Archief - logje

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
G

GaaRa-

Legacy Member
hey

de laatsten tijd is de pc wat trager dan anders en hangt hij ook af en toe voor even. Handig te weten of er iets mis mee is.

bedankt

log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:56, on 23/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Mozilla\Thunderbird\Thunderbird-Tray\TBTray.exe
C:\Program Files\Mozilla\Thunderbird\thunderbird.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Documents and Settings\B-m_q.Q\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [CTxfiHlp] "C:\WINDOWS\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS4\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS5\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7476 bytes
J

Jurgenv1

Legacy Member
* Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.
  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
  • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
  • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
G

GaaRa-

Legacy Member
hierzo:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4321

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17/07/2010 17:24:09
mbam-log-2010-07-17 (17-24-09).txt

Scan type: Quick scan
Objects scanned: 138073
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

====================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:28:00, on 17/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Program Files\Mozilla\Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\B-m_q.Q\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [CTxfiHlp] "C:\WINDOWS\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS4\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS5\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7198 bytes
J

Jurgenv1

Legacy Member
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
G

GaaRa-

Legacy Member
ComboFix 10-07-16.02 - B-m_q.Q 18/07/2010 19:00:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1592 [GMT 2:00]
Running from: c:\documents and settings\B-m_q.Q\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\asd
c:\windows\system32\asd\AccurateShutdown.exe
c:\windows\system32\asd\adkt.dll
c:\windows\system32\asd\date.cfg
c:\windows\system32\asd\desktop.ini
c:\windows\system32\asd\doit.exe
c:\windows\system32\asd\help.chm
c:\windows\system32\asd\images\but0.gif
c:\windows\system32\asd\images\but1.gif
c:\windows\system32\asd\images\but2.gif
c:\windows\system32\asd\images\but3.gif
c:\windows\system32\asd\images\ch0.gif
c:\windows\system32\asd\images\ch1.gif
c:\windows\system32\asd\images\ch2.gif
c:\windows\system32\asd\images\ch3.gif
c:\windows\system32\asd\images\ch4.gif
c:\windows\system32\asd\images\ch5.gif
c:\windows\system32\asd\images\ch6.gif
c:\windows\system32\asd\images\ch7.gif
c:\windows\system32\asd\images\i30.gif
c:\windows\system32\asd\images\i31.gif
c:\windows\system32\asd\images\i310.gif
c:\windows\system32\asd\images\i311.gif
c:\windows\system32\asd\images\i32.gif
c:\windows\system32\asd\images\i33.gif
c:\windows\system32\asd\images\i34.gif
c:\windows\system32\asd\images\i35.gif
c:\windows\system32\asd\images\i36.gif
c:\windows\system32\asd\images\i37.gif
c:\windows\system32\asd\images\i38.gif
c:\windows\system32\asd\images\i39.gif
c:\windows\system32\asd\images\iclose0.gif
c:\windows\system32\asd\images\iclose1.gif
c:\windows\system32\asd\images\opt0.gif
c:\windows\system32\asd\images\opt1.gif
c:\windows\system32\asd\images\opt2.gif
c:\windows\system32\asd\images\opt3.gif
c:\windows\system32\asd\images\opt4.gif
c:\windows\system32\asd\images\opt5.gif
c:\windows\system32\asd\images\opt6.gif
c:\windows\system32\asd\images\opt7.gif
c:\windows\system32\asd\images\tbk.gif
c:\windows\system32\asd\images\tit.gif
c:\windows\system32\asd\images\title.gif
c:\windows\system32\asd\loadqm.exe
c:\windows\system32\asd\mylng.cfg
c:\windows\system32\asd\newsdsave.dll
c:\windows\system32\asd\poki.sys
c:\windows\system32\asd\rule.cfg
c:\windows\system32\asd\unins00.dat
c:\windows\system32\asd\unins00.exe
c:\windows\system32\asd\unins000.exe
c:\windows\system32\asd\w1.wav
c:\windows\system32\asd\YFSysKeys.ocx

.
((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-17 23:02 . 2010-07-17 23:02 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-17 23:02 . 2010-07-17 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-17 15:17 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 15:17 . 2010-07-17 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 15:17 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 21:34 . 2010-07-13 21:34 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\Downloaded Installations
2010-06-21 15:30 . 2010-06-21 15:30 -------- d-----w- c:\windows\system32\Lang
2010-06-21 15:29 . 2006-08-01 21:02 49152 ------r- c:\windows\system32\ChCfg.exe
2010-06-21 15:29 . 2010-06-21 15:29 -------- d-----w- c:\windows\system32\RTCOM
2010-06-21 15:29 . 2007-03-16 21:06 1822720 ------r- c:\windows\SkyTel.exe
2010-06-21 15:29 . 2007-01-16 16:39 1191936 ------r- c:\windows\RtlUpd.exe
2010-06-21 15:29 . 2006-07-21 22:14 86016 ------r- c:\windows\SoundMan.exe
2010-06-21 15:29 . 2007-03-27 01:21 4395008 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2010-06-21 15:29 . 2007-03-24 01:19 9715200 ------r- c:\windows\RTLCPL.exe
2010-06-21 15:29 . 2007-03-21 20:49 16126464 ------r- c:\windows\RTHDCPL.exe
2010-06-21 15:29 . 2006-10-11 23:42 2157568 ------r- c:\windows\MicCal.exe
2010-06-21 15:29 . 2010-06-21 15:29 -------- d-----w- c:\program files\Realtek
2010-06-21 15:29 . 2006-05-04 22:26 2808832 ------r- c:\windows\alcwzrd.exe
2010-06-21 15:29 . 2005-05-04 00:43 69632 ------r- c:\windows\Alcmtr.exe
2010-06-21 15:28 . 2010-06-21 15:28 315392 ----a-w- c:\windows\HideWin.exe
2010-06-21 15:28 . 2007-01-12 22:54 520192 ------r- c:\windows\RtlExUpd.dll
2010-06-21 15:27 . 2010-06-21 15:28 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\Download Manager
2010-06-21 14:58 . 2010-06-21 14:58 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-06-21 14:58 . 2010-03-18 18:40 347144 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2010-06-21 14:58 . 2009-06-11 19:10 47104 ----a-w- c:\windows\system32\udapld32.dll
2010-06-21 14:58 . 2009-06-11 19:10 508928 ----a-w- c:\windows\system32\UDAAPO32.dll
2010-06-21 14:58 . 2005-06-30 13:24 121856 ----a-w- c:\windows\system32\ctsfinst.dll
2010-06-21 14:58 . 2010-03-18 17:19 182272 ----a-w- c:\windows\system32\ctdvinst.dll
2010-06-21 14:58 . 2010-03-18 17:19 86528 ----a-w- c:\windows\system32\ctcoinst.dll
2010-06-21 14:58 . 2010-03-18 17:00 274587 ----a-w- c:\windows\system32\ctsbas2w.dat
2010-06-21 14:36 . 2004-08-03 21:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-06-21 14:36 . 2004-08-03 21:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-06-21 14:21 . 2010-06-21 14:23 12907880 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.12.00__\WAVESTD_PCAPP_LB_7_12_00.exe
2010-06-21 14:17 . 2010-06-21 14:21 37634288 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.26.02__\CMS5_PCAPP_LB_5_26_02.exe
2010-06-21 14:14 . 2010-06-21 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-06-21 14:02 . 2004-08-03 21:08 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-06-21 14:02 . 2004-08-03 21:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-06-21 13:50 . 1995-01-13 06:10 149504 ------w- c:\windows\system32\MFCANS32.DLL
2010-06-21 13:50 . 1995-01-13 06:10 108032 ------w- c:\windows\system32\MFCUIA32.DLL
2010-06-21 13:49 . 2003-10-08 02:07 177456 ----a-w- c:\windows\system32\drivers\CTOSS9X.SYS
2010-06-21 13:49 . 2010-06-21 14:58 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-21 13:23 . 2010-06-21 14:58 445016 ----a-w- c:\windows\system32\wrap_oal.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 15:56 . 2009-07-14 15:02 -------- d-----w- c:\program files\Zoom Player
2010-07-17 23:03 . 2009-09-27 00:26 188152 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Mozilla\Firefox\Profiles\jb3kz01s.default\FlashGot.exe
2010-07-17 13:01 . 2007-08-11 22:42 -------- d-----w- c:\program files\Steam
2010-07-13 23:43 . 2009-09-27 00:25 -------- d-----w- c:\program files\FlashGet
2010-07-08 16:53 . 2009-09-10 13:59 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\HpUpdate
2010-07-01 21:54 . 2007-08-12 12:07 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\Skype
2010-07-01 21:53 . 2010-03-03 17:56 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\skypePM
2010-06-21 21:11 . 2007-08-11 20:31 -------- d-----w- c:\program files\Creative
2010-06-21 16:29 . 2009-09-02 23:02 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\FrostWire
2010-06-21 15:29 . 2007-08-11 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-21 15:26 . 2007-08-11 20:56 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-21 13:59 . 2007-08-11 20:31 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\Creative
2010-06-21 13:21 . 2008-03-10 15:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-21 13:21 . 2009-09-27 15:47 -------- d-----w- c:\program files\Real Alternative
2010-06-21 13:21 . 2007-08-15 13:58 -------- d-----w- c:\program files\DivX
2010-06-21 13:21 . 2007-08-11 20:28 -------- d-----w- c:\program files\Logitech
2010-06-21 13:21 . 2009-03-11 16:33 -------- d-----w- c:\program files\UltraISO
2010-06-17 16:54 . 2010-02-03 20:27 -------- d-----w- c:\program files\xpadder
2010-06-11 21:34 . 2010-06-11 21:34 -------- d-----w- c:\program files\VirtualDub
2010-06-11 21:30 . 2010-06-11 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-07 21:25 . 2007-08-11 20:33 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\Thunderbird
2010-06-04 20:03 . 2007-08-11 20:13 75008 ----a-w- c:\documents and settings\B-m_q.Q\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 19:54 . 2010-06-04 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-29 16:39 . 2010-05-29 16:39 90112 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXPlugin.dll
2010-05-29 16:39 . 2010-05-29 16:39 69632 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\SystemInfo.dll
2010-05-29 16:39 . 2010-05-29 16:39 6656 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeDiskfree.dll
2010-05-29 16:39 . 2010-05-29 16:39 61440 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeUnzip.dll
2010-05-29 16:39 . 2010-05-29 16:39 59904 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\zlib1.dll
2010-05-29 16:39 . 2010-05-29 16:39 57344 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXT.dll
2010-05-29 16:39 . 2010-05-29 16:39 315392 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl.dll
2010-05-29 16:39 . 2010-05-29 16:39 20480 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl_awt.dll
2010-05-29 16:39 . 2010-05-29 16:39 20480 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\gluegen-rt.dll
2010-05-29 16:39 . 2010-05-29 16:39 155648 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeJpegDecoder.dll
2010-05-29 16:39 . 2010-05-29 16:39 -------- d-----w- c:\documents and settings\B-m_q.Q\Application Data\Agency9
2010-05-23 18:55 . 2010-05-23 18:55 503808 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57158831-n\msvcp71.dll
2010-05-23 18:55 . 2010-05-23 18:55 499712 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57158831-n\jmc.dll
2010-05-23 18:55 . 2010-05-23 18:55 348160 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-57158831-n\msvcr71.dll
2010-05-23 18:55 . 2010-05-23 18:55 61440 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4c8fcebc-n\decora-sse.dll
2010-05-23 18:55 . 2010-05-23 18:55 12800 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4c8fcebc-n\decora-d3d.dll
2010-05-16 18:54 . 2010-05-16 18:54 503808 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20755d43-n\msvcp71.dll
2010-05-16 18:54 . 2010-05-16 18:54 499712 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20755d43-n\jmc.dll
2010-05-16 18:54 . 2010-05-16 18:54 348160 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20755d43-n\msvcr71.dll
2010-05-16 18:54 . 2010-05-16 18:54 61440 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2d34f002-n\decora-sse.dll
2010-05-16 18:54 . 2010-05-16 18:54 12800 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2d34f002-n\decora-d3d.dll
2010-05-12 21:33 . 2010-05-12 21:33 85504 ----a-w- c:\documents and settings\B-m_q.Q\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-05 22:22 . 2010-05-05 22:22 711392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sysinfo\SinfInst.exe
2010-05-05 22:22 . 2007-08-11 20:18 335 ----a-w- c:\windows\nsreg.dat
2010-05-05 22:22 . 2010-05-05 22:22 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tpspd\wbsetup.exe
2010-05-05 22:22 . 2010-05-05 22:22 260040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuinst.exe
2010-05-05 22:22 . 2010-05-05 22:22 15920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpchk.dll
2010-05-05 22:22 . 2010-05-05 22:22 6144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\ocfcheck.dll
2010-05-05 22:22 . 2010-05-05 22:22 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpinsti.exe
2010-05-05 22:22 . 2010-05-05 22:22 11312 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuchk.dll
2010-05-05 22:22 . 2010-05-05 22:21 1893728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\waol-0.4334.34.7.exe
2010-05-05 22:21 . 2010-05-05 22:20 1475416 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpinst.exe
2010-05-05 22:19 . 2010-05-05 22:19 390704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\WinsockFix.exe
2010-05-05 22:19 . 2010-05-05 22:19 127224 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\afixlang.exe
2010-05-05 22:19 . 2010-05-05 22:19 601728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\unagi\ampx.english.exe
2010-05-05 22:19 . 2010-05-05 22:19 175280 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sm\stmninst.exe
2010-05-05 22:19 . 2010-05-05 22:19 586815 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\muinst\muinst.exe
2010-05-05 22:19 . 2010-05-05 22:19 49152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\vwpt\AOLVPChk.dll
2010-05-05 22:19 . 2010-05-05 22:19 1104960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\toolbar\toolbar.exe
2010-05-05 22:19 . 2010-05-05 22:19 6144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tb\tbinst.dll
2010-05-05 22:19 . 2010-05-05 22:19 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\aolload\alsetup.exe
2010-05-05 22:19 . 2010-05-05 22:19 49152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tpspd\Dacldll.dll
2010-05-05 22:19 . 2010-05-05 22:18 3858056 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\vwpt\Vwpt.exe
2010-05-05 22:18 . 2010-05-05 22:18 355592 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\afixinst.exe
2010-05-05 22:18 . 2010-05-05 22:18 15712 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpchk.dll
2010-05-05 22:17 . 2010-05-05 22:16 6144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\ocfcheck.dll
2010-05-05 22:17 . 2010-05-05 22:16 390704 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\WinsockFix.exe
2010-05-05 22:17 . 2010-05-05 22:16 99464 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\sm\sminstlp.exe
2010-05-05 22:17 . 2010-05-05 22:16 63024 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\ocp\instSup.dll
2010-05-05 22:17 . 2010-05-05 22:16 61440 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\vwpt\VPPrePop.exe
2010-05-05 22:17 . 2010-05-05 22:16 1104960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\toolbar\toolbar.exe
2010-05-05 22:17 . 2010-05-05 22:17 1387568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\ocp\ocpinst.exe
2010-05-05 21:20 . 2010-05-05 21:18 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-05-05 21:20 . 2010-05-05 21:18 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-05-05 21:20 . 2010-05-05 21:18 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-05-05 21:20 . 2010-05-05 21:18 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-05-05 21:20 . 2010-05-05 21:18 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-05-05 21:20 . 2010-05-05 21:18 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
.

------- Sigcheck -------

[-] 2009-11-10 . E7DFCFFA380749B8626AD71E8F367DCB . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-11-10 . E7DFCFFA380749B8626AD71E8F367DCB . 360576 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2006-12-18 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\ERDNT\cache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2010-03-18 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="c:\windows\system32\CTXFIHLP.EXE" [2006-08-11 18944]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-12-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-25 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"d:\\xchat\\xchat.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Wippien\\Wippien.exe"=
"c:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"d:\\Loki\\Loki.exe"=
"d:\\Loki\\Autorun\\AutoRun.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"d:\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\FreeCall\\FreeCall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1273098257\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20018:TCP"= 20018:TCP:BitComet 20018 TCP
"20018:UDP"= 20018:UDP:BitComet 20018 UDP

R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [7/09/2007 18:48 78848]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/10/2009 16:49 135336]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/01/2009 21:04 10384]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [11/08/2007 10:12 38656]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [21/06/2010 16:57 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [21/06/2010 16:57 99416]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [21/06/2010 16:57 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [21/06/2010 16:57 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [21/06/2010 16:57 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [21/06/2010 16:57 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [21/06/2010 16:57 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [21/06/2010 16:57 566360]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [3/05/2007 1:48 55296]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [26/12/2007 17:44 44928]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [9/07/2008 3:04 23480]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S3 WPRO_40_901;WinPcap Packet Driver (WPRO_40_901);c:\windows\system32\drivers\WPRO_40_901.sys --> c:\windows\system32\drivers\WPRO_40_901.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/08/2007 1:35 685816]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
G

GaaRa-

Legacy Member
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xporteren naar Microsoft Excel
TCP: {322D76FA-3D04-4A6D-B780-7A9063004C10} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\B-m_q.Q\Application Data\Mozilla\Firefox\Profiles\jb3kz01s.default\
FF - prefs.js: browser.search.selectedEngine - WarezBB - TV Showz
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\documents and settings\B-m_q.Q\Application Data\Mozilla\Firefox\Profiles\jb3kz01s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla\Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla\Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, c:\program files\Mozilla\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
HKLM-Run-SBDrvDet - c:\program files\Creative\SB Drive Det\SBDrvDet.exe
MSConfigStartUp-XboxStat - c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe
AddRemove-Accurate Shutdown_is1 - c:\windows\system32\asd\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-18 19:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1ADD03C3-DB10-FB4D-BF94-D9C4DECF4B5A}*]
"jackjklijklaapnbnmad"=hex:62,61,6f,64,00,00
"jackjklijklaapnbnmed"=hex:62,61,6e,64,00,00
"iacpfbchoahgkoekae"=hex:6b,61,70,64,6f,62,61,6c,66,6f,6f,61,6d,68,69,67,66,62,
64,67,61,6f,00,00

[HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A5DF020-7933-27F9-57EB-4EDBED79F998}*]
"bbloddeidllcbbihpbipcdokbghhnhppajkc"=hex:61,61,00,00
"abloddeidllcbbihpbjpaahhfdienagfap"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,01,d7,41,6c,e7,99,17,c0,5c,e8,ed,2c,9c,82,2a,20,8d,70,c6,03,dc,a3,
0f,43,15,5f,d0,a4,c2,1a,83,89,56,24,2c,78,bb,e2,8c,f7,62,18,ed,37,ae,74,dc,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8e,e1,de,4d,74,10,39,47,80,18,b8,43,26,ee,39,72,ba,f4,86,e0,5b,
50,a6,34,52,5b,35,b8,08,a2,94,da,43,5e,ae,f8,76,72,a6,33,e4,be,1e,96,c4,bd,\
"rkeysecu"=hex:4e,03,11,15,73,47,71,b2,a1,ed,34,8c,ea,cd,a0,5f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-07-18 19:05:46
ComboFix-quarantined-files.txt 2010-07-18 17:05

Pre-Run: 15.423.971.328 bytes free
Post-Run: 16.064.024.576 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A0C3D56F87E282A44B6E6FC517E5271C
G

GaaRa-

Legacy Member
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09:01, on 18/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\B-m_q.Q\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [CTxfiHlp] "C:\WINDOWS\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS4\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS5\Services\Tcpip\..\{322D76FA-3D04-4A6D-B780-7A9063004C10}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6365 bytes
J

Jurgenv1

Legacy Member
Zorg dat je de nieuwste versie van antivir hebt en zorg er ook voor dat hij de laatste updates heeft, doe daarna eens een volledige scan met antivir en zeg dan wat hij gevonden heeft.
G

GaaRa-

Legacy Member
Avira AntiVir Personal
Report file date: woensdag 21 juli 2010 15:47

Scanning for 2426173 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : GAARA

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 14/05/2010 23:09:08
AVSCAN.DLL : 10.0.3.0 46440 Bytes 14/05/2010 23:09:08
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 17:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:56:58
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:08:54
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:21:39
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 17:01:20
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 00:12:48
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 23:09:08
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 13:40:42
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 13:40:43
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 13:40:43
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 13:40:43
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 13:40:44
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 13:40:44
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 13:40:44
VBASE013.VDF : 7.10.8.37 270336 Bytes 10/06/2010 13:40:56
VBASE014.VDF : 7.10.8.69 138752 Bytes 14/06/2010 13:41:01
VBASE015.VDF : 7.10.8.102 130560 Bytes 16/06/2010 13:41:11
VBASE016.VDF : 7.10.8.135 152064 Bytes 21/06/2010 13:41:18
VBASE017.VDF : 7.10.8.163 432128 Bytes 23/06/2010 13:41:38
VBASE018.VDF : 7.10.8.194 133632 Bytes 27/06/2010 13:41:47
VBASE019.VDF : 7.10.8.220 134656 Bytes 29/06/2010 13:41:56
VBASE020.VDF : 7.10.8.252 171520 Bytes 04/07/2010 13:42:03
VBASE021.VDF : 7.10.9.19 131072 Bytes 06/07/2010 13:42:12
VBASE022.VDF : 7.10.9.36 297472 Bytes 07/07/2010 13:42:30
VBASE023.VDF : 7.10.9.60 150016 Bytes 11/07/2010 13:42:40
VBASE024.VDF : 7.10.9.79 113152 Bytes 13/07/2010 13:42:42
VBASE025.VDF : 7.10.9.99 158720 Bytes 16/07/2010 13:42:58
VBASE026.VDF : 7.10.9.133 630784 Bytes 20/07/2010 13:43:17
VBASE027.VDF : 7.10.9.141 421376 Bytes 21/07/2010 13:43:29
VBASE028.VDF : 7.10.9.142 2048 Bytes 21/07/2010 13:43:29
VBASE029.VDF : 7.10.9.143 2048 Bytes 21/07/2010 13:43:30
VBASE030.VDF : 7.10.9.144 2048 Bytes 21/07/2010 13:43:30
VBASE031.VDF : 7.10.9.146 2048 Bytes 21/07/2010 13:43:31
Engineversion : 8.2.4.22
AEVDF.DLL : 8.1.2.0 106868 Bytes 14/05/2010 23:09:08
AESCRIPT.DLL : 8.1.3.41 1364346 Bytes 21/07/2010 13:46:04
AESCN.DLL : 8.1.6.1 127347 Bytes 14/05/2010 23:09:08
AESBX.DLL : 8.1.3.1 254324 Bytes 14/05/2010 23:09:08
AERDL.DLL : 8.1.8.2 614772 Bytes 21/07/2010 13:45:49
AEPACK.DLL : 8.2.3.2 471414 Bytes 21/07/2010 13:45:32
AEOFFICE.DLL : 8.1.1.7 201081 Bytes 21/07/2010 13:45:13
AEHEUR.DLL : 8.1.2.6 2793846 Bytes 21/07/2010 13:45:08
AEHELP.DLL : 8.1.13.2 242039 Bytes 21/07/2010 13:44:06
AEGEN.DLL : 8.1.3.15 385396 Bytes 21/07/2010 13:44:02
AEEMU.DLL : 8.1.2.0 393588 Bytes 14/05/2010 23:09:08
AECORE.DLL : 8.1.16.2 192887 Bytes 21/07/2010 13:43:42
AEBB.DLL : 8.1.1.0 53618 Bytes 14/05/2010 23:09:08
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 11:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 11:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 14/05/2010 23:09:08
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 14/05/2010 23:09:08
AVARKT.DLL : 10.0.0.14 227176 Bytes 14/05/2010 23:09:08
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 08:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 11:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 13:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 14/05/2010 23:09:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: woensdag 21 juli 2010 15:47

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1ADD03C3-DB10-FB4D-BF94-D9C4DECF4B5A}\jackjklijklaapnbnmad
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1ADD03C3-DB10-FB4D-BF94-D9C4DECF4B5A}\jackjklijklaapnbnmed
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1ADD03C3-DB10-FB4D-BF94-D9C4DECF4B5A}\iacpfbchoahgkoekae
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1343024091-602609370-725345543-1003\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'wlcomm.exe' - '73' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '125' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '71' Module(s) have been scanned
Scan process 'plugin-container.exe' - '65' Module(s) have been scanned
Scan process 'firefox.exe' - '90' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'thunderbird.exe' - '101' Module(s) have been scanned
Scan process 'TBTray.exe' - '33' Module(s) have been scanned
Scan process 'avshadow.exe' - '27' Module(s) have been scanned
Scan process 'uphclean.exe' - '8' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '19' Module(s) have been scanned
Scan process 'jqs.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '44' Module(s) have been scanned
Scan process 'SetPoint.exe' - '62' Module(s) have been scanned
Scan process 'ctfmon.exe' - '32' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '43' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '32' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'rundll32.exe' - '41' Module(s) have been scanned
Scan process 'avgnt.exe' - '58' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '25' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '37' Module(s) have been scanned
Scan process 'Explorer.EXE' - '83' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '40' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '38' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '482' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\B-m_q.Q\Application Data\Sun\Java\Deployment\cache\6.0\22\76b61fd6-421584ff
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.T.1 Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.T.1 Java virus
Begin scan in 'D:\'
D:\Handige stuff\MELTY BLOOD Act Cadenza Ver B\nocd_patch.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> (NoCD Patch) AlphaROM 3.x .000 rev2.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
D:\Handige stuff\MELTY BLOOD Act Cadenza Ver B\nocd_patch.zip
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fd6a291.qua'.
C:\Documents and Settings\B-m_q.Q\Application Data\Sun\Java\Deployment\cache\6.0\22\76b61fd6-421584ff
[DETECTION] Contains recognition pattern of the JAVA/Agent.T.1 Java virus
[NOTE] The file was moved to the quarantine directory under the name '57428efd.qua'.


End of the scan: woensdag 21 juli 2010 16:35
Used time: 46:24 Minute(s)

The scan has been done completely.

8029 Scanned directories
290318 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
290316 Files not concerned
2392 Archives were scanned
0 Warnings
2 Notes
1025882 Objects were scanned with rootkit scan
6 Hidden objects were found
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan