Ga naar inhoud

Internet sluit vanzelf af en blauw scherm


Bren1900

Aanbevolen berichten

  • Reacties 29
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Het is gelukt hier het nieuwe log :

ComboFix 10-05-31.03 - Beheerder 31-05-2010 10:14:45.1.2 - x86

Gestart vanuit: c:\documents and settings\TEMP\Mijn documenten\ComboFix.exe

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-04-28 to 2010-05-31 ))))))))))))))))))))))))))))))

.

2010-05-29 11:13 . 2010-05-29 11:13 -------- d-----w- c:\documents and settings\TEMP\Application Data\Malwarebytes

2010-05-29 11:12 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-29 11:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-27 16:20 . 2010-05-27 16:20 388096 ----a-r- c:\documents and settings\TEMP\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-27 16:20 . 2010-05-27 16:20 -------- d-----w- c:\program files\Trend Micro

2010-05-25 16:15 . 2010-05-25 16:15 -------- d-----w- c:\program files\Imikimi

2010-05-25 12:49 . 2010-05-25 12:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2010-05-21 07:02 . 2010-05-21 07:02 -------- d-----w- c:\documents and settings\TEMP\Application Data\Tific

2010-05-21 07:02 . 2010-05-21 07:02 -------- d-----w- c:\documents and settings\TEMP\Local Settings\Application Data\Symantec

2010-05-20 07:20 . 2010-05-20 07:20 -------- d-----w- c:\program files\CCleaner

2010-05-16 13:51 . 2008-02-07 04:02 52224 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON Stylus SX200 Series\Language\0413.E_S9E0F7.DLL

2010-05-04 12:49 . 2010-05-04 12:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\windows\system32\drivers\NSS

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\program files\Norton Security Scan

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-05-02 13:35 . 2010-05-07 15:06 -------- d-----w- c:\windows\system32\Adobe

2010-05-02 11:11 . 2008-05-26 06:02 210432 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON Stylus SX200 Series\Language\0413.E_DI0EEE.DLL

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-27 17:15 . 2010-03-24 15:53 -------- d-----w- c:\program files\PKR

2010-05-27 06:24 . 2002-01-13 23:04 94208 ----a-w- c:\windows\DUMP6bf8.tmp

2010-05-25 13:48 . 2010-03-24 17:12 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-12 07:58 . 2010-04-12 16:07 -------- d-----w- c:\program files\Radio_Bar_1

2010-05-02 17:25 . 2010-03-24 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-02 17:25 . 2010-03-24 16:17 -------- d-----w- c:\program files\NortonInstaller

2010-04-30 09:38 . 2010-04-30 09:38 -------- d-----w- c:\documents and settings\TEMP\Application Data\Apple Computer

2010-04-30 09:04 . 2010-04-30 09:03 -------- d-----w- c:\program files\QuickTime

2010-04-30 09:03 . 2010-04-30 09:03 -------- d-----w- c:\program files\Common Files\Apple

2010-04-30 09:03 . 2010-04-30 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-04-30 09:02 . 2010-04-30 09:02 -------- d-----w- c:\program files\Apple Software Update

2010-04-30 09:02 . 2010-04-30 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-04-30 08:56 . 2010-04-30 08:56 -------- d-----w- c:\documents and settings\TEMP\Application Data\Nokia Multimedia Player

2010-04-30 08:44 . 2010-04-30 08:44 -------- d-----w- c:\program files\Common Files\PCSuite

2010-04-30 08:44 . 2010-04-30 08:44 -------- d-----w- c:\program files\Nokia

2010-04-30 08:44 . 2010-04-30 08:44 -------- d-----w- c:\program files\Common Files\Nokia

2010-04-30 08:43 . 2009-06-09 09:22 -------- d-----w- c:\program files\Common Files\InstallShield

2010-04-29 19:02 . 2010-04-29 19:02 -------- d-----w- c:\documents and settings\TEMP\Application Data\Samsung

2010-04-29 18:39 . 2010-04-29 18:39 -------- d-----w- c:\program files\Samsung

2010-04-29 18:39 . 2009-06-09 09:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-29 06:48 . 2010-04-25 18:49 -------- d-----w- c:\program files\Tournament Indicator

2010-04-24 14:21 . 2007-10-29 12:00 520608 ----a-w- c:\windows\system32\perfh013.dat

2010-04-24 14:21 . 2007-10-29 12:00 103904 ----a-w- c:\windows\system32\perfc013.dat

2010-04-22 22:31 . 2010-03-25 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-21 08:11 . 2010-03-24 18:01 -------- d-----w- c:\program files\Microsoft

2010-04-21 08:11 . 2010-04-21 08:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2010-04-21 08:09 . 2010-04-21 08:09 68456 ----a-w- c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-20 10:52 . 2010-03-24 16:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-12 16:07 . 2010-04-12 16:07 -------- d-----w- c:\program files\Conduit

2010-04-01 11:53 . 2010-04-01 11:53 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-03-29 07:58 . 2010-03-29 07:58 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2010-03-24 16:24 . 2010-03-24 16:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-24 16:24 . 2010-03-24 16:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-24 14:48 . 2010-03-24 14:48 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-03-10 06:17 . 2007-10-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fc85f5d-6207-4515-a490-45a549d285c0}]

2010-05-12 07:58 2515552 ----a-w- c:\program files\Radio_Bar_1\tbRad1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{0fc85f5d-6207-4515-a490-45a549d285c0}"= "c:\program files\Radio_Bar_1\tbRad1.dll" [2010-05-12 2515552]

[HKEY_CLASSES_ROOT\clsid\{0fc85f5d-6207-4515-a490-45a549d285c0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{0FC85F5D-6207-4515-A490-45A549D285C0}"= "c:\program files\Radio_Bar_1\tbRad1.dll" [2010-05-12 2515552]

[HKEY_CLASSES_ROOT\clsid\{0fc85f5d-6207-4515-a490-45a549d285c0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-29 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Sitecom 300N USB Wireless LAN Utility.lnk - c:\program files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe [2010-3-24 929792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SITECOM\\300N USB Wireless LAN Utility\\RtWLan.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [24-5-2010 8:48 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [24-5-2010 8:48 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [29-4-2010 19:44 537136]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [24-5-2010 8:48 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [24-5-2010 8:48 116784]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [24-5-2010 8:48 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26-5-2010 10:27 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100520.001\IDSXpx86.sys [29-10-2009 0:37 329592]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [24-3-2010 16:48 588032]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-3-2010 10:14 135664]

S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?]

.

Inhoud van de 'Gedeelde Taken' map

2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 08:13]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 08:13]

2010-05-29 c:\windows\Tasks\Norton Security Scan for Beheerder.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-02 17:25]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(848)

c:\windows\SYSTEM32\RtlGina\RtlGina.DLL

.

Voltooingstijd: 2010-05-31 10:22:25

ComboFix-quarantined-files.txt 2010-05-31 08:22

Pre-Run: 26.531.586.048 bytes beschikbaar

Post-Run: 26.583.736.320 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7EAACB064578C9EEFD3B17781E0890D7File::

c:\windows\DUMP6bf8.tmp

c:\documents and settings\All Users\Application Data\EPSON\EPSON Stylus SX200 Series\Language\0413.E_S9E0F7.DLL

c:\documents and settings\All Users\Application Data\EPSON\EPSON Stylus SX200 Series\Language\0413.E_DI0EEE.DLL

Folder::

c:\program files\Conduit

c:\program files\Radio_Bar_1

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fc85f5d-6207-4515-a490-45a549d285c0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{0fc85f5d-6207-4515-a490-45a549d285c0}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{0fc85f5d-6207-4515-a490-45a549d285c0}]

Link naar reactie
Delen op andere sites

maar waarom krijg ik dan een e-mail toegestuurdt die me hierna verwijst !!
Omdat je eerder in dit topic al een bericht gepost hebt ... dat verwijderd is wegens illegale verwijzingen.

Wil je verder geen berichten ontvangen over dit topic, dan kan je je abonnement op dit onderwerp opzeggen (zie onder "Discussietools").

Link naar reactie
Delen op andere sites

Volgens mij post ik per ongeluk een oud logje

---------- Post toegevoegd om 11:27 ---------- Vorige post was om 11:26 ----------

ComboFix 10-05-31.03 - Beheerder 31-05-2010 13:14:37.2.2 - x86

Gestart vanuit: c:\documents and settings\TEMP\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\TEMP\Bureaublad\CFScript.txt

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\program files\Radio_Bar_1

c:\program files\Radio_Bar_1\INSTALL.LOG

c:\program files\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe

c:\program files\Radio_Bar_1\tbRad1.dll

c:\program files\Radio_Bar_1\tbRadi.dll

c:\program files\Radio_Bar_1\toolbar.cfg

c:\program files\Radio_Bar_1\UNWISE.EXE

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-04-28 to 2010-05-31 ))))))))))))))))))))))))))))))

.

2010-05-31 06:45 . 2010-05-31 11:12 -------- d--h--r- c:\documents and settings\TEMP\Onlangs geopend

2010-05-29 11:13 . 2010-05-29 11:13 -------- d-----w- c:\documents and settings\TEMP\Application Data\Malwarebytes

2010-05-29 11:12 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-29 11:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-29 11:12 . 2010-05-29 11:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-27 16:20 . 2010-05-27 16:20 388096 ----a-r- c:\documents and settings\TEMP\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-27 16:20 . 2010-05-27 16:20 -------- d-----w- c:\program files\Trend Micro

2010-05-25 16:15 . 2010-05-25 16:15 -------- d-----w- c:\program files\Imikimi

2010-05-25 12:49 . 2010-05-25 12:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2010-05-21 07:02 . 2010-05-21 07:02 -------- d-----w- c:\documents and settings\TEMP\Application Data\Tific

2010-05-21 07:02 . 2010-05-21 07:02 -------- d-----w- c:\documents and settings\TEMP\Local Settings\Application Data\Symantec

2010-05-20 07:20 . 2010-05-20 07:20 -------- d-----w- c:\program files\CCleaner

2010-05-16 13:51 . 2008-02-07 04:02 52224 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON Stylus SX200 Series\Language\0413.E_S9E0F7.DLL

2010-05-04 12:49 . 2010-05-04 12:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\windows\system32\drivers\NSS

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\program files\Norton Security Scan

2010-05-02 17:25 . 2010-05-02 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-05-02 13:35 . 2010-05-07 15:06 -------- d-----w- c:\windows\system32\Adobe

2010-05-02 11:11 . 2008-05-26 06:02 210432 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON Stylus SX200 Series\Language\0413.E_DI0EEE.DLL

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-27 17:15 . 2010-03-24 15:53 -------- d-----w- c:\program files\PKR

2010-05-27 06:24 . 2002-01-13 23:04 94208 ----a-w- c:\windows\DUMP6bf8.tmp

2010-05-25 13:48 . 2010-03-24 17:12 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-02 17:25 . 2010-03-24 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-05-02 17:25 . 2010-03-24 16:17 -------- d-----w- c:\program files\NortonInstaller

2010-04-30 09:38 . 2010-04-30 09:38 -------- d-----w- c:\documents and settings\TEMP\Application Data\Apple Computer

2010-04-30 09:04 . 2010-04-30 09:03 -------- d-----w- c:\program files\QuickTime

2010-04-30 09:03 . 2010-04-30 09:03 -------- d-----w- c:\program files\Common Files\Apple

2010-04-30 09:03 . 2010-04-30 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-04-30 09:02 . 2010-04-30 09:02 -------- d-----w- c:\program files\Apple Software Update

2010-04-30 09:02 . 2010-04-30 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-04-30 08:56 . 2010-04-30 08:56 -------- d-----w- c:\documents and settings\TEMP\Application Data\Nokia Multimedia Player

2010-04-30 08:44 . 2010-04-30 08:44 -------- d-----w- c:\program files\Common Files\PCSuite

2010-04-30 08:44 . 2010-04-30 08:44 -------- d-----w- c:\program files\Nokia

2010-04-30 08:44 . 2010-04-30 08:44 -------- d-----w- c:\program files\Common Files\Nokia

2010-04-30 08:43 . 2009-06-09 09:22 -------- d-----w- c:\program files\Common Files\InstallShield

2010-04-29 19:02 . 2010-04-29 19:02 -------- d-----w- c:\documents and settings\TEMP\Application Data\Samsung

2010-04-29 18:39 . 2010-04-29 18:39 -------- d-----w- c:\program files\Samsung

2010-04-29 18:39 . 2009-06-09 09:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-29 06:48 . 2010-04-25 18:49 -------- d-----w- c:\program files\Tournament Indicator

2010-04-24 14:21 . 2007-10-29 12:00 520608 ----a-w- c:\windows\system32\perfh013.dat

2010-04-24 14:21 . 2007-10-29 12:00 103904 ----a-w- c:\windows\system32\perfc013.dat

2010-04-22 22:31 . 2010-03-25 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-21 08:11 . 2010-03-24 18:01 -------- d-----w- c:\program files\Microsoft

2010-04-21 08:11 . 2010-04-21 08:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2010-04-21 08:09 . 2010-04-21 08:09 68456 ----a-w- c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-20 10:52 . 2010-03-24 16:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-01 11:53 . 2010-04-01 11:53 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-03-29 07:58 . 2010-03-29 07:58 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2010-03-24 16:24 . 2010-03-24 16:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-24 16:24 . 2010-03-24 16:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-24 14:48 . 2010-03-24 14:48 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-03-10 06:17 . 2007-10-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

Link naar reactie
Delen op andere sites

En hier is de nieuwe van Hijack :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:29:23, on 31-5-2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Sitecom 300N USB Wireless LAN Utility.lnk = C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/nl/Prg/ESTPTest.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6506 bytes

Link naar reactie
Delen op andere sites

Het is gelukt hier het nieuwe log
Helaas is dat niet zo ... ook nu is het weer een gewoon log van Combofix dat je aangemaakt hebt en niet het aangepaste log met het script-bestand. Indien je CFScript.txt correct op je bureaublad hebt gestockeerd, moet je dit bestandje via slepen in de rode snelkoppeling doen belanden. Combofix leest dan de opdracht en voert deze uit. Daarna maakt het een actueel nieuw log van Combofix. En dat is wat we nodig hebben om te zien of de actie ook geslaagd is :-)
Link naar reactie
Delen op andere sites

Ben even boodschapjes gaan doen en heb nog steeds geen blauw scherm dus het lijkt goed te gaan. Wat ik alleen wel vreemd vind is dat mijn balk onderaan room/wit is een beetje beige terwijl hij toch blauw hoort te zijn ?. Maar even om te leren wat was het probleem nou ? Ontzettend bedankt in ieder geval !!!!!!

Link naar reactie
Delen op andere sites

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner. en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Voor XP zijn we al aan Service Pack 3. Uit veiligheidsoverwegingen zou je die update SP3 ook best nog downloaden.

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.