Archief - Trage pc

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

lamake

Legacy Member
Onlangs bleef Call of Duty 4 steeds crashen wegens te weinig virtual memmory. Daarom post ik even dit hijack logje.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:19, on 7/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Tango Patcher 2600 Reloader.lnk = C:\WINDOWS\Tango Patcher 2600\Reloader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222609871031
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8356 bytes

Juisterr

Legacy Member
Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

lamake

Legacy Member
ComboFix 08-11-07.01 - Adriaan 2008-11-09 9:57:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1505 [GMT 1:00]
Running from: c:\documents and settings\Adriaan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-09 09:54 . 2008-11-09 09:54 0 --a------ c:\windows\LCDMedia.INI
2008-11-07 22:09 . 2008-11-07 22:09 <DIR> d-------- c:\program files\Trend Micro
2008-10-31 17:39 . 2008-10-31 17:39 <DIR> d-------- c:\windows\system32\Futuremark
2008-10-31 17:39 . 2008-10-31 17:39 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-10-31 17:39 . 2008-05-29 12:33 27,672 -ra------ c:\windows\system32\drivers\Entech.sys
2008-10-31 13:23 . 2008-10-31 13:23 <DIR> d-------- c:\program files\Macrovision Downloaded Files
2008-10-31 13:13 . 2008-10-31 13:19 <DIR> d-------- C:\KLDM
2008-10-31 12:49 . 2008-10-31 12:49 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Disney Interactive Studios
2008-10-30 17:03 . 2008-09-16 03:05 129,520 --------- c:\windows\system32\pxafs.dll
2008-10-29 21:55 . 2008-10-30 15:55 139,664 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-10-29 21:53 . 2008-10-30 15:54 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-10-29 21:52 . 2008-10-29 21:52 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-10-29 18:47 . 2008-10-29 18:47 <DIR> d-------- c:\program files\Illusion
2008-10-29 17:58 . 2008-10-29 17:58 <DIR> d-------- c:\program files\Oxin's Style!
2008-10-28 19:44 . 2008-10-28 19:44 <DIR> d-------- c:\program files\Unlocker
2008-10-28 19:44 . 2008-10-28 19:44 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Desktopicon
2008-10-27 21:41 . 2008-10-27 21:41 <DIR> d-------- c:\program files\MKVtoolnix
2008-10-27 21:07 . 2008-10-27 21:10 <DIR> d-------- c:\windows\NV35403728.TMP
2008-10-27 21:05 . 2008-10-27 21:05 <DIR> d-------- C:\NVIDIA
2008-10-27 20:58 . 2008-11-07 21:58 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Comodo
2008-10-27 20:52 . 2008-11-07 22:02 <DIR> d-------- c:\program files\COMODO
2008-10-27 19:02 . 2008-10-27 19:02 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-27 18:40 . 2008-10-27 18:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-10-27 18:20 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2008-10-27 18:20 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2008-10-27 18:07 . 2008-10-27 18:07 <DIR> d-------- c:\program files\Adobe Media Player
2008-10-27 18:05 . 2008-10-27 18:05 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-27 17:56 . 2008-10-27 17:56 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-27 13:46 . 2008-10-27 13:46 <DIR> d-------- c:\program files\7-Zip
2008-10-26 16:52 . 2008-10-26 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2008-10-26 16:52 . 2008-10-26 16:52 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Ubisoft
2008-10-22 14:12 . 2008-10-22 14:14 <DIR> d-------- c:\program files\Graphmatica
2008-10-21 17:23 . 2008-11-05 19:41 <DIR> d-------- c:\program files\Steam
2008-10-19 09:52 . 2008-10-19 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-10-19 09:51 . 2008-10-19 12:41 <DIR> d-------- c:\program files\WorldOfGoo
2008-10-18 09:09 . 2008-10-18 09:09 <DIR> d-------- c:\program files\Midway Games
2008-10-14 20:01 . 2008-10-14 20:01 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Samsung
2008-10-14 19:35 . 2006-05-03 21:53 174,592 --a------ c:\windows\system32\framedyn.dll
2008-10-14 19:34 . 2006-07-24 15:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2008-10-14 19:29 . 2008-10-14 19:29 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2008-10-14 19:29 . 2008-10-14 19:34 <DIR> d-------- c:\program files\Samsung
