Archief - Hijack This log. Muziek begint te spelen zonder reden. [Whistlers Bootkit virus]

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

ChAiNsAw

Legacy Member
Inhoudstafel van al mijn posts.
1. Eerst probleem, nog niets ondernomen, 1e HijackThis log = Eerste post

2. Ad-Aware Free & AVG free gedownload (25 cookies + 5 Trojan.Win32.Generic!BT gefixed), 2e HijackThis log:

https://www.beyondgaming.be/archive...n-zonder-reden-whistlers-bootkit-virus.735634

3. regelmatig klik geluidje alsof map opent, terwijl ik niets doe (alsof iemand anders bezig is op mijn pc), Combofix uitgevoerd (resultaat diagnose Whistlers Bootkit), 3e Hijackthislog & combofix log:

https://www.beyondgaming.be/archive...n-zonder-reden-whistlers-bootkit-virus.735634

4. MBRcheck.exe en Remover.exe als fix (Download links aanwezig), problemen zijn over en deze twee 'scanners' geven aan dat ze niet meer geïnfecteerd zijn., Laatste HijackThis logje:

https://www.beyondgaming.be/archive...n-zonder-reden-whistlers-bootkit-virus.735634

Vanaf hier: eerste post:
Ik wou mijn pc vandaag opstarten, maar dit lukte niet. Het enigste dat je zag op het scherm waren de harde schijven, maar daarna ging het scherm zwart.
Na een paar keer resetten en stekker uittrekken lukte dit nog niet. Ik trok mijn USB uit en toen starte hij op. Dit vind ik raar omdat mijn pc al dagen opstart met USB erin.

Sinds vandaag begint er ook zonder reden muziek af te spelen. Een dramatisch actiefilm melodietje, zonder dat ik het herken. (Ik heb dit dus niet gedownload)
Als het liedje begint te spelen ligt WMP, Itunes, etc, niet aan.

Geen idee wat ik moet doen. Voorlopig heb ik AVG geinstalleerd en ben ik C aan het scannen, nog geen resultaat.

ps: sinds gisteren of eergisteren heb ik ook IE8 geinstalleerd, maar enkel even gebruikt voor ogame, nu gebruik ik het niet meer.

edit 2: Ik heb nu ook deze popup opgemerkt:
popup.jpg

Daarna kwam er nog zo'n popup, waar ik annuleren of doorgaan moest bevestigen. In die titelbalk stond er internet explorer.
Internet Explorer heb ik ondertussen dan maar verwijderd. Ik hou jullie op de hoogte als de geluidjes nog voorkomen.

Hieronder mijn logje: (Zie laatste post voor recentste log, 'k heb ondertussen ook combofix gerund waarvan u deze log ook onderaan kan vinden)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:04, on 28-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\AVG\AVG9\avgwdsvc.exe
E:\Program Files\AVG\AVG9\avgnsx.exe
E:\Program Files\AVG\AVG9\avgemc.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\Program Files\AVG\AVG9\avgrsx.exe
E:\Program Files\AVG\AVG9\avgchsvx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
E:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
E:\Program Files\AVG\AVG9\avgui.exe
E:\Program Files\AVG\AVG9\avgscanx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ogame startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] E:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca0a0374bbcd88) (gupdate1ca0a0374bbcd88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7815 bytes

ChAiNsAw

Legacy Member
Ondertussen heb ik ook Ad-Aware Free (van lavasoft) gedownload en snelle/slimme scan uitgevoerd naar spy/malware. Hij vond 25 ('schadelijke') cookies en vijf Trojan.Win32.Generic!BT. Deze zijn dan ook verwijderd en normaal zou volgens mij alles goed moeten verlopen nu.

-> zie laatste post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:44, on 28-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\Program Files\AVG\AVG9\avgchsvx.exe
E:\Program Files\AVG\AVG9\avgrsx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\PROGRA~2\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\AVG\AVG9\avgemc.exe
E:\Program Files\AVG\AVG9\avgnsx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ogame startpagina
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] E:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca0a0374bbcd88) (gupdate1ca0a0374bbcd88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7614 bytes

ChAiNsAw

Legacy Member
Ik heb nog altijd problemen dus. Ik hoor regelmatig het windows geluidje dat speelt als je een map opent. Maar dit doe ik niet. Tijdens het gamen gaat het soms naar bureaublad en in MS word springt hij naar een ander venster.

laatste logje:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:36, on 28-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca0a0374bbcd88) (gupdate1ca0a0374bbcd88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6163 bytes


Combofix log:


ComboFix 10-07-27.05 - User 28-07-2010 23:08:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1601 [GMT 2:00]
Gestart vanuit: c:\documents and settings\User.ANGELINO\Bureaublad\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User.ANGELINO\Application Data\avdrn.dat
c:\documents and settings\User.ANGELINO\Application Data\inst.exe
c:\documents and settings\User.ANGELINO\eula.txt
c:\windows\system\d3d9.dll
c:\windows\UA000106.DLL

.
MBR is infected with the Whistler Bootkit !!

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))
.

2010-07-28 20:24 . 2010-07-28 20:24 -------- d--h--r- c:\documents and settings\User.ANGELINO\Onlangs geopend
2010-07-28 16:42 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-28 16:08 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-28 16:08 . 2010-07-28 16:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-28 15:51 . 2010-07-28 15:51 -------- d-----w- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Sunbelt Software
2010-07-28 15:50 . 2010-07-28 15:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-28 15:50 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-28 15:50 . 2010-07-28 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-28 15:50 . 2010-07-28 15:50 -------- d-----w- c:\program files\Lavasoft
2010-07-28 14:38 . 2010-07-28 14:38 -------- d-----w- C:\$AVG
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-28 07:58 . 2010-07-28 14:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-07-28 07:58 . 2010-07-28 07:58 -------- d-----r- c:\documents and settings\LocalService\Favorieten
2010-07-24 09:08 . 2010-07-24 09:09 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\SpeedSim
2010-07-24 09:08 . 2010-07-24 09:08 -------- d-----w- c:\program files\SpeedSim
2010-07-23 07:06 . 2010-07-23 07:06 -------- d-sh--w- c:\documents and settings\User.ANGELINO\PrivacIE
2010-07-23 07:05 . 2010-07-23 07:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-23 07:05 . 2010-07-23 07:05 -------- d-sh--w- c:\documents and settings\User.ANGELINO\IETldCache
2010-07-23 07:00 . 2008-04-14 20:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-07-22 11:18 . 2010-07-22 11:18 -------- d-----w- c:\program files\UT99 Registry Fix
2010-07-17 09:41 . 2010-07-17 09:41 -------- d-----w- c:\program files\VirtualDJ
2010-07-16 13:26 . 2010-07-16 15:32 -------- d-----w- c:\documents and settings\User.ANGELINO\iTunesDSM
2010-07-16 09:21 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-16 09:21 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-16 09:19 . 2010-07-16 09:19 -------- d-----w- c:\program files\iPod
2010-07-16 09:19 . 2010-07-16 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-16 09:16 . 2010-07-16 09:16 -------- d-----w- c:\program files\Apple Software Update
2010-07-16 09:15 . 2010-07-16 09:19 -------- d-----w- c:\program files\Common Files\Apple
2010-07-16 09:15 . 2010-07-16 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-07-12 18:22 . 2010-07-12 18:22 -------- d-----w- c:\program files\Outsim
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 20:31 . 2007-10-02 17:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-28 20:24 . 2009-04-01 16:09 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\Media Player Classic
2010-07-28 20:24 . 2009-07-07 12:30 -------- d-----w- c:\program files\CCleaner
2010-07-28 10:08 . 2010-05-17 21:47 -------- d-----w- c:\program files\Replay Media Catcher
2010-07-28 09:59 . 2010-05-17 21:47 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-07-28 09:59 . 2010-05-17 21:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-07-26 12:32 . 2010-01-10 15:20 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\HpUpdate
2010-07-24 17:39 . 2009-04-01 16:07 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\Xfire
2010-07-23 07:11 . 2010-01-10 17:10 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\HPAppData
2010-07-20 14:20 . 2009-08-28 07:37 -------- d-----w- c:\program files\FlashGet
2010-07-19 20:10 . 2007-12-02 21:19 138384 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-19 20:08 . 2007-12-02 19:23 215128 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-07-18 19:45 . 2009-04-01 16:11 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\dvdcss
2010-07-18 10:20 . 2009-07-08 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-07-16 12:14 . 2009-04-01 16:11 -------- d-----w- c:\documents and settings\User.ANGELINO\Application Data\Apple Computer
2010-07-16 09:17 . 2008-07-21 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-16 09:16 . 2009-04-02 16:01 -------- d-----w- c:\program files\Bonjour
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-13 16:45 . 2010-06-13 16:45 -------- d-----w- c:\documents and settings\Bernardine\Application Data\DivX
2010-05-28 22:40 . 2010-05-28 22:40 12 ----a-w- c:\documents and settings\NetworkService\Application Data\vqdlkr.dat
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-11 14:37 . 2010-05-11 14:37 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-11 14:37 . 2010-05-11 14:37 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-11 14:37 . 2010-05-11 14:37 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-11 14:35 . 2010-05-11 14:35 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-11 14:35 . 2010-05-11 14:35 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-11 14:17 . 2010-05-11 14:17 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-11 14:17 . 2010-05-11 14:37 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-11 14:17 . 2010-05-11 14:37 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-04 23:01 . 2008-07-16 08:10 1259976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

