pc valt plots vanzelf uit

ludeffi · 11 december 2008

Dag,

De laaste tijd valt mijn pc uit.

Na enkele uren aan de pc te zitten,valt hij plots vanzelf uit? Als ik dan weer heropstart,valt hij terug uit vanaf ik mijn buroscherm zie, dan moet ik soms wel zevenmaal heropstarten door hetzelfde probleem, en na de achste of negende keer gaat miin pc dan weer,maar dan zou het na drie uur weer kunnen gedaan zijn. Wat zou het probleem kunnen zijn??

groetjes

Ludo

11 december 2008

Schakel even het weergeven van BSOD's aan en dan kan je ons vertellen wat er staat in dat blauw scherm.

Zo zet je het aan:

Klik met de rechtermuisknop op "Deze Computer"

Kies "Eigenschappen"

Ga naar het tabblad "Geavanceerd"

Beneden het kadertje, vind je "Opstart- en herstelinstellingen.

Klik daar op het knopje "Instellingen" Dan opent er een venster, waar er in het midden van het scherm "Systeemfouten"

Klik dan het vakje "De computer automatisch opnieuw opstarten" uit

Druk op OK & nog eens op OK

Enkele oorzaken van BSOD's zijn, incompatibele dll's, labiele drivers, oververhitting van het systeem, deze laatste lijkt erg op jouw pc zijn probleem. Het feit dat hij even moet 'afkoelen' tot dat hij terug kan werken na lang gebruik wijst op zoiets maar het BSOD zal het zeker weten te zeggen.

ludeffi · 11 december 2008

Ik heb het gedaan Dean,zoals je liet weten,maar vanavond sloeg de pc weer plots uit. Ik liet de pc een kwartiertje uit, en starte hem weer op,dan was het weer goed maar na enkele uren zal de pc waarschijnlijk weer plots uit gaan.

Ludo

kape · 11 december 2008

Heb je al eens grondig gecheckt of er geen malware in het spel is (je weet maar nooit) ?

Probeer anders eens even met dit :

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snel koppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.

NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".

ludeffi · 12 december 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:22:16, on 12/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\DRIVERS\dcfssvc.exe

C:\Program Files\Telenet Security Pack\Anti-Virus\fsgk32st.exe

C:\Program Files\Telenet Security Pack\Common\FSMA32.EXE

C:\Program Files\Telenet Security Pack\Anti-Virus\FSGK32.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Telenet Security Pack\Common\FSMB32.EXE

C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Telenet Security Pack\Common\FSM32.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Telenet Security Pack\Common\FCH32.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Telenet Security Pack\Common\FAMEH32.EXE

C:\Program Files\Telenet Security Pack\Anti-Virus\fsqh.exe

C:\Program Files\Telenet Security Pack\FSPC\fspc.exe

C:\WINDOWS\system32\Fast.exe

C:\Program Files\Telenet Security Pack\FSGUI\fsguidll.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Telenet Security Pack\FSAUA\program\fsaua.exe

C:\Program Files\Telenet Security Pack\Anti-Virus\fssm32.exe

C:\Program Files\Telenet Security Pack\FWES\Program\fsdfwd.exe

C:\Program Files\Telenet Security Pack\FSAUA\program\fsus.exe

C:\Program Files\Telenet Security Pack\Anti-Virus\fsav32.exe

C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Telenet Security Pack\FSGUI\scanwizard.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Telenet

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4dfb-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\Program Files\LNM Client\AddAPI.dll (file missing)

O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\system32\kdpupd.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450d-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll

O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\BedreigingsMonitoor\bm.exe" dm=http://bedreigingsmonitoor.com ad=http://bedreigingsmonitoor.com sd=http://arettich.bedreigingsmonitoor.com

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Security Pack\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\RunServices: [csr] csrrs.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Policies\Explorer\Run: [{90BED14B-0B6D-2067-1026-040409010020}] "C:\Program Files\Common Files\{90BED14B-0B6D-2067-1026-040409010020}\Update.exe" mc-110-12-0000140

O4 - HKCU\..\Policies\Explorer\Run: [{90BED14B-0B6E-2067-1026-040409010020}] "C:\Program Files\Common Files\{90BED14B-0B6E-2067-1026-040409010020}\Update.exe" mc-110-12-0000140

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html

O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Zoeken op eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Security Pack\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Security Pack\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Security Pack\FSPC\fspcmsie.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\snoopy\Menu Start\Programma's\IMVU\Run IMVU.lnk

O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - ????? (file missing)

O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - ????? (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be

O15 - Trusted Zone: *.3

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228740806093

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\guard.tmp (file missing)

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O24 - Desktop Component 0: (no name) - http://www.philipinas.blogger.com.br/rit12.gif

O24 - Desktop Component 1: (no name) - Sign In

O24 - Desktop Component 2: (no name) - http://reese.hu/gallery/albums/Filmek/2005WalkTheLine/Stills/WalkTheLine09.jpg

--

End of file - 12180 bytes

ludeffi · 12 december 2008

Kape,

Hier is het logje van de scanning op HijackThis v2.0.2

groetjes

Ludo

kape · 12 december 2008

Bingo ... daar is wel wat werk aan de winkel :s

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

F2 - REGystem.ini: UserInit=userinit.exe

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE2} - C:\Program Files\LNM Client\AddAPI.dll (file missing)

O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\system32\kdpupd.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll

O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\BedreigingsMonitoor\bm.exe" dm=http://bedreigingsmonitoor.com ad=http://bedreigingsmonitoor.com sd=http://arettich.bedreigingsmonitoor.com

O4 - HKLM\..\RunServices: [csr] csrrs.exe

O4 - HKCU\..\Policies\Explorer\Run: [{90BED14B-0B6D-2067-1026-040409010020}] "C:\Program Files\Common Files\{90BED14B-0B6D-2067-1026-040409010020}\Update.exe" mc-110-12-0000140

O4 - HKCU\..\Policies\Explorer\Run: [{90BED14B-0B6E-2067-1026-040409010020}] "C:\Program Files\Common Files\{90BED14B-0B6E-2067-1026-040409010020}\Update.exe" mc-110-12-0000140

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - ????? (file missing)

O9 - Extra 'Tools' menuitem: Ò×È¤¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - ????? (file missing)

O15 - Trusted Zone: *.3

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\guard.tmp (file missing)

O24 - Desktop Component 0: (no name) - http://www.philipinas.blogger.com.br/rit12.gif

O24 - Desktop Component 1: (no name) - Sign In

O24 - Desktop Component 2: (no name) - http://reese.hu/gallery/albums/Filme...kTheLine09.jpg

Klik op 'Fix checked' om de items te verwijderen.

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te b

eëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw HJT-log.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van de logjes in je volgende bericht, samen met een nieuw HijackThis log.

ludeffi · 12 december 2008

Kape,

Waar zit die SDFix map ??

Ik vind die niet.

Ludo

kape · 12 december 2008

Vermoedelijk C:\SDFix tenzij jij een andere systemdrive hebt ?

ludeffi · 12 december 2008

Hier de log bij MBAM (Malwarebytes' Anti-Malware).

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 48

Registerwaarden geïnfecteerd: 7

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 32

Bestanden geïnfecteerd: 44

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\fis.amo (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.amo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.momo (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.momo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{175816a5-219e-4079-b2f9-53c501c409ba} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{19ebcbe0-9245-4397-bc5d-883d34782043} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1e07646f-07c4-4847-a250-0ec8114f2963} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{27c4569f-8728-4958-a920-a607cae8153c} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{397a208b-3d09-4b3e-93e8-ca171886612e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{421745e9-16df-4ee4-a758-d51f939c49cb} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4331ec56-0aab-499e-8757-dd2ee44ad671} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{54286c3a-e044-4e65-bd44-528d6ae28a18} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8a61a950-c325-4f44-ba64-273180ff3464} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8e98faf8-794f-47f9-af90-15305564ed81} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{af15975b-1498-4740-8e6c-90af78e4198c} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b53d4cd4-406d-43cc-8244-7893d72236dd} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b671426c-5c1a-48ac-9652-bc9402b1c404} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b9bb3219-f84c-4060-966b-4a1e73e24226} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f786cb18-3809-4e49-bc99-9a66da47db8b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f814be58-1bf9-4b50-829a-e889f86127ad} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d761645b-6b20-4698-aee8-729981152a82} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.ohb (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.ohb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\WinPGI.DLL (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\Home Page (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\Application Data (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\Documents and Settings (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\snoopy (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\snoopy (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF} (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Documents and Settings\Ludo Depoortere\Application Data\winantiviruspro2006freeinstall_nl[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\errorsafedutchnewreleaseinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Program Files\p2pnetworks\alp2plib.log (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\p2pnetworks\install.log (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\p2pnetworks\mpp2pl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\p2pnetworks\p2pnetworks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\persist.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\snoopy\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\Cache\3d9b1e7803d1f514d0305a80ddfe72bc.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\Cache\a3368572eced2cc5f3e48709437835f9.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\Cache\b0a974e21bd83e5a9a77094cf52ff863.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\Cache\cd8511eeb7608e164d2860e220a79af3.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ludo Depoortere\Application Data\Deskbar_{D6347061-81FC-4e51-B189-03D72CD306CF}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.

C:\WINDOWS\toolbar.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\atmtd.dll.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\stera.exe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Hieronder de nieuwe log bij HiJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:55:54, on 12/12/2008