Herhaaldelijke BSOD

kape · 4 november 2010

Download ComboFix van één van deze locaties:

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

douweziel · 6 november 2010

ComboFix 10-11-07.01 - Mon pc 06-11-2010 22:19:06.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.2046.1343 [GMT 1:00]

Gestart vanuit: c:\users\Mon pc\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://wlxindex

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-10-06 to 2010-11-06 ))))))))))))))))))))))))))))))

.

2010-11-06 21:29 . 2010-11-06 21:29 -------- d-----w- c:\users\Mon pc\AppData\Local\temp

2010-11-06 21:13 . 2010-11-06 21:16 -------- d-----w- C:\32788R22FWJFW

2010-11-06 21:12 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2960735B-59C9-4A15-84D3-77EEA2A75256}\mpengine.dll

2010-11-01 19:07 . 2010-11-01 19:09 -------- d-----w- c:\program files\Flobo Hard Disk Repair

2010-11-01 19:03 . 2010-11-02 15:18 -------- d-----w- C:\J dingen

2010-10-31 15:26 . 2010-10-31 15:26 -------- d-----w- c:\windows\nl

2010-10-31 15:19 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2010-10-31 15:19 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-10-31 15:16 . 2010-10-31 15:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\8ead1fbe1cb790e04\DSETUP.dll

2010-10-31 15:16 . 2010-10-31 15:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\8ead1fbe1cb790e04\DXSETUP.exe

2010-10-31 15:16 . 2010-10-31 15:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\8ead1fbe1cb790e04\dsetup32.dll

2010-10-31 15:16 . 2010-10-31 15:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\8e12664c1cb790e03\DSETUP.dll

2010-10-31 15:16 . 2010-10-31 15:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\8e12664c1cb790e03\DXSETUP.exe

2010-10-31 15:16 . 2010-10-31 15:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\8e12664c1cb790e03\dsetup32.dll

2010-10-27 14:50 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-27 14:50 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-27 14:50 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-27 14:50 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-27 14:46 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-26 23:08 . 2010-10-26 23:08 -------- d-----w- c:\program files\Ask.com

2010-10-26 23:08 . 2010-11-04 16:39 -------- d-----w- c:\users\Mon pc\AppData\Roaming\QuickStoresToolbar

2010-10-24 17:42 . 2010-10-24 17:42 -------- dc----w- c:\programdata\{4275E5EA-6E30-48EB-A209-F964539CBE1C}

2010-10-24 15:00 . 2010-10-24 15:00 -------- d-----w- c:\program files\Synthetic Aperture

2010-10-24 15:00 . 2010-10-24 15:00 -------- d-----w- c:\program files\Color Finesse

2010-10-23 21:58 . 2010-10-23 21:58 -------- d-----w- c:\users\Mon pc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-10-23 21:53 . 2010-10-24 14:01 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2010-10-23 19:16 . 2010-10-23 19:16 -------- d-----w- c:\users\Mon pc\Adobe Flash Builder 4

2010-10-23 19:04 . 2010-03-27 16:06 67032 ----a-w- c:\program files\Mozilla Firefox\plugins\npContribute.dll

2010-10-23 18:53 . 2010-10-23 18:53 -------- d-----w- c:\program files\My Company Name

2010-10-23 18:46 . 2010-10-23 21:59 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-10-20 18:15 . 2010-10-20 18:15 -------- d-----w- c:\program files\ConduitEngine

2010-10-14 16:02 . 2010-10-14 16:02 -------- d-----w- c:\programdata\NVIDIA Corporation

2010-10-13 16:57 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-10-13 16:52 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2010-10-12 18:54 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-10-09 00:22 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-10-08 06:46 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B00F01A1-FD70-42D6-8EE5-F0C7B5A2F0AF}\mpengine.dll

2010-10-08 06:40 . 2010-10-08 06:44 -------- d-----w- c:\program files\Microsoft Security Essentials

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 20:51 . 2010-02-03 20:34 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-15 02:50 . 2010-04-25 11:20 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-21 23:42 . 2003-10-17 12:44 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-08-21 23:42 . 2003-10-17 12:44 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-08-21 05:32 . 2010-09-15 13:58 316928 ----a-w- c:\windows\system32\spoolsv.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-07 2002160]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 XDva309;XDva309;c:\windows\system32\XDva309.sys [x]

R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R4 Macro Expert;Macro Expert;c:\program files\grasssoft\mouse recorder\MacroService.exe [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-12 691696]

S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]

S1 SAS***IL;SAS***IL;d:\program files\SUPERAntiSpyware\SAS***IL.sys [2010-01-05 74480]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]

S3 kbdcap;kbdcap; [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

bdx REG_MULTI_SZ sysagent

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

2010-02-22 c:\windows\Tasks\Wise Registry Cleaner 4.job

- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2010-02-22 10:24]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

FF - ProfilePath - c:\users\Mon pc\AppData\Roaming\Mozilla\Firefox\Profiles\cs0wf2aj.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: c:\users\Mon pc\AppData\Roaming\Mozilla\Firefox\Profiles\cs0wf2aj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\users\Mon pc\AppData\Roaming\Mozilla\Firefox\Profiles\cs0wf2aj.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - component: c:\users\Mon pc\AppData\Roaming\Mozilla\Firefox\Profiles\cs0wf2aj.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\users\Mon pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-TuneUpMedia - c:\program files\TuneUpMedia\Uninstall.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2010-11-06 22:33:33

ComboFix-quarantined-files.txt 2010-11-06 21:33

ComboFix2.txt 2010-05-30 19:35

Pre-Run: 68.518.793.216 bytes beschikbaar

Post-Run: 68.358.512.640 bytes beschikbaar

- - End Of File - - DC678D7E47B73ADC61493B02668A577E

Heeft dit te maken met mijn J-Schijf?

Na opstarten was die er niet, zoals gewoonlijk

Welnu, wat volgt?

kape · 6 november 2010

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\XDva309.sys

Folder::

c:\program files\Ask.com

c:\users\Mon pc\AppData\Roaming\QuickStoresToolbar

c:\program files\ConduitEngine

Driver::

XDva309

kbdcap

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

Firefox::

FF - ProfilePath - c:\users\Mon pc\AppData\Roaming\Mozilla\Firefox\Profiles\cs0wf2aj.default\

FF - prefs.js: browser.search.selectedEngine -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

douweziel · 24 november 2010

Na dit uitgevoerd te hebben, bleken mijn toetsenbord en muis het niet te doen.

Na systeemherstel deed de pc het weer, maar er was Combofix.txt noch J-Schijf.

kweezie wabbit · 26 november 2010

Indien nodig combofix opnieuw downloaden.

Maak een nieuw logje met combofix.

28 november 2010

ik heb juist dezelfde errors soms

douweziel · 29 november 2010

Wederom hetzelfde uitgevoerd: CFScript.txt + inhoud naar ComboFix gesleept (die ik opnieuw gedownload had), ik heb 'm zien werken. Toen de pc daarna opstartte, deed het toetsenbord alsook de muis het weer niet. Is er iets met dat tekstbestandje ofzo?

kape · 29 november 2010

Voer het eens uit met dit tekstbestand (als test voor het toetsenbord- en muisprobleem) :