exe [2013-08-02 11:49]

.

2011-08-31 c:\windows\Tasks\WinUtilities_DiskDefrag_D81CDF27E9284404.job

- c:\program files\WinUtilities\ToolDiskDefrag.exe [2011-07-12 11:08]

.

2013-08-02 c:\windows\Tasks\WinUtilities_Disk_Cleaner_D81CDF27E9284401.job

- c:\program files\WinUtilities\ToolDiskCleaner.exe [2011-07-12 11:08]

.

2011-08-31 c:\windows\Tasks\WinUtilities_History_Cleaner_D81CDF27E9284403.job

- c:\program files\WinUtilities\ToolHistoryCleaner.exe [2011-07-12 11:08]

.

2011-08-31 c:\windows\Tasks\WinUtilities_Registry_Cleaner_D81CDF27E9284402.job

- c:\program files\WinUtilities\ToolRegistryCleaner.exe [2011-07-12 11:08]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://acer.msn.com

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.133 195.130.130.5

FF - ProfilePath - c:\users\dee\AppData\Roaming\Mozilla\Firefox\Profiles\y36xju8y.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-08-01 16:18; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\dee\AppData\Roaming\Mozilla\Firefox\Profiles\y36xju8y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - f48227d00000000000000026c7a8ed5d

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15918

FF - user.js: extensions.delta.vrsn - 1.8.22.0

FF - user.js: extensions.delta.vrsni - 1.8.22.0

FF - user.js: extensions.delta.vrsnTs - 1.8.22.015:49

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - nl

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=120007&tsp=4961

FF - user.js: extensions.delta_i.babExt -

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-654476947-4229177989-2169792694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-654476947-4229177989-2169792694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-08-02 17:50:27

ComboFix-quarantined-files.txt 2013-08-02 15:50

.

Pre-Run: 194.715.144.192 bytes beschikbaar

Post-Run: 194.434.674.688 bytes beschikbaar

.

- - End Of File - - 3D7D2F9449E401077222E051566FA199

A36C5E4F47E84449FF07ED3517B43A31

kape · 2 augustus 2013

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
 [b]Folder::[/b]
 [b]c:\windows\system32\searchplugins[/b]
 [b]c:\windows\system32\Extensions[/b]
 [b]c:\users\dee\AppData\Roaming\QuickScan[/b]
 [b]c:\programdata\Babylon[/b]
 [b]c:\users\dee\AppData\Roaming\Babylon[/b]
 [b]c:\program files\YourFileDownloader[/b]
 [b]c:\users\dee\AppData\Roaming\YourFileDownloader[/b]
 [b] [/b]
 [b]Firefox::[/b]
 [b]FF - ProfilePath - c:\users\dee\AppData\Roaming\Mozilla\Firefox\Profiles\y36xju8y.default\[/b]
 [b]FF - user.js: extensions.delta.tlbrSrchUrl -[/b]
 [b]FF - user.js: extensions.delta.id - f48227d00000000000000026c7a8ed5d[/b]
 [b]FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}[/b]
 [b]FF - user.js: extensions.delta.instlDay - 15918[/b]
 [b]FF - user.js: extensions.delta.vrsn - 1.8.22.0[/b]
 [b]FF - user.js: extensions.delta.vrsni - 1.8.22.0[/b]
 [b]FF - user.js: extensions.delta.vrsnTs - 1.8.22.015:49[/b]
 [b]FF - user.js: extensions.delta.prtnrId - delta[/b]
 [b]FF - user.js: extensions.delta.prdct - delta[/b]
 [b]FF - user.js: extensions.delta.aflt - babsst[/b]
 [b]FF - user.js: extensions.delta.smplGrp - none[/b]
 [b]FF - user.js: extensions.delta.tlbrId - base[/b]
 [b]FF - user.js: extensions.delta.instlRef - sst[/b]
 [b]FF - user.js: extensions.delta.dfltLng - nl[/b]
 [b]FF - user.js: extensions.delta.excTlbr - false[/b]
 [b]FF - user.js: extensions.delta.ffxUnstlRst - true[/b]
 [b]FF - user.js: extensions.delta.admin - false[/b]
 [b]FF - user.js: extensions.delta_i.babTrack - affID=120007&tsp=4961[/b]
 [b]FF - user.js: extensions.delta_i.babExt -[/b]
 [b]FF - user.js: extensions.delta_i.srcExt - ss[/b]
 [b]FF - user.js: extensions.delta.autoRvrt - false[/b]
 [b]FF - user.js: extensions.delta.rvrt - false[/b]
 [b]FF - user.js: extensions.delta.newTab - false[/b]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

Lipo · 2 augustus 2013

Hallo, hier is mijn nieuw logje:

ComboFix 13-08-01.01 - dee 02/08/2013 18:57:59.2.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.32.1043.18.1013.368 [GMT 2:00]

Gestart vanuit: c:\users\dee\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\dee\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-07-02 to 2013-08-02 ))))))))))))))))))))))))))))))

.

2013-08-02 17:17 . 2013-08-02 17:17 -------- d-----w- c:\users\Gast\AppData\Local\temp

2013-08-02 17:17 . 2013-08-02 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-02 17:17 . 2013-08-02 17:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-08-02 13:20 . 2013-08-02 16:00 -------- d-----w- c:\users\dee\AppData\Roaming\Systweak