2008-10-14 19:29 . 2007-05-02 10:12 109,704 --a------ c:\windows\system32\drivers\ssm_mdm.sys
2008-10-14 19:29 . 2007-05-02 10:12 83,592 --a------ c:\windows\system32\drivers\ssm_bus.sys
2008-10-14 19:29 . 2007-05-02 10:12 15,112 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_whnt.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_wh.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_cm.sys
2008-10-14 19:29 . 2005-08-28 19:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-10-13 17:48 . 2008-10-13 17:48 236 --a------ C:\sqmdata01.sqm
2008-10-13 17:48 . 2008-10-13 17:48 200 --a------ C:\sqmnoopt01.sqm
2008-10-13 17:46 . 2008-10-13 17:46 <DIR> d-------- c:\program files\Microsoft
2008-10-13 17:45 . 2008-10-13 17:45 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-10-13 16:51 . 2008-10-13 16:51 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Codemasters
2008-10-13 16:50 . 2008-10-13 16:50 <DIR> d-------- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-10-13 16:50 . 2008-10-13 16:50 <DIR> d-------- C:\ProgramData
2008-10-13 16:50 . 2008-10-13 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-13 16:45 . 2008-10-13 16:45 <DIR> d-------- c:\program files\Codemasters
2008-10-13 16:45 . 2007-04-27 10:12 78,784 --a------ c:\windows\system32\ISUSPM.cpl
2008-10-12 16:32 . 2008-10-12 16:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-10-12 14:52 . 2008-10-12 14:52 <DIR> d-------- c:\windows\Sun
2008-10-12 14:52 . 2008-10-12 14:54 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-10-12 14:52 . 2008-10-12 14:52 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\SystemRequirementsLab
2008-10-11 23:07 . 2008-10-11 23:07 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-10-11 23:05 . 2008-10-11 23:05 <DIR> d-------- c:\program files\Stardock Games
2008-10-11 20:26 . 2008-10-11 20:49 <DIR> d-------- c:\program files\Ubisoft
2008-10-10 18:42 . 2008-10-10 18:42 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\SPORE
2008-10-10 18:33 . 2008-10-30 10:26 <DIR> d-------- c:\program files\Electronic Arts
2008-10-10 16:50 . 2008-10-10 16:50 <DIR> d-------- c:\program files\Microsoft Games
2008-10-09 18:33 . 2008-10-09 18:33 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\ExportTool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 16:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 14:54 --------- d-----w c:\documents and settings\Adriaan\Application Data\InstallShield
2008-10-30 09:36 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-29 19:52 --------- d-----w c:\program files\Mozilla Thunderbird
2008-10-29 13:29 --------- d-----w c:\program files\Stardock
2008-10-29 13:29 --------- d-----w c:\program files\Common Files\Stardock
2008-10-27 20:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-27 20:08 --------- d-----w c:\program files\AGEIA Technologies
2008-10-27 19:56 --------- d-----w c:\program files\Common Files\Adobe
2008-10-27 16:48 --------- d-----w c:\program files\Bonjour
2008-10-27 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-10-27 16:24 --------- d-----w c:\program files\CCleaner
2008-10-27 16:15 --------- d-----w c:\documents and settings\Adriaan\Application Data\VMware
2008-10-27 09:41 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-10-27 09:40 53,248 ----a-w c:\windows\system32\zlib.dll
2008-10-26 20:27 --------- d-----w c:\documents and settings\Adriaan\Application Data\Thinstall
2008-10-23 18:31 --------- d-----w c:\documents and settings\Adriaan\Application Data\SolidWorks
2008-10-20 17:38 --------- d-----w c:\program files\Rapidshare
2008-10-13 16:46 --------- d-----w c:\program files\Windows Live
2008-10-13 15:45 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-07 17:39 --------- d-----w c:\program files\Tomb Raider - Anniversary
2008-10-06 15:33 --------- d-----w c:\program files\Atari
2008-10-05 18:22 --------- d-----w c:\documents and settings\Adriaan\Application Data\Thunderbird
2008-10-05 18:22 --------- d-----w c:\documents and settings\Adriaan\Application Data\Talkback
2008-10-05 18:18 --------- d-----w c:\program files\Logitech
2008-10-05 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-10-05 14:54 --------- d-----w c:\documents and settings\Adriaan\Application Data\Mp3tag
2008-10-05 14:50 --------- d-----w c:\program files\Mp3tag
2008-10-05 14:10 --------- d-----w c:\program files\iTunes
2008-10-05 14:10 --------- d-----w c:\program files\iPod
2008-10-05 14:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-03 17:33 --------- d-----w c:\documents and settings\Adriaan\Application Data\KALiNKOsoft
2008-09-30 17:35 --------- d-----w c:\program files\CAPCOM
2008-09-29 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-09-29 18:16 --------- d-----w c:\program files\HP
2008-09-29 04:55 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-09-29 04:55 --------- d-----w c:\documents and settings\Adriaan\Application Data\CyberLink
2008-09-28 16:05 --------- d-----w c:\program files\Java
2008-09-28 16:04 --------- d-----w c:\program files\Common Files\Java
2008-09-28 16:02 --------- d-----w c:\program files\Nero
2008-09-28 16:02 --------- d-----w c:\program files\Common Files\Nero
2008-09-28 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-28 16:02 --------- d-----w c:\documents and settings\Adriaan\Application Data\Nero
2008-09-28 14:18 --------- d-----w c:\program files\Nvidia
2008-09-28 14:10 --------- d-----w c:\program files\MSXML 4.0
2008-09-28 14:06 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-28 13:34 --------- d-----w c:\documents and settings\Adriaan\Application Data\Media Player Classic
2008-09-28 13:25 --------- d-----w c:\program files\MSECache
2008-09-28 13:14 --------- d-----w c:\program files\CyberLink
2008-09-28 13:14 --------- d-----w c:\program files\Common Files\CyberLink
2008-09-28 13:13 505,128 ----a-w c:\windows\system32\msvcp71.dll
2008-09-28 13:13 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-09-28 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Temp
2008-09-28 13:12 --------- d-----w c:\program files\Microsoft.NET
2008-09-28 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-28 13:06 --------- d-----w c:\documents and settings\Adriaan\Application Data\Apple Computer
2008-09-28 13:05 --------- d-----w c:\program files\QuickTime
2008-09-28 13:05 --------- d-----w c:\program files\Common Files\Apple
2008-09-28 13:05 --------- d-----w c:\program files\Apple Software Update
2008-09-28 13:04 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-09-28 13:00 --------- d-----w c:\program files\Combined Community Codec Pack
2008-09-28 12:58 --------- d-----w c:\program files\Alcohol Soft
2008-09-28 12:50 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-28 12:33 --------- d-----w c:\program files\RocketDock
2008-09-28 12:13 2,317,312 ----a-w c:\windows\system32\ntoskrnl.exe
2008-09-28 12:13 2,195,968 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-09-28 12:03 --------- d-----w c:\program files\Realtek
2008-09-28 12:02 --------- d-----w c:\program files\DIFX
2008-09-28 11:55 --------- d-----w c:\program files\SolidWorks
2008-09-28 11:54 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2008-09-28 11:53 --------- d-----w c:\program files\DWGeditor
2008-09-28 11:53 --------- d-----w c:\program files\Common Files\eDrawings2006
2008-09-28 11:53 --------- d-----w c:\documents and settings\Adriaan\Application Data\DWGeditor
2008-09-28 11:50 --------- d-----w c:\program files\Common Files\Solidworks Data
2008-09-28 11:43 --------- d-----w c:\program files\microsoft frontpage
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2006-10-18 19:46 64,000 -csha-w c:\windows\Tango Patcher 2600\Backup\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-28 4608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Tango Patcher 2600 Reloader.lnk - c:\windows\Tango Patcher 2600\Reloader.exe [2008-07-04 104519]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 00000000
"NoSMHelp"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Midway Games\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 15:50 61424]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Adriaan\Application Data\Mozilla\Firefox\Profiles\nu0924md.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://fastdial/content/fastdial.html
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 09:59:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-11-09 10:00:30
ComboFix-quarantined-files.txt 2008-11-09 09:00:08

Pre-Run: 128,017,301,504 bytes free
Post-Run: 127,999,258,624 bytes free

254

lamake

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:04, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Tango Patcher 2600 Reloader.lnk = C:\WINDOWS\Tango Patcher 2600\Reloader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222609871031
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8192 bytes

Juisterr

Legacy Member
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


  • Registry::

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""


Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif


Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

lamake

Legacy Member
ComboFix 08-11-09.04 - Adriaan 2008-11-10 19:00:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527 [GMT 1:00]
Running from: c:\documents and settings\Adriaan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adriaan\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-09 20:13 . 2008-11-09 20:18 <DIR> d-------- c:\program files\Cheat Engine
2008-11-09 13:39 . 2008-11-09 13:39 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\InstallShield Installation Information
2008-11-09 13:26 . 2008-11-09 13:26 <DIR> d-------- c:\program files\Unreal Tournament 3
2008-11-09 13:25 . 2008-11-09 13:25 <DIR> d-------- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-11-09 10:14 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-11-09 10:13 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2008-11-09 10:13 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2008-11-09 10:13 . 2008-10-27 18:12 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll
2008-11-09 09:54 . 2008-11-09 09:54 0 --a------ c:\windows\LCDMedia.INI
2008-11-07 22:09 . 2008-11-07 22:09 <DIR> d-------- c:\program files\Trend Micro
2008-10-31 17:39 . 2008-10-31 17:39 <DIR> d-------- c:\windows\system32\Futuremark
2008-10-31 17:39 . 2008-10-31 17:39 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-10-31 17:39 . 2008-05-29 12:33 27,672 -ra------ c:\windows\system32\drivers\Entech.sys
2008-10-31 13:23 . 2008-10-31 13:23 <DIR> d-------- c:\program files\Macrovision Downloaded Files
2008-10-31 13:13 . 2008-10-31 13:19 <DIR> d-------- C:\KLDM
2008-10-31 12:49 . 2008-10-31 12:49 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Disney Interactive Studios
2008-10-30 17:03 . 2008-09-16 03:05 129,520 --------- c:\windows\system32\pxafs.dll
2008-10-29 21:55 . 2008-10-30 15:55 139,664 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-10-29 21:53 . 2008-10-30 15:54 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-10-29 21:52 . 2008-10-29 21:52 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-10-29 18:47 . 2008-10-29 18:47 <DIR> d-------- c:\program files\Illusion
2008-10-29 17:58 . 2008-10-29 17:58 <DIR> d-------- c:\program files\Oxin's Style!
2008-10-28 19:44 . 2008-10-28 19:44 <DIR> d-------- c:\program files\Unlocker
2008-10-28 19:44 . 2008-10-28 19:44 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Desktopicon
2008-10-27 21:41 . 2008-10-27 21:41 <DIR> d-------- c:\program files\MKVtoolnix
2008-10-27 21:07 . 2008-10-27 21:10 <DIR> d-------- c:\windows\NV35403728.TMP
2008-10-27 21:05 . 2008-10-27 21:05 <DIR> d-------- C:\NVIDIA
2008-10-27 20:58 . 2008-11-07 21:58 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Comodo
2008-10-27 20:52 . 2008-11-07 22:02 <DIR> d-------- c:\program files\COMODO
2008-10-27 19:02 . 2008-10-27 19:02 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-27 18:40 . 2008-10-27 18:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-10-27 18:20 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2008-10-27 18:20 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2008-10-27 18:07 . 2008-10-27 18:07 <DIR> d-------- c:\program files\Adobe Media Player
2008-10-27 18:05 . 2008-10-27 18:05 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-27 17:56 . 2008-10-27 17:56 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-27 13:46 . 2008-10-27 13:46 <DIR> d-------- c:\program files\7-Zip
2008-10-26 16:52 . 2008-10-26 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2008-10-26 16:52 . 2008-10-26 16:52 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Ubisoft
2008-10-22 14:12 . 2008-10-22 14:14 <DIR> d-------- c:\program files\Graphmatica
2008-10-21 17:23 . 2008-11-09 22:50 <DIR> d-------- c:\program files\Steam
2008-10-19 09:52 . 2008-10-19 09:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-10-19 09:51 . 2008-10-19 12:41 <DIR> d-------- c:\program files\WorldOfGoo
2008-10-18 09:09 . 2008-10-18 09:09 <DIR> d-------- c:\program files\Midway Games
2008-10-14 20:01 . 2008-10-14 20:01 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Samsung
2008-10-14 19:35 . 2006-05-03 21:53 174,592 --a------ c:\windows\system32\framedyn.dll
2008-10-14 19:34 . 2006-07-24 15:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2008-10-14 19:29 . 2008-10-14 19:29 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2008-10-14 19:29 . 2008-10-14 19:34 <DIR> d-------- c:\program files\Samsung
2008-10-14 19:29 . 2007-05-02 10:12 109,704 --a------ c:\windows\system32\drivers\ssm_mdm.sys
2008-10-14 19:29 . 2007-05-02 10:12 83,592 --a------ c:\windows\system32\drivers\ssm_bus.sys
2008-10-14 19:29 . 2007-05-02 10:12 15,112 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_whnt.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_wh.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
2008-10-14 19:29 . 2007-05-02 10:12 12,424 --a------ c:\windows\system32\drivers\ssm_cm.sys
2008-10-14 19:29 . 2005-08-28 19:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-10-13 17:48 . 2008-10-13 17:48 236 --a------ C:\sqmdata01.sqm
2008-10-13 17:48 . 2008-10-13 17:48 200 --a------ C:\sqmnoopt01.sqm
2008-10-13 17:46 . 2008-10-13 17:46 <DIR> d-------- c:\program files\Microsoft
2008-10-13 17:45 . 2008-10-13 17:45 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-10-13 16:51 . 2008-10-13 16:51 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\Codemasters
2008-10-13 16:50 . 2008-10-13 16:50 <DIR> d-------- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-10-13 16:50 . 2008-10-13 16:50 <DIR> d-------- C:\ProgramData
2008-10-13 16:50 . 2008-10-13 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-13 16:45 . 2008-10-13 16:45 <DIR> d-------- c:\program files\Codemasters
2008-10-13 16:45 . 2007-04-27 10:12 78,784 --a------ c:\windows\system32\ISUSPM.cpl
2008-10-12 16:32 . 2008-10-12 16:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-10-12 14:52 . 2008-10-12 14:52 <DIR> d-------- c:\windows\Sun
2008-10-12 14:52 . 2008-10-12 14:54 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-10-12 14:52 . 2008-10-12 14:52 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\SystemRequirementsLab
2008-10-11 23:07 . 2008-10-11 23:07 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-10-11 23:05 . 2008-10-11 23:05 <DIR> d-------- c:\program files\Stardock Games
2008-10-11 20:26 . 2008-10-11 20:49 <DIR> d-------- c:\program files\Ubisoft
2008-10-10 18:42 . 2008-10-10 18:42 <DIR> d-------- c:\documents and settings\Adriaan\Application Data\SPORE
2008-10-10 18:33 . 2008-10-30 10:26 <DIR> d-------- c:\program files\Electronic Arts
2008-10-10 16:50 . 2008-10-10 16:50 <DIR> d-------- c:\program files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 11:04 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-09 12:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-09 09:13 --------- d-----w c:\program files\Realtek
2008-10-31 16:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 14:54 --------- d-----w c:\documents and settings\Adriaan\Application Data\InstallShield
2008-10-31 10:38 4,942,336 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-10-30 09:36 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-29 13:29 --------- d-----w c:\program files\Stardock
2008-10-29 13:29 --------- d-----w c:\program files\Common Files\Stardock
2008-10-28 16:18 17,331,200 ----a-w c:\windows\RTHDCPL.EXE
2008-10-27 20:08 --------- d-----w c:\program files\AGEIA Technologies
2008-10-27 19:56 --------- d-----w c:\program files\Common Files\Adobe
2008-10-27 16:48 --------- d-----w c:\program files\Bonjour
2008-10-27 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-10-27 16:24 --------- d-----w c:\program files\CCleaner
2008-10-27 16:15 --------- d-----w c:\documents and settings\Adriaan\Application Data\VMware
2008-10-27 09:41 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-10-27 09:40 53,248 ----a-w c:\windows\system32\zlib.dll
2008-10-26 20:27 --------- d-----w c:\documents and settings\Adriaan\Application Data\Thinstall
2008-10-23 18:31 --------- d-----w c:\documents and settings\Adriaan\Application Data\SolidWorks
2008-10-20 17:38 --------- d-----w c:\program files\Rapidshare
2008-10-13 16:46 --------- d-----w c:\program files\Windows Live
2008-10-13 15:45 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-09 17:33 --------- d-----w c:\documents and settings\Adriaan\Application Data\ExportTool
2008-10-07 17:39 --------- d-----w c:\program files\Tomb Raider - Anniversary
2008-10-06 15:33 --------- d-----w c:\program files\Atari
2008-10-05 18:22 --------- d-----w c:\documents and settings\Adriaan\Application Data\Thunderbird
2008-10-05 18:22 --------- d-----w c:\documents and settings\Adriaan\Application Data\Talkback
2008-10-05 18:18 --------- d-----w c:\program files\Logitech
2008-10-05 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-10-05 14:54 --------- d-----w c:\documents and settings\Adriaan\Application Data\Mp3tag
2008-10-05 14:50 --------- d-----w c:\program files\Mp3tag
2008-10-05 14:10 --------- d-----w c:\program files\iTunes
2008-10-05 14:10 --------- d-----w c:\program files\iPod
2008-10-05 14:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-03 17:33 --------- d-----w c:\documents and settings\Adriaan\Application Data\KALiNKOsoft
2008-09-30 17:35 --------- d-----w c:\program files\CAPCOM
2008-09-30 15:38 2,168,320 ----a-w c:\windows\MicCal.exe
2008-09-29 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-09-29 18:16 --------- d-----w c:\program files\HP
2008-09-29 04:55 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-09-29 04:55 --------- d-----w c:\documents and settings\Adriaan\Application Data\CyberLink
2008-09-28 16:05 --------- d-----w c:\program files\Java
2008-09-28 16:04 --------- d-----w c:\program files\Common Files\Java
2008-09-28 16:02 --------- d-----w c:\program files\Nero
2008-09-28 16:02 --------- d-----w c:\program files\Common Files\Nero
2008-09-28 16:02 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-28 16:02 --------- d-----w c:\documents and settings\Adriaan\Application Data\Nero
2008-09-28 14:18 --------- d-----w c:\program files\Nvidia
2008-09-28 14:10 --------- d-----w c:\program files\MSXML 4.0
2008-09-28 14:06 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-28 13:34 --------- d-----w c:\documents and settings\Adriaan\Application Data\Media Player Classic
2008-09-28 13:25 --------- d-----w c:\program files\MSECache
2008-09-28 13:14 --------- d-----w c:\program files\CyberLink
2008-09-28 13:14 --------- d-----w c:\program files\Common Files\CyberLink
2008-09-28 13:13 505,128 ----a-w c:\windows\system32\msvcp71.dll
2008-09-28 13:13 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-09-28 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Temp
2008-09-28 13:12 --------- d-----w c:\program files\Microsoft.NET
2008-09-28 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-28 13:06 --------- d-----w c:\documents and settings\Adriaan\Application Data\Apple Computer
2008-09-28 13:05 --------- d-----w c:\program files\QuickTime
2008-09-28 13:05 --------- d-----w c:\program files\Common Files\Apple
2008-09-28 13:05 --------- d-----w c:\program files\Apple Software Update
2008-09-28 13:04 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-09-28 13:00 --------- d-----w c:\program files\Combined Community Codec Pack
2008-09-28 12:58 --------- d-----w c:\program files\Alcohol Soft
2008-09-28 12:50 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-28 12:33 --------- d-----w c:\program files\RocketDock
2008-09-28 12:13 2,317,312 ----a-w c:\windows\system32\ntoskrnl.exe
2008-09-28 12:13 2,195,968 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-09-28 12:02 --------- d-----w c:\program files\DIFX
2008-09-28 11:55 --------- d-----w c:\program files\SolidWorks
2008-09-28 11:54 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2008-09-28 11:53 --------- d-----w c:\program files\DWGeditor
2008-09-28 11:53 --------- d-----w c:\program files\Common Files\eDrawings2006
2008-09-28 11:53 --------- d-----w c:\documents and settings\Adriaan\Application Data\DWGeditor
2008-09-28 11:50 --------- d-----w c:\program files\Common Files\Solidworks Data
2008-09-28 11:43 --------- d-----w c:\program files\microsoft frontpage
2008-09-19 16:48 1,200,128 ----a-w c:\windows\RtlUpd.exe
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-25 15:17 528,384 ----a-w c:\windows\RtlExUpd.dll
2008-08-19 12:26 77,824 ----a-w c:\windows\SOUNDMAN.EXE
2006-10-18 19:46 64,000 -csha-w c:\windows\Tango Patcher 2600\Backup\wmplayer.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_ 9.59.52.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 12:25:39 155,648 ----a-w c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll
- 2005-05-03 02:43:28 69,632 ------r c:\windows\Alcmtr.exe
+ 2008-06-19 15:20:52 57,344 ----a-w c:\windows\ALCMTR.EXE
- 2006-05-04 00:26:36 2,808,832 ------r c:\windows\alcwzrd.exe
+ 2008-06-19 15:42:44 2,808,832 ----a-w c:\windows\ALCWZRD.EXE
+ 2008-11-09 12:39:41 10,134 ----a-r c:\windows\Installer\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ARPPRODUCTICON.exe
- 2006-05-04 00:35:14 9,709,568 ------r c:\windows\RTLCPL.exe
+ 2008-06-19 15:27:46 9,715,200 ----a-w c:\windows\RTLCPL.EXE
- 2006-05-16 02:04:26 2,879,488 ------r c:\windows\SkyTel.exe
+ 2007-11-20 17:15:58 1,826,816 ----a-w c:\windows\SkyTel.exe
- 2007-03-12 14:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
+ 2007-03-12 15:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
- 2007-05-16 14:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
- 2007-07-19 16:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
- 2007-03-15 14:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
- 2007-05-16 14:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
+ 2007-05-16 15:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
- 2007-07-19 16:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-07-19 17:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
- 2006-03-31 10:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll
- 2006-09-28 14:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
+ 2006-09-28 15:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
- 2006-11-29 11:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
+ 2006-11-29 12:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
- 2007-03-12 14:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll
+ 2007-03-12 15:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll
- 2007-05-16 14:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll
+ 2007-05-16 15:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll
- 2007-07-19 16:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
+ 2007-07-19 17:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
- 2008-04-13 22:15:16 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
+ 2008-04-13 23:15:16 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
- 2008-04-14 03:41:58 4,096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
+ 2002-12-11 22:14:32 4,096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
- 2008-04-13 22:49:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
+ 2008-04-13 23:49:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
- 2008-04-13 22:15:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
+ 2004-07-09 02:27:28 48,512 -c--a-w c:\windows\system32\dllcache\stream.sys
- 2006-06-18 21:37:34 36,864 ----a-w c:\windows\system32\drivers\AmdK8.sys
+ 2006-07-01 21:39:40 36,864 ----a-w c:\windows\system32\drivers\AmdK8.sys
- 2008-04-13 22:15:16 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
+ 2008-04-13 23:15:16 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
- 2008-04-13 22:49:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
+ 2008-04-13 23:49:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
- 2008-04-13 22:15:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
+ 2004-07-09 02:27:28 48,512 ----a-w c:\windows\system32\drivers\stream.sys
+ 2006-07-01 21:39:40 36,864 -c--a-w c:\windows\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\AmdK8.sys
- 2008-04-14 03:41:58 4,096 ----a-w c:\windows\system32\ksuser.dll
+ 2002-12-11 22:14:32 4,096 ----a-w c:\windows\system32\ksuser.dll
- 2008-10-27 16:45:28 58,800 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-10 10:54:43 58,800 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-27 16:45:28 392,626 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-10 10:54:43 392,626 ----a-w c:\windows\system32\perfh009.dat
+ 2005-05-03 02:43:28 69,632 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\ALCMTR.EXE
+ 2006-05-04 00:26:36 2,808,832 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\ALCWZRD.EXE
+ 2008-04-13 22:15:16 60,160 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\drmk.sys
+ 2008-04-14 03:41:58 4,096 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
+ 2008-04-13 22:49:42 146,048 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\portcls.sys
+ 2008-04-13 22:15:16 49,408 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\stream.sys
+ 2008-04-14 05:51:44 23,552 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\wdmaud.drv
+ 2006-10-11 01:42:58 2,157,568 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\MicCal.exe
+ 2006-08-16 22:03:24 270,336 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTCOMDLL.dll
+ 2006-10-30 03:49:54 16,269,312 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTHDCPL.EXE
+ 2006-11-02 17:32:30 4,394,496 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RtkHDAud.sys
+ 2006-07-21 15:40:08 143,360 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTLCPAPI.dll
+ 2006-05-04 00:35:14 9,709,568 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTLCPL.EXE
+ 2006-09-27 22:00:48 1,183,744 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RtlUpd.exe
+ 2006-05-16 02:04:26 2,879,488 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\SkyTel.exe
+ 2006-07-21 00:14:36 86,016 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\SOUNDMAN.EXE
+ 2006-06-18 21:37:34 36,864 ----a-w c:\windows\system32\ReinstallBackups\0005\DriverFiles\AmdK8.sys
- 2006-08-16 22:03:24 270,336 ------r c:\windows\system32\RTCOM\RTCOMDLL.dll
+ 2008-06-10 13:39:58 266,240 ----a-w c:\windows\system32\RTCOM\RTCOMDLL.dll
- 2006-07-21 15:40:08 143,360 ------r c:\windows\system32\RTCOM\RtlCPAPI.dll
+ 2008-03-26 17:50:50 131,072 ----a-w c:\windows\system32\RTCOM\RTLCPAPI.dll
- 2006-03-31 10:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
+ 2006-03-31 11:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
- 2006-07-28 07:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
+ 2006-07-28 08:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-28 4608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Tango Patcher 2600 Reloader.lnk - c:\windows\Tango Patcher 2600\Reloader.exe [2008-07-04 104519]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Midway Games\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 15:50 61424]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 19:04:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-11-10 19:05:28
ComboFix-quarantined-files.txt 2008-11-10 18:05:19
ComboFix2.txt 2008-11-09 09:00:31

Pre-Run: 125.378.220.032 bytes free
Post-Run: 125,508,288,512 bytes free

342

lamake

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:45, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Tango Patcher 2600 Reloader.lnk = C:\WINDOWS\Tango Patcher 2600\Reloader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222609871031
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7943 bytes


Sorry dat ik moet double posten maar bijde logs paste niet in 1 post (te veel tekenst)

Juisterr

Legacy Member
Ja het zijn flinke uitslagen.

Maar ziet er dacht ik goed uit, heeft U nog problemen ?

lamake

Legacy Member
Nee, alles werkt blijkbaar weer goed en CoD4 werkt ook weer vlotjes :).
Bedankts voor de hulp Juisterr
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan