Vraag & Antwoord

Beveiliging & privacy

Hijack this logje

Anoniem
None
16 antwoorden
  • Me pc is weer in flipmode
    Ik heb hier een logje gemaakt
    ik hoop dat jullie wat vinden



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:30, on 27-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    D:\steam\steam.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    F3 - REG:win.ini: run=
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sadik\Menu Start\Programma's\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    End of file - 8294 bytes


    ben blij als jullie me zo snel mogelijk helpen

    alvast erg bedankt

    ennnn prettige vuurwerkdagen verder.. :D
  • nog iemand???

  • Geef eens een wat duidelijkere omschrijving van de problemen die er zijn.
  • hij doet weer traag enzo
    start moeilijk op
  • Fix deze met hijackthis:
    F3 - REG:win.ini: run=

    Voer de instructies uit die op deze site beschreven worden.
    Help! Mijn computer is traag!
  • bedankt maar die dingen doe ik al elke dag/week
  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • ComboFix 07-12-21.4 - Sadik 2007-12-30 22:10:22.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1463 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Sadik\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Sadik\Application Data\inst.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))
    .

    2007-12-30 21:19 . 2007-12-30 21:19 <DIR> dr-h—– C:\Documents and Settings\Sadik\Onlangs geopend
    2007-12-29 13:49 . 2007-12-29 13:52 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Nokia
    2007-12-29 13:49 . 2007-12-29 13:49 <DIR> d——– C:\Documents and Settings\All Users\Application Data\PC Suite
    2007-12-29 13:46 . 2007-12-29 13:51 <DIR> d——– C:\Program Files\Nokia
    2007-12-29 13:46 . 2007-12-29 13:46 <DIR> d——– C:\Program Files\DIFX
    2007-12-29 13:46 . 2007-12-29 13:46 <DIR> d——– C:\Program Files\Common Files\PCSuite
    2007-12-29 13:46 . 2007-12-29 13:46 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PC Suite
    2007-12-29 13:45 . 2007-12-29 13:45 <DIR> d——– C:\Program Files\PC Connectivity Solution
    2007-12-28 01:49 . 2007-12-28 01:49 <DIR> d——– C:\Program Files\MSBuild
    2007-12-28 01:46 . 2007-12-28 17:40 <DIR> d——– C:\WINDOWS\system32\XPSViewer
    2007-12-28 01:45 . 2007-12-28 01:45 <DIR> d——– C:\Program Files\Reference Assemblies
    2007-12-28 01:44 . 2006-06-29 13:07 14,048 ——— C:\WINDOWS\system32\spmsg2.dll
    2007-12-27 19:45 . 2007-12-27 19:45 <DIR> d——– C:\Documents and Settings\All Users\Application Data\LogiShrd
    2007-12-27 19:41 . 2007-12-27 19:41 <DIR> d——– C:\Program Files\Common Files\Logishrd
    2007-12-27 19:41 . 2007-11-15 10:06 301,656 –a—— C:\WINDOWS\system32\BtCoreIf.dll
    2007-12-27 19:32 . 2007-12-27 19:32 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Logitech
    2007-12-27 19:31 . 2007-12-27 19:31 127,034 -r——- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-12-27 19:30 . 2007-11-15 10:07 170,512 –a—— C:\WINDOWS\system32\kemutb.dll
    2007-12-27 19:30 . 2007-11-15 10:07 141,840 –a—— C:\WINDOWS\system32\KemUtil.dll
    2007-12-27 19:30 . 2007-11-15 10:07 117,264 –a—— C:\WINDOWS\system32\KemWnd.dll
    2007-12-27 19:30 . 2007-09-21 03:10 78,992 –a—— C:\WINDOWS\system32\drivers\LMouKE.Sys
    2007-12-27 19:30 . 2007-11-15 10:07 76,304 –a—— C:\WINDOWS\system32\KemXML.dll
    2007-12-27 19:30 . 2007-09-21 03:10 63,120 –a—— C:\WINDOWS\system32\drivers\L8042mou.Sys
    2007-12-27 19:30 . 2007-09-21 03:10 55,824 –a—— C:\WINDOWS\KHALMNPR.Exe
    2007-12-27 19:30 . 2007-09-21 03:10 20,240 –a—— C:\WINDOWS\system32\drivers\L8042Kbd.sys
    2007-12-27 19:29 . 2007-12-27 19:31 <DIR> d——– C:\Program Files\Logitech
    2007-12-27 19:29 . 2007-12-27 19:41 <DIR> d——– C:\Program Files\Common Files\Logitech
    2007-12-27 19:29 . 2007-12-27 19:29 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Logitech
    2007-12-27 11:21 . 2007-12-30 01:37 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2007-12-27 11:21 . 2007-12-27 11:21 1,409 –a—— C:\WINDOWS\QTFont.for
    2007-12-27 00:55 . 2007-12-28 14:25 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-27 00:47 . 2007-12-27 00:56 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-12-27 00:47 . 2007-12-27 00:47 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\PC Tools
    2007-12-27 00:47 . 2005-09-23 08:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-12-27 00:47 . 2007-12-27 00:47 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-12-27 00:47 . 2007-12-27 00:47 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-12-27 00:47 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-12-27 00:47 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-12-26 13:19 . 2007-12-26 13:20 <DIR> d——– C:\Program Files\QuickTime
    2007-12-25 01:31 . 2007-12-25 01:31 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\ESET
    2007-12-25 01:30 . 2007-12-25 01:30 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-24 02:45 . 2007-12-24 02:45 <DIR> d——– C:\Program Files\America's Army Server Manager
    2007-12-23 18:04 . 2001-11-23 12:08 712,704 –a—— C:\WINDOWS\system32\Audio3D.dll
    2007-12-22 12:48 . 2006-07-22 07:40 143,360 –a—— C:\WINDOWS\system32\RtlCPAPI.dll
    2007-12-22 12:48 . 2006-08-01 15:02 49,152 –a—— C:\WINDOWS\system32\ChCfg.exe
    2007-12-22 12:47 . 2007-12-22 12:47 <DIR> d——– C:\Program Files\Realtek
    2007-12-21 20:45 . 2004-08-04 09:03 299,008 –a—— C:\WINDOWS\system\MSH263.DRV
    2007-12-21 20:45 . 2004-08-04 09:03 54,272 –a—— C:\WINDOWS\system32\vfwwdm32.dll
    2007-12-21 20:45 . 2004-08-04 09:03 54,272 –a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll
    2007-12-21 20:45 . 2004-08-04 09:03 47,616 –a—— C:\WINDOWS\system\IYUV_32.DLL
    2007-12-21 20:44 . 2007-12-21 20:44 <DIR> d——– C:\Program Files\MD40323
    2007-12-21 16:01 . 2007-12-21 16:01 <DIR> d——– C:\Program Files\Riva
    2007-12-21 16:01 . 2007-12-21 16:01 <DIR> d——– C:\Program Files\Common Files\SWF Studio
    2007-12-21 15:58 . 2007-12-21 16:04 <DIR> d——– C:\Temp
    2007-12-21 15:52 . 2007-12-21 15:52 <DIR> d——– C:\Program Files\Xilisoft
    2007-12-21 15:46 . 2007-12-21 15:46 <DIR> d——– C:\Program Files\Common Files\Download Manager
    2007-12-21 14:53 . 2007-12-21 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-12-21 00:14 . 2007-12-21 15:45 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Vso
    2007-12-21 00:14 . 2007-12-21 00:14 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-12-21 00:14 . 2007-12-21 15:45 47,360 –a—— C:\Documents and Settings\Sadik\Application Data\pcouffin.sys
    2007-12-20 23:15 . 2007-12-20 23:19 <DIR> d——– C:\Program Files\IMVU
    2007-12-20 23:15 . 2007-12-20 23:16 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\IMVU
    2007-12-20 16:12 . 2007-12-20 16:12 <DIR> d——– C:\Program Files\Messenger Plus! Live
    2007-12-20 13:37 . 2007-12-25 14:19 <DIR> d——– C:\Documents and Settings\Sadik\G-Force
    2007-12-17 23:25 . 2007-12-17 23:25 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\SoundSpectrum
    2007-12-17 23:24 . 2007-12-20 13:36 <DIR> d——– C:\Program Files\SoundSpectrum
    2007-12-17 20:02 . 2007-12-18 16:59 <DIR> d——– C:\Program Files\Windows Live Safety Center
    2007-12-16 21:11 . 2007-12-16 21:11 <DIR> d——– C:\Program Files\C-Media
    2007-12-16 21:11 . 2006-06-14 11:05 1,855,488 ——— C:\WINDOWS\mixer.exe
    2007-12-16 21:11 . 2000-10-20 18:28 765,952 –a—— C:\WINDOWS\system\crlds3d.dll
    2007-12-16 21:11 . 2002-11-18 15:51 377,358 –a—— C:\WINDOWS\system32\drivers\cmaudio.sys
    2007-12-16 21:11 . 2002-07-11 11:24 139,264 –a—— C:\WINDOWS\cmuninst.exe
    2007-12-16 21:11 . 2002-07-11 12:13 135,168 –a—— C:\WINDOWS\cmuninst.dat
    2007-12-16 21:11 . 2002-11-19 15:46 39,104 –a—— C:\WINDOWS\cmijack.dat
    2007-12-16 21:11 . 2006-06-14 11:05 32,768 –a—— C:\WINDOWS\system32\cmnprop.dll
    2007-12-16 21:11 . 2002-11-19 15:43 22,178 –a—— C:\WINDOWS\cmaudio.dat
    2007-12-16 21:00 . 2007-12-16 21:00 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\Comodo
    2007-12-16 21:00 . 2007-12-16 21:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Comodo
    2007-12-16 19:52 . 2007-12-16 19:52 <DIR> d–h—– C:\WINDOWS\PIF
    2007-12-16 17:38 . 2007-12-17 17:13 <DIR> d——– C:\Program Files\Comodo
    2007-12-16 17:38 . 2007-12-08 02:29 211 –a—— C:\boot.ini.comodofirewall
    2007-12-15 10:52 . 2007-12-15 10:58 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\NewsBin
    2007-12-15 10:52 . 2007-12-15 10:52 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NewsBin
    2007-12-14 23:55 . 2007-12-14 23:55 <DIR> d——– C:\Program Files\SystemRequirementsLab
    2007-12-13 18:26 . 2007-12-13 18:26 <DIR> d——– C:\Program Files\directx
    2007-12-12 23:19 . 2007-12-12 23:19 <DIR> d——– C:\Program Files\Common Files\Adobe
    2007-12-11 20:41 . 2007-12-11 20:41 <DIR> d——– C:\WINDOWS\ASTULogTemp
    2007-12-11 20:41 . 2007-12-11 20:41 <DIR> d——– C:\Program Files\Microsoft.NET
    2007-12-11 20:41 . 2007-12-28 02:19 6,094 –a—— C:\WINDOWS\system32\ASTULog.cab
    2007-12-11 20:41 . 2007-12-28 02:19 1,043 –a—— C:\WINDOWS\system32\setup.inf
    2007-12-11 20:41 . 2007-12-28 02:19 283 –a—— C:\WINDOWS\system32\setup.rpt
    2007-12-11 19:32 . 2007-12-11 19:32 <DIR> d——– C:\Program Files\MSXML 6.0
    2007-12-11 10:57 . 2007-12-11 10:57 65,536 –a—— C:\WINDOWS\system32\QuickTimeVR.qtx
    2007-12-11 10:57 . 2007-12-11 10:57 49,152 –a—— C:\WINDOWS\system32\QuickTime.qts
    2007-12-10 23:38 . 2007-12-16 02:59 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2007-12-09 20:52 . 2007-12-09 20:52 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\vlc
    2007-12-09 20:48 . 2007-12-09 20:48 <DIR> d——– C:\Program Files\VideoLAN
    2007-12-09 20:38 . 2007-12-09 20:44 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\DivX
    2007-12-09 11:42 . 2007-12-09 11:42 <DIR> d——– C:\Program Files\IE7Pro
    2007-12-09 11:42 . 2007-12-09 11:42 <DIR> d——– C:\Documents and Settings\Sadik\Application Data\IE7Pro

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-30 20:15 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-12-26 12:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-10 22:36 ——— d—–w C:\Program Files\Common Files\Teleca Shared
    2007-12-08 11:17 ——— d—–w C:\Program Files\ASUS
    2007-12-08 01:43 382 —-a-w C:\Program Files\Snelkoppeling naar Program Files.lnk
    2007-11-24 01:01 9,344 —-a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-11-24 01:01 8,320 —-a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-11-23 18:20 ——— d—–w C:\Program Files\MP3 Player Utilities 3.13
    2007-11-23 18:17 ——— d—–w C:\Program Files\NVIDIA Corporation
    2007-11-23 18:13 ——— d—–w C:\Documents and Settings\Sadik\Application Data\Teleca
    2007-11-23 18:11 ——— d—–w C:\Program Files\Disc2Phone
    2007-11-23 18:00 6,176 —-a-w C:\WINDOWS\system32\drivers\w810cm.sys
    2007-11-23 18:00 5,808 —-a-w C:\WINDOWS\system32\drivers\w810wh.sys
    2007-11-23 17:57 ——— d—–w C:\Program Files\LRC Editor 4
    2007-11-23 17:51 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-11-23 17:48 ——— d—–w C:\Program Files\Marvell
    2007-11-23 17:43 ——— d—–w C:\Program Files\Intel
    2007-11-23 17:38 ——— d—–w C:\Program Files\microsoft frontpage
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-24 00:47 96,760 —-a-w C:\WINDOWS\system32\dfshim.dll
    2007-10-24 00:47 84,480 —-a-w C:\WINDOWS\system32\mscories.dll
    2007-10-24 00:47 282,112 —-a-w C:\WINDOWS\system32\mscoree.dll
    2007-10-24 00:47 158,720 —-a-w C:\WINDOWS\system32\mscorier.dll
    2007-10-23 16:49 586,752 —-a-w C:\WINDOWS\WLXPGSS.SCR
    2007-10-22 07:51 972,072 —-a-w C:\WINDOWS\UNRecode.exe
    2007-10-20 00:56 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2007-10-20 00:56 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-10-20 00:56 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-10-18 10:31 51,224 —-a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-11 08:55 88,576 —-a-w C:\WINDOWS\system32\infocardapi.dll
    2007-10-11 08:55 579,584 —-a-w C:\WINDOWS\system32\icardagt.exe
    2007-10-11 08:55 11,776 —-a-w C:\WINDOWS\system32\icardres.dll
    2007-10-09 12:03 779,800 —-a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
    2007-10-09 12:03 73,752 —-a-w C:\WINDOWS\system32\dxva2.dll
    2007-10-09 12:03 493,080 —-a-w C:\WINDOWS\system32\evr.dll
    2007-10-09 12:03 350,744 —-a-w C:\WINDOWS\system32\PresentationHost.exe
    2007-10-09 12:03 33,304 —-a-w C:\WINDOWS\system32\PresentationHostProxy.dll
    2007-10-09 12:03 161,304 —-a-w C:\WINDOWS\system32\UIAutomationCore.dll
    2007-10-09 12:03 106,520 —-a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2007-10-09 12:03 1,986,072 —-a-w C:\WINDOWS\system32\milcore.dll
    2007-10-09 11:58 16,896 —-a-w C:\WINDOWS\system32\tswpfwrp.exe
    2007-10-04 17:16 356,352 —-a-w C:\WINDOWS\system32\NVUNINST.EXE
    2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvwddi.dll
    2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
    2007-10-04 16:14 8,491,008 —-a-w C:\WINDOWS\system32\nvcpl.dll
    2007-10-04 16:14 753,664 —-a-w C:\WINDOWS\system32\nvcplui.exe
    2007-10-04 16:14 6,750,208 —-a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-10-04 16:14 6,344,704 —-a-w C:\WINDOWS\system32\nvdisps.dll
    2007-10-04 16:14 5,783,424 —-a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-10-04 16:14 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
    2007-10-04 16:14 45,056 —-a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-10-04 16:14 442,368 —-a-w C:\WINDOWS\system32\nvappbar.exe
    2007-10-04 16:14 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
    2007-10-04 16:14 364,544 —-a-w C:\WINDOWS\system32\nvapi.dll
    2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32\nvcodins.dll
    2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32\nvcod.dll
    2007-10-04 16:14 356,352 —-a-w C:\WINDOWS\system32\nvudisp.exe
    2007-10-04 16:14 307,200 —-a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-10-04 16:14 3,551,232 —-a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-10-04 16:14 3,334,144 —-a-w C:\WINDOWS\system32\nvgames.dll
    2007-10-04 16:14 286,720 —-a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-10-04 16:14 229,376 —-a-w C:\WINDOWS\system32\nvmccs.dll
    2007-10-04 16:14 2,371,584 —-a-w C:\WINDOWS\system32\nvwss.dll
    2007-10-04 16:14 188,416 —-a-w C:\WINDOWS\system32\nvmccss.dll
    2007-10-04 16:14 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-10-04 16:14 147,456 —-a-w C:\WINDOWS\system32\nvcolor.exe
    2007-10-04 16:14 1,703,936 —-a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-10-04 16:14 1,626,112 —-a-w C:\WINDOWS\system32\nwiz.exe
    2007-10-04 16:14 1,478,656 —-a-w C:\WINDOWS\system32\nview.dll
    2007-10-04 16:14 1,339,392 —-a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-10-04 16:14 1,150,976 —-a-w C:\WINDOWS\system32\nvmobls.dll
    2007-10-04 16:14 1,019,904 —-a-w C:\WINDOWS\system32\nvwimg.dll
    2006-06-14 10:05 712,704 —-a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "Steam"="d:\steam\steam.exe" [2007-11-30 14:33]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:34]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
    "C-Media Mixer"="Mixer.exe" [2006-06-14 11:05 C:\WINDOWS\mixer.exe]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-14 15:05]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 C:\WINDOWS\KHALMNPR.Exe]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-27 19:31:43]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-27 19:41:39]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^2Mega Camera Manager Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\2Mega Camera Manager Monitor.lnk
    backup=C:\WINDOWS\pss\2Mega Camera Manager Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
    2006-11-14 07:25 363008 -ra—— C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-10-23 14:18 202024 –a—— C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wizzl]
    2007-11-28 15:45 6119424 –a—— C:\Program Files\Wizzl\Wizzl.exe

    R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-11-14 15:04]
    R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-11-14 15:06]
    R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-11-14 15:03]
    R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [2007-11-14 15:05]
    R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-11-14 15:06]
    R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-11-14 15:06]
    S3 Ca100v;2Mega Camera, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca100v.sys [2002-09-01 06:35]
    S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [2007-11-14 15:07]
    S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-05-03 10:28]
    S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk100.sys [2002-07-28 02:19]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-26 12:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-30 22:11:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-30 22:11:42
    .
    2007-12-28 10:30:43 — E O F —
  • Ik zie niet direct sporen van malware in je logjes.
  • oops
    vergete
    hijackthislogie

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:21:17, on 31-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\steam\steam.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    c:\program files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sadik\Menu Start\Programma's\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 9312 bytes



    en verder prettige jaarwisseling voor iedereen!!!!
    en kijk uit met vuurwerk ;)
  • Ik zie geen sporen van malware in je logjes.
  • nuu?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:37:34, on 2-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sadik\Menu Start\Programma's\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195901566359
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 9581 bytes
  • Zoals ik al 2x eerder zei, je logjes vertonen geen sporen van malware.
  • jkkkkee

    wat kan het probleem zijn?


    en soms sluit me pc af in een blue screen
    het is steeds 2 zelfde
    1 na 1

    als ik zeg maar cs source speel
    of met msn iemands webcam laat openen
    :

    Driver_irql_not_less_or_equal


    *stop: 0x000000D1 (0x000006C5, 0x00000002, 0x00000000, 0xB970D342

    base at B96e50000, Datestamp 3dd89c06

    En die andere


    Driver_irql'''''''''''

    *Stop: 0x000000D1 (0x00000001, 0x00000002, 0x00000000, 0x0000001\

    alvast erg bedankt
    want het is erg iritant
    vb als ik zeg maar met me familie enzo ga prate uit turkijke zeg maar
    willen we onze cameras en mics openen
    valt ie gewoon uit :S
    en bij cs source
    bij andere spellen zoals cod4 heb k niet
    ik heb ook geprobeerd om de game cache files te herstellen enzo
    "verify integrity game cache files" ofsoww :S

    Steam>Games>CS;Source>Properties>LocalFiles>verify integrity game cache files.

    ik had verder gekeke op google enzo
    op een forum zeiden ze dat je memory ook kapot was ofsow
    dat was het geval niet :D
    had namelijk voor een andere geruild, voor een Geil :D(alternate)
    maar wat kan het oorzaak ervan zijn??


    alvast erg bedankt
    prettige dag verder
  • Wordt er geen bestandsnaam genoemd wanneer je het BSOD krijgt?
    Defect geheugen is een mogelijkheid.
  • had me geheugen omgeruild voor een ander
    toen ik dat blue screens kreeg
    en het zelfde probleem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.