c:\documents and settings\Bernardine\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HPAiODevice(hp psc 700 series) - 1.lnk]
backup=c:\windows\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User.ANGELINO^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 18:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey]
2000-09-28 11:51 460288 -c--a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-21 13:10 133104 ----atw- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-05 12:39 33628160 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 09:03 397456 ----a-w- e:\program files\Corel\Corel VideoStudio 12\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"usnjsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"UleadBurningHelper"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Entertainment\\UT\\UnrealTournament\\System\\UnrealTournament.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Entertainment\\Steam\\steamapps\\angelinodesmet\\counter-strike source\\hl2.exe"=
"e:\\Entertainment\\Steam\\steamapps\\angelinodesmet\\counter-strike\\hl.exe"=
"g:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\User.ANGELINO\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"e:\\Entertainment\\BF2\\BF2.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"e:\\Entertainment\\COD2\\CoD2MP_s.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Entertainment\\UT2004\\System\\UT2004.exe"=
"e:\\Entertainment\\UT2004\\System\\UCC.exe"=
"e:\\Entertainment\\BF2\\bf2_w32ded.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"e:\\Entertainment\\Webzen\\wildproxy_01\\wildproxy.exe"=
"e:\\Entertainment\\ownserv\\MuServe 1.04d\\bin\\ranking.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28-7-2010 18:08 64288]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18-6-2009 19:59 1374464]
S2 gupdate1ca0a0374bbcd88;Google Updateservice (gupdate1ca0a0374bbcd88);c:\program files\Google\Update\GoogleUpdate.exe [21-7-2009 15:02 133104]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [21-8-2007 17:30 34944]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-7-2010 10:55 1352832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva289;XDva289;\??\c:\windows\system32\XDva289.sys --> c:\windows\system32\XDva289.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4-12-2007 18:56 722416]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - JGOGO

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 13:02]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 13:02]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1003Core.job
- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1003UA.job
- c:\documents and settings\User.ANGELINO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1010Core.job
- c:\documents and settings\Bernardine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-839522115-1010UA.job
- c:\documents and settings\Bernardine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-02 13:10]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8118
IE: &Ontvang alles met FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Ontvang met FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe
MSConfigStartUp-PWRISOVM - e:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-RGSC - e:\entertainment\GTA4\GrandTheftAuto4\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-WinampAgent - e:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 23:12
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

c:\program files\Internet Explorer\iexplore.exe [4020] 0x8939F9E8

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,9f,eb,a4,17,c5,73,4f,80,58,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,9f,eb,a4,17,c5,73,4f,80,58,14,\

[HKEY_USERS\S-1-5-21-1292428093-879983540-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ec,8c,51,a0,28,6b,54,e9,8d,b7,7d,99,bf,8b,91,e4,0a,ad,ea,c5,2b,7a,0d,
99,1b,ac,72,5e,68,b5,21,ad,34,92,8c,d3,91,58,27,0b,29,04,00,77,1f,f3,9e,26,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-1292428093-879983540-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c5,78,20,b7,d2,2c,45,29,b1,3b,e8,f5,9b,b2,1e,40,69,55,5d,eb,6c,
2b,44,43,52,c6,10,83,94,30,af,cf,d0,dc,72,7b,71,8a,68,7c,6a,a1,d6,a1,08,5a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Voltooingstijd: 2010-07-28 23:13:47
ComboFix-quarantined-files.txt 2010-07-28 21:13

Pre-Run: 1.400.152.064 bytes beschikbaar
Post-Run: 2.086.330.368 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 49068487AE4CE7226192D88FE2CFED46

ChAiNsAw

Legacy Member
&#9650; Na wat zoeken omtrent Whistlers Bootkit heb ik MBRcheck.exe gerund. (http://forums.majorgeeks.com/showthread.php?p=1515555)

Deze gaf weer dat er twee Non-standard or infected MBR aanwezig zijn. Dit heb ik dan ook proberen te fixen door:
[2] Restore the MBR of a physical disk with a standard boot code. (met MBRcheck.exe)

Momenteel zijn alle klikgeluidjes (zonder ik iets doe) verdwenen en sluit het scherm niet meer af naar bureaublad als ik aan het gamen ben.

logje:
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\E: --> \\.\PhysicalDrive0

\\.\G: --> \\.\PhysicalDrive1

\\.\H: --> \\.\PhysicalDrive1



Size Device Name MBR Status

--------------------------------------------

189 GB \\.\PhysicalDrive0 Unknown MBR code

232 GB \\.\PhysicalDrive1 Unknown MBR code





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.



Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel



Please select the MBR code to write to this drive:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

&#9650; Na het 'fixen' heb ik MBRcheck.exe nog eens uitgevoerd en kwam dit uit:
Size Device Name MBR Status

--------------------------------------------

189 GB \\.\PhysicalDrive0 Windows XP MBR code detected

232 GB \\.\PhysicalDrive1 Unknown MBR code

&#9650; PhysicalDrive1 was dus, denk ik, nog altijd geïnfecteerd. Na wat verder zoeken kwam ik uit op deze site: http://antimalwarehelp.blogspot.com/2010/05/whistler-bootkit.html

Via de stappen op die site heb ik manueel de PhysicalDrive1 gefixed met een batch bestand en remover.exe.

Nu heb ik nog eens MBRcheck.exe en remover.exe gerund en het resultaat:
Size Device Name MBR Status

--------------------------------------------

189 GB \\.\PhysicalDrive0 Windows XP MBR code detected

232 GB \\.\PhysicalDrive1 Windows XP MBR code detected


&#9650; Ik hoop dat mijn probleem nu opgelost is en ik hoop dat jullie hier ook wat meer door weten. Ik kon echt niet wachten op een fix omdat ik bezig ben met belangrijke opdrachten voor school. Als ik plots mijn pc niet meer aan krijg, tsta ik daar. Daarom ben ik zelf gaan zoeken. Ik ben benieuwd wat jullie denken.

+ nog een laatste HijackThis logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:22, on 29-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User.ANGELINO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca0a0374bbcd88) (gupdate1ca0a0374bbcd88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6351 bytes

Juisterr

Legacy Member
Daar je alles al gedaan hebt en bij toeval de juiste fix gedaan hebt kan ik alleen maar zeggen dat je logje schoon is.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan