Ik heb nog altijd problemen dus. Ik hoor regelmatig het windows geluidje dat speelt als je een map opent. Maar dit doe ik niet. Tijdens het gamen gaat het soms naar bureaublad en in MS word springt hij naar een ander venster.
laatste logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:36, on 28-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca0a0374bbcd88) (gupdate1ca0a0374bbcd88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6163 bytes
Combofix log:
ComboFix 10-07-27.05 - User 28-07-2010 23:08:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1601 [GMT 2:00]
Gestart vanuit: c:\documents and settings\User.ANGELINO\Bureaublad\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User.ANGELINO\Application Data\avdrn.dat
c:\documents and settings\User.ANGELINO\Application Data\inst.exe
c:\documents and settings\User.ANGELINO\eula.txt
c:\windows\system\d3d9.dll
c:\windows\UA000106.DLL
.
MBR is infected with the Whistler Bootkit !!
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))
.
2010-07-28 20:24 . 2010-07-28 20:24 -------- d--h--r- c:\documents and settings\User.ANGELINO\Onlangs geopend
2010-07-28 16:42 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-28 16:08 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-28 16:08 . 2010-07-28 16:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-28 15:51 . 2010-07-28 15:51 -------- d-----w- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Sunbelt Software
2010-07-28 15:50 . 2010-07-28 15:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-28 15:50 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-28 15:50 . 2010-07-28 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-28 15:50 . 2010-07-28 15:50 -------- d-----w- c:\program files\Lavasoft
2010-07-28 14:38 . 2010-07-28 14:38 -------- d-----w- C:\$AVG
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-28 07:58 . 2010-07-28 14:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-----r- c:\documents and settings\LocalService\Favorieten
2010-07-24 09:08 . 2010-07-24 09:09 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\SpeedSim
2010-07-24 09:08 . 2010-07-24 09:08 -------- d-----w- c:\program files\SpeedSim
2010-07-23 07:06 . 2010-07-23 07:06 -------- d-sh--w- c:\documents and settings\User.ANGELINO\PrivacIE
2010-07-23 07:05 . 2010-07-23 07:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-23 07:05 . 2010-07-23 07:05 -------- d-sh--w- c:\documents and settings\User.ANGELINO\IETldCache
2010-07-23 07:00 . 2008-04-14 20:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-07-22 11:18 . 2010-07-22 11:18 -------- d-----w- c:\program files\UT99 Registry Fix
2010-07-17 09:41 . 2010-07-17 09:41 -------- d-----w- c:\program files\VirtualDJ
2010-07-16 13:26 . 2010-07-16 15:32 -------- d-----w- c:\documents and settings\User.ANGELINO\iTunesDSM
2010-07-16 09:21 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-16 09:21 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-16 09:19 . 2010-07-16 09:19 -------- d-----w- c:\program files\iPod
2010-07-16 09:19 . 2010-07-16 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-16 09:16 . 2010-07-16 09:16 -------- d-----w- c:\program files\Apple Software Update
2010-07-16 09:15 . 2010-07-16 09:19 -------- d-----w- c:\program files\Common Files\Apple
2010-07-16 09:15 . 2010-07-16 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-12 18:22 . 2010-07-12 18:22 -------- d-----w- c:\program files\Outsim
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 20:31 . 2007-10-02 17:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-28 20:24 . 2009-04-01 16:09 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\Media Player Classic
2010-07-28 20:24 . 2009-07-07 12:30 -------- d-----w- c:\program files\CCleaner
2010-07-28 10:08 . 2010-05-17 21:47 -------- d-----w- c:\program files\Replay Media Catcher
2010-07-28 09:59 . 2010-05-17 21:47 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-07-28 09:59 . 2010-05-17 21:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-07-26 12:32 . 2010-01-10 15:20 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\HpUpdate
2010-07-24 17:39 . 2009-04-01 16:07 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\Xfire
2010-07-23 07:11 . 2010-01-10 17:10 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\HPAppData
2010-07-20 14:20 . 2009-08-28 07:37 -------- d-----w- c:\program files\FlashGet
2010-07-19 20:10 . 2007-12-02 21:19 138384 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-19 20:08 . 2007-12-02 19:23 215128 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-07-18 19:45 . 2009-04-01 16:11 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\dvdcss
2010-07-18 10:20 . 2009-07-08 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-07-16 12:14 . 2009-04-01 16:11 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\Apple Computer
2010-07-16 09:17 . 2008-07-21 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-16 09:16 . 2009-04-02 16:01 -------- d-----w- c:\program files\Bonjour
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 16:45 . 2010-06-13 16:45 -------- d-----w- c:\documents and settings\Bernardine\Application Data\DivX
2010-05-28 22:40 . 2010-05-28 22:40 12 ----a-w- c:\documents and settings\NetworkService\Application Data\vqdlkr.dat
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-11 14:37 . 2010-05-11 14:37 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-11 14:37 . 2010-05-11 14:37 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-11 14:37 . 2010-05-11 14:37 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-11 14:35 . 2010-05-11 14:35 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-11 14:35 . 2010-05-11 14:35 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-11 14:17 . 2010-05-11 14:17 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-11 14:17 . 2010-05-11 14:37 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-11 14:17 . 2010-05-11 14:37 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-04 23:01 . 2008-07-16 08:10 1259976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
c:\documents and settings\Bernardine\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HPAiODevice(hp psc 700 series) - 1.lnk]
backup=c:\windows\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User.ANGELINO^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey]
2000-09-28 11:51 460288 -c--a-w- c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-21 13:10 133104 ----atw- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-05 12:39 33628160 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- e:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- e:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 09:03 397456 ----a-w- e:\program files\Corel\Corel VideoStudio 12\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"usnjsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Entertainment\\UT\\UnrealTournament\\System\\UnrealTournament.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Entertainment\\Steam\\steamapps\\angelinodesmet\\counter-strike source\\hl2.exe"=
"e:\\Entertainment\\Steam\\steamapps\\angelinodesmet\\counter-strike\\hl.exe"=
"g:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\User.ANGELINO\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"e:\\Entertainment\\BF2\\BF2.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"e:\\Entertainment\\COD2\\CoD2MP_s.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Entertainment\\UT2004\\System\\UT2004.exe"=
"e:\\Entertainment\\UT2004\\System\\UCC.exe"=
"e:\\Entertainment\\BF2\\bf2_w32ded.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"e:\\Entertainment\\Webzen\\wildproxy_01\\wildproxy.exe"=
"e:\\Entertainment\\ownserv\\MuServe 1.04d\\bin\\ranking.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28-7-2010 18:08 64288]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18-6-2009 19:59 1374464]
S2 gupdate1ca0a0374bbcd88;Google Updateservice (gupdate1ca0a0374bbcd88);c:\program files\Google\Update\GoogleUpdate.exe [21-7-2009 15:02 133104]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [21-8-2007 17:30 34944]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-7-2010 10:55 1352832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva289;XDva289;\??\c:\windows\system32\XDva289.sys --> c:\windows\system32\XDva289.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4-12-2007 18:56 722416]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - JGOGO
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 13:02]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 13:02]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1003Core.job
- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1003UA.job
- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1010Core.job
- c:\documents and settings\Bernardine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1010UA.job
- c:\documents and settings\Bernardine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
IE: &Ontvang alles met FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Ontvang met FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe
MSConfigStartUp-PWRISOVM - e:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-RGSC - e:\entertainment\GTA4\GrandTheftAuto4\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-WinampAgent - e:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-07-28 23:12
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
c:\program files\Internet Explorer\iexplore.exe [4020] 0x8939F9E8
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,9f,eb,a4,17,c5,73,4f,80,58,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,9f,eb,a4,17,c5,73,4f,80,58,14,\
[HKEY_USERS\S-1-5-21-1292428093-879983540-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ec,8c,51,a0,28,6b,54,e9,8d,b7,7d,99,bf,8b,91,e4,0a,ad,ea,c5,2b,7a,0d,
99,1b,ac,72,5e,68,b5,21,ad,34,92,8c,d3,91,58,27,0b,29,04,00,77,1f,f3,9e,26,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_USERS\S-1-5-21-1292428093-879983540-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c5,78,20,b7,d2,2c,45,29,b1,3b,e8,f5,9b,b2,1e,40,69,55,5d,eb,6c,
2b,44,43,52,c6,10,83,94,30,af,cf,d0,dc,72,7b,71,8a,68,7c,6a,a1,d6,a1,08,5a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Voltooingstijd: 2010-07-28 23:13:47
ComboFix-quarantined-files.txt 2010-07-28 21:13
Pre-Run: 1.400.152.064 bytes beschikbaar
Post-Run: 2.086.330.368 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 49068487AE4CE7226192D88FE2CFED46