Vraag & Antwoord
Hijackthis logje(van mezelf deze keer)
13 antwoorden
- nee niet opgelost dus
me pc is traag als nog wat
ik voer hele tijd scans uit en helemaal niks
ik kan niet eens normaal deze computer openen :evil:
als ik me pc stress(gewoon een appilcatie runne, zelfs bij windows media player openen :evil: :evil: :evil: :evil: )
sluit ie automatisch af alsof je op t reset knop drukt :evil:
echt ** ding jonge
ik ben t echt zat met dit bak :evil:
hier een logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:32, on 5-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188831081734
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188845633406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
–
End of file - 6031 bytes
alvast bedankt
en als ik alles formateer en windows opnieuw installeer
is me pc nog steeds traag
komt dat door dat me pc onstabiel is off??
moet ik de timings enzo wijzige van me werkgeheugen ???
pleass help - hallo allemaal
ik heb hier namelijk een probleem
me pc is weer gek geworden
voor het probleem had ik met spyware doctor 5 en ad aware 7 full sytem scna gedaan vond ie niks opnieuw opstarte
ff youtuben enz…
ik zag een video en vond m leuk wou m naar me telefoon downloade dus
imtoo 3gp video converter 3 downloaden
ik wist wel van zonder registratie code converteerd ie maar tot de helft enzo.
ik zocht een crack zoeke niks met geld enzo
op t eind vond ik een site met crack(trojan denk ik)
ik downlade hem
was ingepakt
pakte uit
ik kreeg in een keer 3 waarschuwingen van spyware doctor van onguard protection enzo
ik dacht van ahh
converter 2 was aan
ik klikte op serial(uitgepakte bestand)
pc begon in en keer gek te worden
ik had in een keer in de gaten van sh*t ben er in getrapt enzo
pc heel traag
kon de muis niet eens bedienen gelijk reset
veilige modus
met spyware doctor intelli scan 107 infecties
en met trojan remover paar
genaamd imagepath enzo.
en [paar andere bestanden in t dll
nou jah
opstarte en pc was wel sneller
maar het ding is nog steeds traag
ik heb een logje gemaakt
ik hoop dat jullie wat vinden
alvast erggg bedankt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:52, on 1-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\wsusupd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [ShareSearcher] C:\wsusupd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188831081734
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188845633406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ddcyvsq - ddcyvsq.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
–
End of file - 5931 bytes
ik hoop dat jullie me zo snel mogelijk helpen
- Tja, wie zijn billen brand
Start Hijackthis, kies voor [i:0e0a4e69e4]'Do a system scan only'[/i:0e0a4e69e4] en vink onderstaande regels aan:
[b:0e0a4e69e4]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
O4 - HKLM\..\Run: [ShareSearcher] C:\wsusupd.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O20 - Winlogon Notify: ddcyvsq - ddcyvsq.dll (file missing)
[/b:0e0a4e69e4]
Sluit nu [u:0e0a4e69e4]alle[/u:0e0a4e69e4] openstaande vensters, behalve Hijackthis en klik op [b:0e0a4e69e4]Fix Checked[/b:0e0a4e69e4].
Download Combofix naar je [b:0e0a4e69e4]bureaublad[/b:0e0a4e69e4]
Dubbelklik op [u:0e0a4e69e4]combofix.exe[/u:0e0a4e69e4]
Kies voor "Continue" door [b:0e0a4e69e4]1[/b:0e0a4e69e4] te typen gevolgd door [b:0e0a4e69e4]ENTER[/b:0e0a4e69e4].
Tijdens het runnen van de fix, [b:0e0a4e69e4]NIET[/b:0e0a4e69e4] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:0e0a4e69e4]combofix.txt[/b:0e0a4e69e4] openen. Bewaar dit logje.
[i:0e0a4e69e4]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:0e0a4e69e4]
Plaats in je volgende antwoord het logje van combofix ([i:0e0a4e69e4]combofix.txt[/i:0e0a4e69e4]) tesamen met een vers Hijackthis log.
Succes!
Pim - erg bedankt he
helpte al erg veel
ComboFix 07-10-02.2 - Sadik 2007-10-02 15:27:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.621 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Documents and Settings\Sadik\Bureaublad\internet.lnk
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\instcat.dll
C:\WINDOWS\system32\pskill.exe
C:\wsusupd.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
——-\LEGACY_NTMLSVC
——-\LEGACY_RUNTIME
——-\NtmlSvc
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))
.
2007-10-02 15:26 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-01 22:01 158,496 –a—— C:\WINDOWS\system32\b1e35fe3.sys
2007-10-01 21:46 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2007-10-01 21:41 158,464 –a—— C:\WINDOWS\system32\e86169f6.sys
2007-10-01 21:38 61,440 –a—— C:\WINDOWS\system32\aspimgr.exe.ren
2007-10-01 21:38 41,771 –a—— C:\tislctg.exe
2007-10-01 21:38 28,160 –a—— C:\qixik.exe
2007-10-01 21:38 20,992 –a—— C:\gniinq.exe
2007-10-01 21:38 158,464 –a—— C:\WINDOWS\system32\4f46087b.sys
2007-10-01 21:38 13,312 –a—— C:\WINDOWS\system32\netfilter.dll
2007-10-01 17:10 <DIR> d–hs—- C:\Documents and Settings\Sadik\Onlangs geopend
2007-09-30 21:55 83,536 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-30 21:55 59,984 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-30 21:55 52,304 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-30 21:55 39,248 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-09-30 21:55 26,064 –a—— C:\WINDOWS\system32\drivers\kcom.sys
2007-09-30 21:54 <DIR> d——– C:\Program Files\Spyware Doctor
2007-09-30 21:54 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PC Tools
2007-09-30 18:00 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\BitTorrent
2007-09-29 16:57 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-09-29 16:48 208,896 –a—— C:\WINDOWS\system32\nvudisp.exe
2007-09-29 16:46 <DIR> d——– C:\NVIDIA
2007-09-29 16:42 3,958,496 –a—— C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-29 16:42 1,897,408 –a–c— C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-29 16:41 <DIR> d——– C:\Program Files\Driver Cleaner Pro
2007-09-28 23:28 14,744 –ah—– C:\WINDOWS\system32\mlfcache.dat
2007-09-28 21:25 <DIR> d——– C:\Deckard
2007-09-28 21:14 <DIR> d——– C:\Program Files\Safari
2007-09-28 21:14 <DIR> d——– C:\Program Files\Bonjour
2007-09-28 21:14 <DIR> d——– C:\Program Files\Apple Software Update
2007-09-28 21:14 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-09-28 20:46 <DIR> d——– C:\Drivers
2007-09-27 19:05 <DIR> d——– C:\Program Files\Ad-Aware 2007
2007-09-27 19:05 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-09-27 16:50 <DIR> d——– C:\Program Files\Winamp
2007-09-27 15:53 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PPStream
2007-09-27 15:48 <DIR> d——– C:\Program Files\Nieuwe map
2007-09-27 15:44 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\SopCast
2007-09-25 18:00 77,312 –a—— C:\WINDOWS\system32\ztvunace26.dll
2007-09-25 18:00 75,264 –a—— C:\WINDOWS\system32\unacev2.dll
2007-09-25 18:00 69,632 –a—— C:\WINDOWS\system32\ztvcabinet.dll
2007-09-25 18:00 162,304 –a—— C:\WINDOWS\system32\ztvunrar36.dll
2007-09-25 18:00 153,088 –a—— C:\WINDOWS\system32\UNRAR3.dll
2007-09-25 18:00 <DIR> d——– C:\Program Files\Trojan Remover
2007-09-25 18:00 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Simply Super Software
2007-09-25 18:00 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2007-09-24 19:00 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2007-09-22 23:58 <DIR> d——– C:\Program Files\Western Digital
2007-09-22 02:49 7,552 –a—— C:\WINDOWS\system32\drivers\enodpl.sys
2007-09-22 02:49 4,736 –a—— C:\WINDOWS\system32\drivers\tandpl.sys
2007-09-21 17:18 <DIR> d——– C:\Program Files\Windows Live Safety Center
2007-09-16 22:54 1,156 –a—— C:\WINDOWS\mozver.dat
2007-09-16 20:44 69,632 –a—— C:\WINDOWS\ALCMTR.EXE
2007-09-15 20:35 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Tournament.com Client
2007-09-15 00:55 <DIR> d——– C:\WINDOWS\system32\Nieuwe map
2007-09-15 00:30 <DIR> d——– C:\WINDOWS\system32\VIRepair
2007-09-14 17:30 <DIR> d——– C:\DECCHECK
2007-09-14 14:20 <DIR> d——– C:\Program Files\DaemonTools_WhenUSave_Installer
2007-09-13 22:40 <DIR> d——– C:\Program Files\SystemRequirementsLab
2007-09-12 21:53 <DIR> d-a—— C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-09-12 18:11 <DIR> d——– C:\Program Files\Windows Journal Viewer
2007-09-11 21:03 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Lavasoft
2007-09-11 20:44 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:44 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-09-08 22:00 19,424 –a—— C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-08 22:00 1,419,232 –a—— C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-08 14:09 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-08 14:09 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
2007-09-08 02:36 <DIR> d——– C:\Program Files\Kaspersky Lab
2007-09-08 02:36 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-09-08 02:35 <DIR> d——– C:\KAV
2007-09-08 02:24 0 –a—— C:\WINDOWS\nsreg.dat
2007-09-07 21:49 <DIR> d——– C:\Program Files\SAGEM
2007-09-06 17:48 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Apple Computer
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Shared
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Incomplete
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\LimeWire
2007-09-05 16:27 86,016 –a—— C:\WINDOWS\system32\sbres32.dll
2007-09-05 16:27 59,392 –a—— C:\WINDOWS\system\a3d.dll
2007-09-05 16:27 465,536 –a—— C:\WINDOWS\system32\drivers\sbpci.sys
2007-09-05 16:27 434,176 –a—— C:\WINDOWS\system32\sbmixres.dll
2007-09-05 16:27 388,608 –a—— C:\WINDOWS\system32\ensmix32.exe
2007-09-05 16:27 32,768 –a—— C:\WINDOWS\system32\starter.exe
2007-09-05 16:27 <DIR> d——– C:\SBPCI
2007-09-05 16:27 <DIR> d——– C:\cabs
2007-09-05 14:21 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-05 14:21 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-05 14:21 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
2007-09-05 14:21 <DIR> d——– C:\WINDOWS\system32\Futuremark
2007-09-05 07:58 <DIR> d——– C:\Program Files\SpeedFan
2007-09-04 17:49 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
2007-09-03 23:16 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2007-09-03 23:16 <DIR> d——– C:\WINDOWS\nview
2007-09-03 22:40 66,668 –a—— C:\WINDOWS\BricoPackUninst.cmd
2007-09-03 22:37 6,114 –a—— C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-03 22:36 <DIR> d——– C:\WINDOWS\BricoPacks
2007-09-03 22:29 <DIR> d——– C:\Program Files\ViOrb
2007-09-03 22:25 8,636 –a—— C:\WINDOWS\system32\modifype.exe
2007-09-03 22:25 19,968 –a—— C:\WINDOWS\system32\reico.exe
2007-09-03 22:25 111,104 –a—— C:\WINDOWS\system32\Uharc.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 22:28 ——— d——– C:\Program Files\ImTOO
2007-09-30 19:18 ——— d–h—– C:\Program Files\InstallShield Installation Information
2007-09-30 05:11 ——— d——– C:\Program Files\Yahoo!
2007-09-28 20:48 ——— d——– C:\Program Files\Marvell
2007-09-27 19:07 9344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-27 19:07 8320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-27 19:00 ——— d——– C:\Program Files\Hitman Pro
2007-09-27 18:58 ——— d——– C:\Program Files\Lavasoft
2007-09-27 15:53 ——— d——– C:\Program Files\MSN Messenger
2007-09-22 04:52 ——— d——– C:\Program Files\CCleaner
2007-09-16 20:44 ——— d——– C:\Program Files\Realtek
2007-09-08 22:07 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-08 22:07 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-08 21:59 ——— d——– C:\Program Files\Sony Ericsson
2007-09-06 17:24 ——— d——– C:\Program Files\LimeWire
2007-09-03 22:01 ——— d——– C:\Program Files\Windows Installer Clean Up
2007-09-03 21:37 ——— d——– C:\Program Files\directx
2007-09-03 21:26 ——— d——– C:\Program Files\QuickTime
2007-09-03 21:23 ——— d——– C:\Program Files\Common Files\Teleca Shared
2007-09-03 20:31 ——— d——– C:\Program Files\MD40323
2007-09-03 20:30 ——— d——– C:\Program Files\BitTorrent
2007-09-03 20:28 ——— d——– C:\Program Files\Messenger Plus! Live
2007-09-01 05:34 ——— d——– C:\Program Files\Google
2007-09-01 01:50 ——— d——– C:\Program Files\CyberLink
2007-08-31 05:16 ——— d——– C:\Program Files\MSXML 4.0
2007-08-31 05:13 ——— d——– C:\Program Files\Lavalys
2007-08-30 17:19 ——— d——– C:\Program Files\Team MediaPortal
2007-08-30 15:47 ——— d——– C:\Program Files\Disc2Phone
2007-08-29 21:21 ——— d——– C:\Program Files\Spyware Terminator
2007-08-29 13:59 ——— d——– C:\Program Files\SpywareBlaster
2007-08-29 13:50 ——— d——– C:\Program Files\Ashampoo
2007-08-29 05:16 ——— d——– C:\Program Files\Trend Micro
2007-08-29 05:07 ——— d——– C:\Program Files\Crawler
2007-08-29 04:57 ——— d——– C:\Program Files\Adverts
2007-08-28 18:48 ——— d——– C:\Program Files\Windows Defender
2007-08-28 18:32 ——— d——– C:\Program Files\MSECACHE
2007-08-28 18:17 ——— d——– C:\Program Files\Windows Media Connect 2
2007-08-28 18:15 ——— d——– C:\Program Files\Windows Live
2007-08-28 16:13 ——— d——– C:\Program Files\NVIDIA Corporation
2007-08-28 15:45 ——— d——– C:\Program Files\SCREEN2EXE
2007-08-28 15:00 ——— d——– C:\Program Files\Common Files\InstallShield
2007-08-28 15:00 ——— d——– C:\Program Files\ASUS
2007-08-28 14:52 ——— d——– C:\Program Files\Intel
2007-08-28 14:45 ——— d——– C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 68440 –a—— C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 207736 –a—— C:\WINDOWS\system32\muweb.dll
2007-07-03 12:33 6912 –a—— C:\WINDOWS\nvoclock.sys
2007-07-03 12:32 397312 –a—— C:\WINDOWS\ntuneoem.dll
2007-07-03 12:32 1622016 –a—— C:\WINDOWS\NVBenchMarks.dll
2007-07-03 12:31 28672 –a—— C:\WINDOWS\AutoTuneScript.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 13:10 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 14:54]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
S3 Ca100v;2Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca100v.sys
S3 CrystalSysInfo;CrystalSysInfo;\??\C:\Documents and Settings\Sadik\Mijn documenten\setfsb20b15w\SysInfo.sys
S3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk100.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-09-28 19:14:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 13:21:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 15:30:43
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-02 15:32:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-10-02 15:32
.
— E O F —
en nog een logje voor de zekerhied - erg bedankt he
helpte al erg veel
ComboFix 07-10-02.2 - Sadik 2007-10-02 15:27:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.621 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Documents and Settings\Sadik\Bureaublad\internet.lnk
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\instcat.dll
C:\WINDOWS\system32\pskill.exe
C:\wsusupd.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
——-\LEGACY_NTMLSVC
——-\LEGACY_RUNTIME
——-\NtmlSvc
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))
.
2007-10-02 15:26 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-01 22:01 158,496 –a—— C:\WINDOWS\system32\b1e35fe3.sys
2007-10-01 21:46 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2007-10-01 21:41 158,464 –a—— C:\WINDOWS\system32\e86169f6.sys
2007-10-01 21:38 61,440 –a—— C:\WINDOWS\system32\aspimgr.exe.ren
2007-10-01 21:38 41,771 –a—— C:\tislctg.exe
2007-10-01 21:38 28,160 –a—— C:\qixik.exe
2007-10-01 21:38 20,992 –a—— C:\gniinq.exe
2007-10-01 21:38 158,464 –a—— C:\WINDOWS\system32\4f46087b.sys
2007-10-01 21:38 13,312 –a—— C:\WINDOWS\system32\netfilter.dll
2007-10-01 17:10 <DIR> d–hs—- C:\Documents and Settings\Sadik\Onlangs geopend
2007-09-30 21:55 83,536 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-30 21:55 59,984 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-30 21:55 52,304 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-30 21:55 39,248 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-09-30 21:55 26,064 –a—— C:\WINDOWS\system32\drivers\kcom.sys
2007-09-30 21:54 <DIR> d——– C:\Program Files\Spyware Doctor
2007-09-30 21:54 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PC Tools
2007-09-30 18:00 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\BitTorrent
2007-09-29 16:57 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-09-29 16:48 208,896 –a—— C:\WINDOWS\system32\nvudisp.exe
2007-09-29 16:46 <DIR> d——– C:\NVIDIA
2007-09-29 16:42 3,958,496 –a—— C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-29 16:42 1,897,408 –a–c— C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-29 16:41 <DIR> d——– C:\Program Files\Driver Cleaner Pro
2007-09-28 23:28 14,744 –ah—– C:\WINDOWS\system32\mlfcache.dat
2007-09-28 21:25 <DIR> d——– C:\Deckard
2007-09-28 21:14 <DIR> d——– C:\Program Files\Safari
2007-09-28 21:14 <DIR> d——– C:\Program Files\Bonjour
2007-09-28 21:14 <DIR> d——– C:\Program Files\Apple Software Update
2007-09-28 21:14 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-09-28 20:46 <DIR> d——– C:\Drivers
2007-09-27 19:05 <DIR> d——– C:\Program Files\Ad-Aware 2007
2007-09-27 19:05 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-09-27 16:50 <DIR> d——– C:\Program Files\Winamp
2007-09-27 15:53 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PPStream
2007-09-27 15:48 <DIR> d——– C:\Program Files\Nieuwe map
2007-09-27 15:44 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\SopCast
2007-09-25 18:00 77,312 –a—— C:\WINDOWS\system32\ztvunace26.dll
2007-09-25 18:00 75,264 –a—— C:\WINDOWS\system32\unacev2.dll
2007-09-25 18:00 69,632 –a—— C:\WINDOWS\system32\ztvcabinet.dll
2007-09-25 18:00 162,304 –a—— C:\WINDOWS\system32\ztvunrar36.dll
2007-09-25 18:00 153,088 –a—— C:\WINDOWS\system32\UNRAR3.dll
2007-09-25 18:00 <DIR> d——– C:\Program Files\Trojan Remover
2007-09-25 18:00 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Simply Super Software
2007-09-25 18:00 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2007-09-24 19:00 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2007-09-22 23:58 <DIR> d——– C:\Program Files\Western Digital
2007-09-22 02:49 7,552 –a—— C:\WINDOWS\system32\drivers\enodpl.sys
2007-09-22 02:49 4,736 –a—— C:\WINDOWS\system32\drivers\tandpl.sys
2007-09-21 17:18 <DIR> d——– C:\Program Files\Windows Live Safety Center
2007-09-16 22:54 1,156 –a—— C:\WINDOWS\mozver.dat
2007-09-16 20:44 69,632 –a—— C:\WINDOWS\ALCMTR.EXE
2007-09-15 20:35 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Tournament.com Client
2007-09-15 00:55 <DIR> d——– C:\WINDOWS\system32\Nieuwe map
2007-09-15 00:30 <DIR> d——– C:\WINDOWS\system32\VIRepair
2007-09-14 17:30 <DIR> d——– C:\DECCHECK
2007-09-14 14:20 <DIR> d——– C:\Program Files\DaemonTools_WhenUSave_Installer
2007-09-13 22:40 <DIR> d——– C:\Program Files\SystemRequirementsLab
2007-09-12 21:53 <DIR> d-a—— C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-09-12 18:11 <DIR> d——– C:\Program Files\Windows Journal Viewer
2007-09-11 21:03 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Lavasoft
2007-09-11 20:44 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:44 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-09-08 22:00 19,424 –a—— C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-08 22:00 1,419,232 –a—— C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-08 14:09 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-08 14:09 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
2007-09-08 02:36 <DIR> d——– C:\Program Files\Kaspersky Lab
2007-09-08 02:36 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-09-08 02:35 <DIR> d——– C:\KAV
2007-09-08 02:24 0 –a—— C:\WINDOWS\nsreg.dat
2007-09-07 21:49 <DIR> d——– C:\Program Files\SAGEM
2007-09-06 17:48 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Apple Computer
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Shared
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Incomplete
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\LimeWire
2007-09-05 16:27 86,016 –a—— C:\WINDOWS\system32\sbres32.dll
2007-09-05 16:27 59,392 –a—— C:\WINDOWS\system\a3d.dll
2007-09-05 16:27 465,536 –a—— C:\WINDOWS\system32\drivers\sbpci.sys
2007-09-05 16:27 434,176 –a—— C:\WINDOWS\system32\sbmixres.dll
2007-09-05 16:27 388,608 –a—— C:\WINDOWS\system32\ensmix32.exe
2007-09-05 16:27 32,768 –a—— C:\WINDOWS\system32\starter.exe
2007-09-05 16:27 <DIR> d——– C:\SBPCI
2007-09-05 16:27 <DIR> d——– C:\cabs
2007-09-05 14:21 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-05 14:21 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-05 14:21 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
2007-09-05 14:21 <DIR> d——– C:\WINDOWS\system32\Futuremark
2007-09-05 07:58 <DIR> d——– C:\Program Files\SpeedFan
2007-09-04 17:49 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
2007-09-03 23:16 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2007-09-03 23:16 <DIR> d——– C:\WINDOWS\nview
2007-09-03 22:40 66,668 –a—— C:\WINDOWS\BricoPackUninst.cmd
2007-09-03 22:37 6,114 –a—— C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-03 22:36 <DIR> d——– C:\WINDOWS\BricoPacks
2007-09-03 22:29 <DIR> d——– C:\Program Files\ViOrb
2007-09-03 22:25 8,636 –a—— C:\WINDOWS\system32\modifype.exe
2007-09-03 22:25 19,968 –a—— C:\WINDOWS\system32\reico.exe
2007-09-03 22:25 111,104 –a—— C:\WINDOWS\system32\Uharc.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 22:28 ——— d——– C:\Program Files\ImTOO
2007-09-30 19:18 ——— d–h—– C:\Program Files\InstallShield Installation Information
2007-09-30 05:11 ——— d——– C:\Program Files\Yahoo!
2007-09-28 20:48 ——— d——– C:\Program Files\Marvell
2007-09-27 19:07 9344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-27 19:07 8320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-27 19:00 ——— d——– C:\Program Files\Hitman Pro
2007-09-27 18:58 ——— d——– C:\Program Files\Lavasoft
2007-09-27 15:53 ——— d——– C:\Program Files\MSN Messenger
2007-09-22 04:52 ——— d——– C:\Program Files\CCleaner
2007-09-16 20:44 ——— d——– C:\Program Files\Realtek
2007-09-08 22:07 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-08 22:07 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-08 21:59 ——— d——– C:\Program Files\Sony Ericsson
2007-09-06 17:24 ——— d——– C:\Program Files\LimeWire
2007-09-03 22:01 ——— d——– C:\Program Files\Windows Installer Clean Up
2007-09-03 21:37 ——— d——– C:\Program Files\directx
2007-09-03 21:26 ——— d——– C:\Program Files\QuickTime
2007-09-03 21:23 ——— d——– C:\Program Files\Common Files\Teleca Shared
2007-09-03 20:31 ——— d——– C:\Program Files\MD40323
2007-09-03 20:30 ——— d——– C:\Program Files\BitTorrent
2007-09-03 20:28 ——— d——– C:\Program Files\Messenger Plus! Live
2007-09-01 05:34 ——— d——– C:\Program Files\Google
2007-09-01 01:50 ——— d——– C:\Program Files\CyberLink
2007-08-31 05:16 ——— d——– C:\Program Files\MSXML 4.0
2007-08-31 05:13 ——— d——– C:\Program Files\Lavalys
2007-08-30 17:19 ——— d——– C:\Program Files\Team MediaPortal
2007-08-30 15:47 ——— d——– C:\Program Files\Disc2Phone
2007-08-29 21:21 ——— d——– C:\Program Files\Spyware Terminator
2007-08-29 13:59 ——— d——– C:\Program Files\SpywareBlaster
2007-08-29 13:50 ——— d——– C:\Program Files\Ashampoo
2007-08-29 05:16 ——— d——– C:\Program Files\Trend Micro
2007-08-29 05:07 ——— d——– C:\Program Files\Crawler
2007-08-29 04:57 ——— d——– C:\Program Files\Adverts
2007-08-28 18:48 ——— d——– C:\Program Files\Windows Defender
2007-08-28 18:32 ——— d——– C:\Program Files\MSECACHE
2007-08-28 18:17 ——— d——– C:\Program Files\Windows Media Connect 2
2007-08-28 18:15 ——— d——– C:\Program Files\Windows Live
2007-08-28 16:13 ——— d——– C:\Program Files\NVIDIA Corporation
2007-08-28 15:45 ——— d——– C:\Program Files\SCREEN2EXE
2007-08-28 15:00 ——— d——– C:\Program Files\Common Files\InstallShield
2007-08-28 15:00 ——— d——– C:\Program Files\ASUS
2007-08-28 14:52 ——— d——– C:\Program Files\Intel
2007-08-28 14:45 ——— d——– C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 68440 –a—— C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 207736 –a—— C:\WINDOWS\system32\muweb.dll
2007-07-03 12:33 6912 –a—— C:\WINDOWS\nvoclock.sys
2007-07-03 12:32 397312 –a—— C:\WINDOWS\ntuneoem.dll
2007-07-03 12:32 1622016 –a—— C:\WINDOWS\NVBenchMarks.dll
2007-07-03 12:31 28672 –a—— C:\WINDOWS\AutoTuneScript.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 13:10 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 14:54]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
S3 Ca100v;2Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca100v.sys
S3 CrystalSysInfo;CrystalSysInfo;\??\C:\Documents and Settings\Sadik\Mijn documenten\setfsb20b15w\SysInfo.sys
S3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk100.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-09-28 19:14:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 13:21:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 15:30:43
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-02 15:32:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-10-02 15:32
.
— E O F —
en nog een logje voor de zekerheid
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:13, on 2-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188831081734
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188845633406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
–
End of file - 5558 bytes - :evil:
nog steeds dezelfde
opnieuw opgestart
elke 2 minuten blijft windows vast zittn voor 30 sec :evil: - Verwijder via configuratiescherm –> software, [b:8025bc53d2] indien aanwezig[/b:8025bc53d2]:
[b:8025bc53d2]
Driver Cleaner Pro
[/b:8025bc53d2]
Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:8025bc53d2]
File::
C:\WINDOWS\system32\b1e35fe3.sys
C:\WINDOWS\system32\e86169f6.sys
C:\WINDOWS\system32\aspimgr.exe.ren
C:\tislctg.exe
C:\qixik.exe
C:\gniinq.exe
C:\WINDOWS\system32\4f46087b.sys
C:\WINDOWS\system32\netfilter.dll
Folder::
C:\Program Files\Driver Cleaner Pro
C:\Deckard
DirLook::
C:\Program Files\DaemonTools_WhenUSave_Installer
[/b:8025bc53d2]
Sla dit op op je Bureaublad als [b:8025bc53d2]CFScript.txt[/b:8025bc53d2].
Sleep [b:8025bc53d2]CFScript.txt[/b:8025bc53d2] in [b:8025bc53d2]ComboFix.exe[/b:8025bc53d2] zoals getoond in onderstaand voorbeeld :
[img:8025bc53d2]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:8025bc53d2]
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:8025bc53d2]Combofix.txt[/b:8025bc53d2] in je volgende antwoord.
succes!
Pim - thxx
hier
ComboFix 07-10-02.2 - Sadik 2007-10-02 17:48:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.625 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sadik\Bureaublad\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt
FILE::
C:\WINDOWS\system32\b1e35fe3.sys
C:\WINDOWS\system32\e86169f6.sys
C:\WINDOWS\system32\aspimgr.exe.ren
C:\tislctg.exe
C:\qixik.exe
C:\gniinq.exe
C:\WINDOWS\system32\4f46087b.sys
C:\WINDOWS\system32\netfilter.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Deckard
C:\gniinq.exe
C:\qixik.exe
C:\tislctg.exe
C:\WINDOWS\system32\4f46087b.sys
C:\WINDOWS\system32\aspimgr.exe.ren
C:\WINDOWS\system32\b1e35fe3.sys
C:\WINDOWS\system32\e86169f6.sys
C:\WINDOWS\system32\netfilter.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
——-\LEGACY_NTMLSVC
——-\LEGACY_RUNTIME
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))
.
2007-10-02 15:26 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-10-01 21:46 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2007-10-01 17:10 <DIR> d–hs—- C:\Documents and Settings\Sadik\Onlangs geopend
2007-09-30 21:55 83,536 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-30 21:55 59,984 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-30 21:55 52,304 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-30 21:55 39,248 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-09-30 21:55 26,064 –a—— C:\WINDOWS\system32\drivers\kcom.sys
2007-09-30 21:54 <DIR> d——– C:\Program Files\Spyware Doctor
2007-09-30 21:54 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PC Tools
2007-09-30 18:00 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\BitTorrent
2007-09-29 16:57 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-09-29 16:48 208,896 –a—— C:\WINDOWS\system32\nvudisp.exe
2007-09-29 16:46 <DIR> d——– C:\NVIDIA
2007-09-29 16:42 3,958,496 –a—— C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-29 16:42 1,897,408 –a–c— C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-28 23:28 14,744 –ah—– C:\WINDOWS\system32\mlfcache.dat
2007-09-28 21:14 <DIR> d——– C:\Program Files\Safari
2007-09-28 21:14 <DIR> d——– C:\Program Files\Bonjour
2007-09-28 21:14 <DIR> d——– C:\Program Files\Apple Software Update
2007-09-28 21:14 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-09-28 20:46 <DIR> d——– C:\Drivers
2007-09-27 19:05 <DIR> d——– C:\Program Files\Ad-Aware 2007
2007-09-27 19:05 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-09-27 16:50 <DIR> d——– C:\Program Files\Winamp
2007-09-27 15:53 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PPStream
2007-09-27 15:48 <DIR> d——– C:\Program Files\Nieuwe map
2007-09-27 15:44 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\SopCast
2007-09-25 18:00 77,312 –a—— C:\WINDOWS\system32\ztvunace26.dll
2007-09-25 18:00 75,264 –a—— C:\WINDOWS\system32\unacev2.dll
2007-09-25 18:00 69,632 –a—— C:\WINDOWS\system32\ztvcabinet.dll
2007-09-25 18:00 162,304 –a—— C:\WINDOWS\system32\ztvunrar36.dll
2007-09-25 18:00 153,088 –a—— C:\WINDOWS\system32\UNRAR3.dll
2007-09-25 18:00 <DIR> d——– C:\Program Files\Trojan Remover
2007-09-25 18:00 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Simply Super Software
2007-09-25 18:00 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2007-09-24 19:00 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2007-09-22 23:58 <DIR> d——– C:\Program Files\Western Digital
2007-09-22 02:49 7,552 –a—— C:\WINDOWS\system32\drivers\enodpl.sys
2007-09-22 02:49 4,736 –a—— C:\WINDOWS\system32\drivers\tandpl.sys
2007-09-21 17:18 <DIR> d——– C:\Program Files\Windows Live Safety Center
2007-09-16 22:54 1,156 –a—— C:\WINDOWS\mozver.dat
2007-09-16 20:44 69,632 –a—— C:\WINDOWS\ALCMTR.EXE
2007-09-15 20:35 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Tournament.com Client
2007-09-15 00:55 <DIR> d——– C:\WINDOWS\system32\Nieuwe map
2007-09-15 00:30 <DIR> d——– C:\WINDOWS\system32\VIRepair
2007-09-14 17:30 <DIR> d——– C:\DECCHECK
2007-09-14 14:20 <DIR> d——– C:\Program Files\DaemonTools_WhenUSave_Installer
2007-09-13 22:40 <DIR> d——– C:\Program Files\SystemRequirementsLab
2007-09-12 21:53 <DIR> d-a—— C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-09-12 18:11 <DIR> d——– C:\Program Files\Windows Journal Viewer
2007-09-11 21:03 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Lavasoft
2007-09-11 20:44 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:44 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-09-08 22:00 19,424 –a—— C:\WINDOWS\system32\drivers\ggsemc.sys
2007-09-08 22:00 1,419,232 –a—— C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-08 14:09 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-08 14:09 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
2007-09-08 02:36 <DIR> d——– C:\Program Files\Kaspersky Lab
2007-09-08 02:36 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-09-08 02:35 <DIR> d——– C:\KAV
2007-09-08 02:24 0 –a—— C:\WINDOWS\nsreg.dat
2007-09-07 21:49 <DIR> d——– C:\Program Files\SAGEM
2007-09-06 17:48 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Apple Computer
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Shared
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Incomplete
2007-09-06 17:40 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\LimeWire
2007-09-05 16:27 86,016 –a—— C:\WINDOWS\system32\sbres32.dll
2007-09-05 16:27 59,392 –a—— C:\WINDOWS\system\a3d.dll
2007-09-05 16:27 465,536 –a—— C:\WINDOWS\system32\drivers\sbpci.sys
2007-09-05 16:27 434,176 –a—— C:\WINDOWS\system32\sbmixres.dll
2007-09-05 16:27 388,608 –a—— C:\WINDOWS\system32\ensmix32.exe
2007-09-05 16:27 32,768 –a—— C:\WINDOWS\system32\starter.exe
2007-09-05 16:27 <DIR> d——– C:\SBPCI
2007-09-05 16:27 <DIR> d——– C:\cabs
2007-09-05 14:21 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-05 14:21 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-05 14:21 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
2007-09-05 14:21 <DIR> d——– C:\WINDOWS\system32\Futuremark
2007-09-05 07:58 <DIR> d——– C:\Program Files\SpeedFan
2007-09-04 17:49 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
2007-09-03 23:16 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
2007-09-03 23:16 <DIR> d——– C:\WINDOWS\nview
2007-09-03 22:40 66,668 –a—— C:\WINDOWS\BricoPackUninst.cmd
2007-09-03 22:37 6,114 –a—— C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-03 22:36 <DIR> d——– C:\WINDOWS\BricoPacks
2007-09-03 22:29 <DIR> d——– C:\Program Files\ViOrb
2007-09-03 22:25 8,636 –a—— C:\WINDOWS\system32\modifype.exe
2007-09-03 22:25 19,968 –a—— C:\WINDOWS\system32\reico.exe
2007-09-03 22:25 111,104 –a—— C:\WINDOWS\system32\Uharc.exe
2007-09-03 22:24 <DIR> dr——- C:\Documents and Settings\Administrator\Menu Start
2007-09-03 22:24 <DIR> d–h—– C:\Documents and Settings\Administrator\Sjablonen
2007-09-03 22:24 <DIR> d–h—– C:\Documents and Settings\Administrator\Onlangs geopend
2007-09-03 22:24 <DIR> d–h—– C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2007-09-03 22:24 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
2007-09-03 22:24 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
2007-09-03 22:24 <DIR> d——– C:\Documents and Settings\Administrator\Bureaublad
2007-09-03 21:32 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\InstallShield
2007-09-03 21:25 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-09-03 21:23 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Teleca
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 22:28 ——— d——– C:\Program Files\ImTOO
2007-09-30 19:18 ——— d–h—– C:\Program Files\InstallShield Installation Information
2007-09-30 05:11 ——— d——– C:\Program Files\Yahoo!
2007-09-28 20:48 ——— d——– C:\Program Files\Marvell
2007-09-27 19:07 9344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-27 19:07 8320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-27 19:00 ——— d——– C:\Program Files\Hitman Pro
2007-09-27 18:58 ——— d——– C:\Program Files\Lavasoft
2007-09-27 15:53 ——— d——– C:\Program Files\MSN Messenger
2007-09-22 04:52 ——— d——– C:\Program Files\CCleaner
2007-09-16 20:44 ——— d——– C:\Program Files\Realtek
2007-09-08 22:07 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-08 22:07 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-09-08 21:59 ——— d——– C:\Program Files\Sony Ericsson
2007-09-06 17:24 ——— d——– C:\Program Files\LimeWire
2007-09-03 22:01 ——— d——– C:\Program Files\Windows Installer Clean Up
2007-09-03 21:37 ——— d——– C:\Program Files\directx
2007-09-03 21:26 ——— d——– C:\Program Files\QuickTime
2007-09-03 21:23 ——— d——– C:\Program Files\Common Files\Teleca Shared
2007-09-03 20:31 ——— d——– C:\Program Files\MD40323
2007-09-03 20:30 ——— d——– C:\Program Files\BitTorrent
2007-09-03 20:28 ——— d——– C:\Program Files\Messenger Plus! Live
2007-09-01 05:34 ——— d——– C:\Program Files\Google
2007-09-01 01:50 ——— d——– C:\Program Files\CyberLink
2007-08-31 05:16 ——— d——– C:\Program Files\MSXML 4.0
2007-08-31 05:13 ——— d——– C:\Program Files\Lavalys
2007-08-30 17:19 ——— d——– C:\Program Files\Team MediaPortal
2007-08-30 15:47 ——— d——– C:\Program Files\Disc2Phone
2007-08-29 21:21 ——— d——– C:\Program Files\Spyware Terminator
2007-08-29 13:59 ——— d——– C:\Program Files\SpywareBlaster
2007-08-29 13:50 ——— d——– C:\Program Files\Ashampoo
2007-08-29 05:16 ——— d——– C:\Program Files\Trend Micro
2007-08-29 05:07 ——— d——– C:\Program Files\Crawler
2007-08-29 04:57 ——— d——– C:\Program Files\Adverts
2007-08-28 18:48 ——— d——– C:\Program Files\Windows Defender
2007-08-28 18:32 ——— d——– C:\Program Files\MSECACHE
2007-08-28 18:17 ——— d——– C:\Program Files\Windows Media Connect 2
2007-08-28 18:15 ——— d——– C:\Program Files\Windows Live
2007-08-28 16:13 ——— d——– C:\Program Files\NVIDIA Corporation
2007-08-28 15:45 ——— d——– C:\Program Files\SCREEN2EXE
2007-08-28 15:00 ——— d——– C:\Program Files\Common Files\InstallShield
2007-08-28 15:00 ——— d——– C:\Program Files\ASUS
2007-08-28 14:52 ——— d——– C:\Program Files\Intel
2007-08-28 14:45 ——— d——– C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 68440 –a—— C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 207736 –a—— C:\WINDOWS\system32\muweb.dll
2007-07-03 12:33 6912 –a—— C:\WINDOWS\nvoclock.sys
2007-07-03 12:32 397312 –a—— C:\WINDOWS\ntuneoem.dll
2007-07-03 12:32 1622016 –a—— C:\WINDOWS\NVBenchMarks.dll
2007-07-03 12:31 28672 –a—— C:\WINDOWS\AutoTuneScript.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
—- Directory of C:\Program Files\DaemonTools_WhenUSave_Installer —-
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 13:10 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 14:54]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
S3 Ca100v;2Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca100v.sys
S3 CrystalSysInfo;CrystalSysInfo;\??\C:\Documents and Settings\Sadik\Mijn documenten\setfsb20b15w\SysInfo.sys
S3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk100.sys
.
Inhoud van de 'Gedeelde Taken' map
"2007-09-28 19:14:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 13:33:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 17:53:07
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2007-10-02 17:55:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-10-02 17:54
C:\ComboFix2.txt … 2007-10-02 15:32
.
— E O F —
k hoop dat je meer vind - [quote:78ee1f831f]
k hoop dat je meer vind
[/quote:78ee1f831f]
Zijn je problemen nog steeds niet over dan?
Onderstaande map mag je verwijderen:
C:\Program Files\[b:78ee1f831f]DaemonTools_WhenUSave_Installer[/b:78ee1f831f]
Download ATF Cleaner (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:78ee1f831f]Select All[/b:78ee1f831f].
Klik op de knop [b:78ee1f831f]Empty Selected[/b:78ee1f831f].
Het volgende doen als je ook [u:78ee1f831f]FireFox[/u:78ee1f831f] als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij [b:78ee1f831f]Select All[/b:78ee1f831f].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:78ee1f831f]Empty Selected.[/b:78ee1f831f]
Het volgende doen als je ook [u:78ee1f831f]Opera[/u:78ee1f831f] als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij [b:78ee1f831f]Select All[/b:78ee1f831f].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:78ee1f831f]Empty Selected[/b:78ee1f831f].
Ga naar het tabblad "Main" en klik op de knop [b:78ee1f831f]Exit[/b:78ee1f831f] om het programma af te sluiten.
Download Dr.Web Cureit naar je bureaublad.
[list:78ee1f831f]
* Dubbelklik [b:78ee1f831f]drweb-cureit.exe[/b:78ee1f831f] en sta het toe om de express scan te starten.
* Indien een popup verschijnt met het voorstel tot kopen/50% korting,
mag je deze sluiten met het kruisje.
* Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de [b:78ee1f831f]Yes to all[/b:78ee1f831f] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
* Kies bovenaan in het menu voor [b:78ee1f831f]Language/Taal[/b:78ee1f831f] en wijzig deze naar [b:78ee1f831f]Dutch (Nederlands)[/b:78ee1f831f] indien deze bij jou anders staat ingesteld.
* Druk op [b:78ee1f831f]F9[/b:78ee1f831f] en kies daarna voor [b:78ee1f831f]Acties[/b:78ee1f831f] en stel daar het volgende in onder [b:78ee1f831f]Malware[/b:78ee1f831f] :
o Adware: [b:78ee1f831f]Verplaats[/b:78ee1f831f]
Dialers: [b:78ee1f831f]Verplaats[/b:78ee1f831f]
Jokes: [b:78ee1f831f]Rapportage[/b:78ee1f831f]
Riskware: [b:78ee1f831f]Rapportage[/b:78ee1f831f]
Hacktools: [b:78ee1f831f]Verplaats[/b:78ee1f831f]
Haal dan het [b:78ee1f831f]vinkje weg bij "Prompt bij actie"[/b:78ee1f831f].
Druk dan op [b:78ee1f831f]OK[/b:78ee1f831f].
* Druk op [b:78ee1f831f]F9[/b:78ee1f831f] en kies daarna voor [b:78ee1f831f]Scan[/b:78ee1f831f] en verwijder het vinkje bij [b:78ee1f831f]Heuristische analyse[/b:78ee1f831f] en klik op [b:78ee1f831f]OK[/b:78ee1f831f].
* Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
* Selecteer hier [b:78ee1f831f]alle stations[/b:78ee1f831f]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
* Klik daarna de - erg bedankt maar
ik kan nu niet meer me pc starten
voordat je dat drweb cureit gaf
ik ging ff me pc zn plekie verwisselen
computer uit
voeding uit
(alle kabels eruit en weer erin)
starte me pc
en start op
komt tot t windows laad balk en in een keer en snelle blauw scherm en start opnieuw op
ik kon wel iets in de midden leze
stond iets van veilige modusm enzo(ben nu ook in veilige modus)
wat nu???
hier ik heb ook videos en frames vastgelegd van die video
pleas ehelp mee
en hier, videos die ik had opgenomen enzo(+ vastgelegde frames van t video)
2 uur later…
wat een geluk zeg
die blauwe scherm bleef deze keer vast zitte
hier het code+video's:
http://rapidshare.com/files/59990126/Probleem_video.rar.html[code:1:6d0b8e389a] *** STOP: 0x0000003F (0x00000000,0x000014A8,0x00008BE4,0x0000CD2F)[/code:1:6d0b8e389a]
alvast erg bedankt als jullie het kunnen oplosse
10 min later…
hmmm al gevonden
http://www.geekstogo.com/forum/Windows-XP-Blue-Screen-Death-STOP-Codes-t43519.html - Opgelost….
spyware doctor 5.0 en trojan remover verwijderd
nou start ie normaal op
ik denk dat spyware doctor t oorzaak was
toen ik ging afsluiten (via t veilige modus)
gaf t all een error als SWDSVC.EXE toepassingsfout
en stond er onder ook nog wat met paar codes etc.
maar bedankt echt heel erg bedankt voor jullie hulp hea :lol:
me pc is weer bij - Mooi dat het is opgelost!
De gebruikte tools mag je weer verwijderen :wink:
Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
Pim - ok
:wink:
nee het probleem was spyware doctor niet
trojan remover
allebei opnieuw geinstalleerd
zelfde probleem
spyware doctor verwijderd
zelfde
trojan remover verwijderd
niks aan de hand
(zeg dit als de anderen dit ook hebben en het kunnen oplossen)
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.