View Full Version : Radio Virus!?? Noone seems to know it on the net yet....
hey guys,
I found another topic by someone on this board that seemed to have the same problem as i do, but noone had adresed the issue. I also couldn't post in that thread so i made anotherone here with my specific problem.
Well, last week i was on a blog and i got a pop up from a program called Malware Defender or Windows Defender , can't remember.....It looked like it was a windows thing, but it was a virus that had installed some nasty virus on my pc. Quickly i had 3 or 4 porntube, youporn sor some other x-rated icons on my desktop. I managed to remove all the Programs stuff including the registry stuff and ran a scan that removed some virus. BUT the big thing is since then my Avast Resident Protection has been disabled. My cpu is now open to any virus. i got Zonealarm installed today and have done the Trendmicro and ad-aware scans, but i still have a weird radio station ad starting up onc in a while on the background of my computer, i can;t find anything unusual in the taskmanager when the sound is playing. I'm gonna try to get the log running while the radio add is running, but it's hard. There are always the same adds or parts of radioprograms.
can't access some sites like bleepingcomputer and also i got pop ups of a site called luxe-software.net once in a hur orso.
My cpu is extremely slow at times and it sometimes doesn;t start the first time and i have to press restart for it to work.
Today i couldn't send an email with hotmil, cause the explorer window shuts down by itself. it only does this with hotmail so far.
i couldn't download or install some programs like ijjack this and i also have ran an older version of smitfraudfix, cause the new version gives me an error.
I also can't download combofix from certain sites, cause it shows that the sites are non existent.
Help a guy out here, i can't be the only one with this problem.
here is a log, i couldn;t manage to get it while the radio thing was playing, cause it hasn't played yet today.
Logfile of HijackThis v1.99.1
Scan saved at 13:51:21, on 23-1-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\hijackthis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: pavwait.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hello,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
hi blade,
the radio ads have been more frequent as of late...it has to do with an extra iexplorer that is opening up on its own and running in the background........So i managed to run Hijackthis in the middle of one of the ads and it gave me some warning about a virus then it gave me a hijackthis log. THis is the latest Hijackthis log followed by the two logs you wanted to see.
Logfile of HijackThis v1.99.1
Scan saved at 20:57:01, on 23-1-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\windows\system32\RUNDLL32.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hijack This\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: pavwait.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7-2-2004 10:53:25
System Uptime: 28-1-2010 23:24:35 (1 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 1913/166mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 1,471 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.64
AAC Decoder
Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 8.1.2 - Nederlands
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
µTorrent
AutoUpdate
avast! Antivirus
AVI/MPEG/ASF/WMV Splitter 3.25
AVIcodec (remove only)
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB883939)
Beveiligingsupdate voor Windows XP (KB896688)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
BULLFROG GAMEPAD
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CDisplay 1.8
Compatibiliteitspakket voor het 2007 Microsoft Office system
CoreAAC Audio Decoder (remove only)
DAEMON Tools
DC++ 0.698
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Accelerator Plus
DVD X Ghost 1.5
EA SPORTS online 2007
Essentiële update voor Windows Media Player 11 (KB959772)
ffdshow (remove only)
FLV Player 1.3.3
FLV Player 2.0 (build 25)
Gebruikersregistratie voor Canon MP190 series
GSA Delphi.Induc Cleaner v1.00
H.264 Decoder
Hijack This 1.99.1
HijackThis 1.99.1
hkSFV (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Huffyuv AVI lossless video codec (Remove Only)
ImTOO MPEG Encoder
InterVideo DeviceService
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
MainConcept MPEG Encoder
MakeTorrent v2.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Editie 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
MKV Splitter
Move Networks Media Player for Internet Explorer
MP3 Player Utilities 4.05
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero - Burning Rom
Nero 7 Premium
NVIDIA Drivers
NvMixer
oggcodecs 0.71.0946
Orange Livebox
Parche Stats NBA Live 07
PartyPoker
PokerStars
Pop-Up Stopper Professional
PPStream V2.6.86.8989 Final
Proxy Changer
QuickTime
RealPlayer
RegistryBooster 2
Roster Season 06-07 for NBA live 06
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for CAPICOM (KB931906)
Segoe UI
SLD CODEC PACK 1.3
SopCast 3.2.4
Stream Torrent 1.0
The KMPlayer (remove only)
TigerGame Superjoy Box Series
Trillian
TVAnts 1.0
TVUPlayer 2.4.9.1
TypingMaster Pro
Update voor Windows Internet Explorer 8 (KB971930)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows XP (KB894391)
Update voor Windows XP (KB896727)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
Video to Audio Converter 1.00
VidGIF
VidGIF 2.3.0.1
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xilisoft MP4 Converter
XviD 1.1 final uninstall
ZoneAlarm Pro
ZoneAlarm Toolbar
==== End Of File ===========================
DDS (Ver_09-06-26.01) - NTFSx86
Run by K. Kuord at 0:56:18,95 on vr 29-01-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.189 [GMT 1:00]
AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\windows\system32\ctfmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\K. Kuord\Bureaublad\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - c:\program files\dap\DAPBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
uRun: [PopUpStopperProfessional] "c:\program files\panicware\pop-up stopper professional\PopUpStopperProfessional.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.05\amvconverter\grab.html
IE: Download &all with DAP - c:\progra~1\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.05\mediamanager\grab.html
IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\progra~1\dap\DAP.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - hxxp://www.windowsecurity.com/trojanscan/TDECntrl.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
AppInit_DLLs: pavwait.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli
============= SERVICES / DRIVERS ===============
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2004-5-13 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2004-5-13 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-14 114768]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-9-8 33824]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-22 482696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-14 20560]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-9-4 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-9-4 435568]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-2-4 2368]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-14 138680]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-22 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-22 352920]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]
=============== Created Last 30 ================
2010-01-27 22:38 <DIR> --d-hr-- c:\documents and settings\k. kuord\Onlangs geopend
2010-01-24 02:49 60 a------- c:\windows\MediaList.ini
2010-01-24 02:49 140 a------- c:\windows\powerlist.ini
2010-01-24 02:46 1,557 a------- c:\windows\psnetwork.ini
2010-01-24 02:46 849 a------- c:\windows\powerplayer.ini
2010-01-23 03:16 <DIR> --d----- c:\documents and settings\k. kuord\Downloads
2010-01-22 18:43 <DIR> --d----- c:\docume~1\k49eb~1.kuo\applic~1\CheckPoint
2010-01-22 18:42 <DIR> --d----- c:\program files\CheckPoint
2010-01-22 18:42 4,212 a---h--- c:\windows\system32\zllictbl.dat
2010-01-22 18:42 1,238,408 a------- c:\windows\system32\zpeng25.dll
2010-01-22 18:42 <DIR> --d----- c:\windows\system32\ZoneLabs
2010-01-22 18:42 418,012 a------- c:\windows\system32\vsconfig.xml
2010-01-22 18:42 <DIR> --d----- c:\program files\Zone Labs
2010-01-22 18:41 <DIR> --d----- c:\windows\Internet Logs
2010-01-21 00:09 <DIR> --d----- c:\program files\GSA Delphi.Induc Cleaner
2010-01-16 21:47 490 a---h--- C:\aaw7boot.cmd
2010-01-13 10:25 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll
2010-01-12 23:37 <DIR> --d----- c:\windows\SxsCaPendDel
2010-01-12 23:22 53,248 a------- c:\windows\system32\Process.exe
==================== Find3M ====================
2010-01-23 01:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-21 20:10 916,480 a------- c:\windows\system32\wininet.dll
2009-12-09 20:52 444,960 a------- c:\windows\system32\perfh013.dat
2009-12-09 20:52 70,426 a------- c:\windows\system32\perfc013.dat
2009-11-21 17:03 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-01 20:42 39,916,560 a------- c:\docume~1\k49eb~1.kuo\applic~1\setupengpro.exe
2007-09-08 01:22 744 a------- c:\docume~1\k49eb~1.kuo\applic~1\filterclsid.dat
2004-02-14 15:44 457 a------- c:\program files\INSTALL.LOG
2006-06-15 20:24 56 ---shr-- c:\windows\system32\562AD544BF.sys
2008-10-25 22:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008102520081026\index.dat
============= FINISH: 0:59:10,26 ===============
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
MakeTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
hi blade..........i have removed the two programs, but the virus is not letting me visit the site you listed. Bleepincomputer gives me an empty explorer page.
Hi,
In that case, you have to download the file using other system and then transfer ComboFix to this infected system.
hi blade,
i have spent a while doing all of this, cause my system just refuses to work with me. I had to run combofix under another name: thunder.exe
I downloaded and uninstalled malwarebytes, cause it did not work at all on my system.
i finally got combofix to work and i have the 3 logs: combofix log, attatch.txt and dss.txt
NOTE; my combofix file is in Dutch, cause i'm in the netherlands.
ComboFix 10-01-31.03 - K. Kuord 01-02-2010 18:05:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.236 [GMT 1:00]
Gestart vanuit: c:\documents and settings\K. Kuord\Bureaublad\thunder.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
C:\LOG.TXT
c:\program files\INSTALL.LOG
c:\program files\PC-Cleaner
c:\program files\PC-Cleaner\PCCleaner.exe
c:\program files\temp
c:\program files\temp\Riverdeep_ESD_03040717\0x0409.ini
c:\program files\temp\Riverdeep_ESD_03040717\1033.mst
c:\program files\temp\Riverdeep_ESD_03040717\409\about.bmp
c:\program files\temp\Riverdeep_ESD_03040717\409\About_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\Building_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\BuildProcess_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\BuildVCD_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\BuildVCDFromCD_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\chkmes_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\Create_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\Display_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\ESD\evalbg.bmp
c:\program files\temp\Riverdeep_ESD_03040717\409\EULA.TXT
c:\program files\temp\Riverdeep_ESD_03040717\409\Eval_rc.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\FsVcdCntntRc.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\IsoGenRc.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\Mgr.CHM
c:\program files\temp\Riverdeep_ESD_03040717\409\MGR_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\RcacheRC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\Readme.txt
c:\program files\temp\Riverdeep_ESD_03040717\409\Reseller\evalbg.bmp
c:\program files\temp\Riverdeep_ESD_03040717\409\VCDPROPRC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\VCkNFSRC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\VDIErrorRC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\vdrive_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\VDShellRc.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\vdtask_RC.dll
c:\program files\temp\Riverdeep_ESD_03040717\409\WebRegRC.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\About.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\atl.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Building.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\BuildProcess.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\BuildVCD.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\BuildVCDFromCD.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Chkmes.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\COMCTL32.DLL
c:\program files\temp\Riverdeep_ESD_03040717\Files\Create.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\Display.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Drivers\SmartCd.sys
c:\program files\temp\Riverdeep_ESD_03040717\Files\Drivers\Win2kXP\cdawdm.sys
c:\program files\temp\Riverdeep_ESD_03040717\Files\Drivers\WinNT\cdawdm.sys
c:\program files\temp\Riverdeep_ESD_03040717\Files\DxpApp.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\EJECT.AVI
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\AOLOffer.bmp
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\AOLOffer.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd1.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd10.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd2.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd3.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd4.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd5.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd6.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd7.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd8.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\bbd9.jpg
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\broderbund.bmp
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\broderbund.css
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\Broderbund.gif
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\Broderbund.ico
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\browser.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\Connect.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\Cou_sta.ini
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\DontForget.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\Edmark.bmp
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\edmark.css
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\edmark.gif
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\Edmark.ico
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\EPost.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\EReg32.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\ereg32.ini
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\EREGLB32.DLL
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\EregMain.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\eregmodem.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\ErrorPage.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\include.js
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\LocalReg.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\MailFax.ini
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\privacy.txt
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\StartPage.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\SuELUSAr.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\ThankYou12.htm
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\TLC.bmp
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\tlc.css
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\tlc.gif
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\TLC.ICO
c:\program files\temp\Riverdeep_ESD_03040717\Files\Ereg\WebReg.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\ESD\Eval.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\farstone.avi
c:\program files\temp\Riverdeep_ESD_03040717\Files\FarTCP.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\FsGetVcdInfo.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\FSHotKey.VXD
c:\program files\temp\Riverdeep_ESD_03040717\Files\FsLoadLibrary.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\FsVcdCntnt.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\GOEMs\Eval.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\hhupd.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\INF\Win2k\cdawdm.inf
c:\program files\temp\Riverdeep_ESD_03040717\Files\INF\Win9x\CDAWDM.inf
c:\program files\temp\Riverdeep_ESD_03040717\Files\INF\WINNTXP\cdawdm.inf
c:\program files\temp\Riverdeep_ESD_03040717\Files\INSERT.AVI
c:\program files\temp\Riverdeep_ESD_03040717\Files\Iosubsys\CDAWDM.MPD
c:\program files\temp\Riverdeep_ESD_03040717\Files\Iosubsys\CDIO32X.VXD
c:\program files\temp\Riverdeep_ESD_03040717\Files\Iosubsys\RCACHEX.VXD
c:\program files\temp\Riverdeep_ESD_03040717\Files\IsoGen.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Logo.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\MGR.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\MGR.ico
c:\program files\temp\Riverdeep_ESD_03040717\Files\MM10.cab
c:\program files\temp\Riverdeep_ESD_03040717\Files\MM77.cab
c:\program files\temp\Riverdeep_ESD_03040717\Files\msvcp60.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\NFlist.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\OLEAUT32.DLL
c:\program files\temp\Riverdeep_ESD_03040717\Files\psapi.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\rc5_cmp.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\asycfilt.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\comcat.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\comct232.ocx
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\comctl32.ocx
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\mfc42.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\mscomctl.ocx
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\msvcirt.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\msvcp60.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\msvcrt.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\oleaut32.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\olepro32.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\Redist\MS\System\stdole2.tlb
c:\program files\temp\Riverdeep_ESD_03040717\Files\REFRESH.DLL
c:\program files\temp\Riverdeep_ESD_03040717\Files\Refresh32.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\REGSVR32.EXE
c:\program files\temp\Riverdeep_ESD_03040717\Files\Reseller\Eval.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\Setup.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\ShowCpyr.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\SndFmt.sav
c:\program files\temp\Riverdeep_ESD_03040717\Files\vcdplayx.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\VCDPROP.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\VCkNFS.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\VDFiles.cab
c:\program files\temp\Riverdeep_ESD_03040717\Files\VDIError.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\VDrive.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\VDShell.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\vdtask.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\WebReg.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\Win9x\rCache.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\WinNT\comctl32.dll
c:\program files\temp\Riverdeep_ESD_03040717\Files\WinNT\rCache.EXE
c:\program files\temp\Riverdeep_ESD_03040717\Files\WMFASetup.exe
c:\program files\temp\Riverdeep_ESD_03040717\Files\WNASPI32.DLL
c:\program files\temp\Riverdeep_ESD_03040717\instmsia.exe
c:\program files\temp\Riverdeep_ESD_03040717\instmsiw.exe
c:\program files\temp\Riverdeep_ESD_03040717\isscript.msi
c:\program files\temp\Riverdeep_ESD_03040717\logo.bmp
c:\program files\temp\Riverdeep_ESD_03040717\setup.exe
c:\program files\temp\Riverdeep_ESD_03040717\Setup.ini
c:\program files\temp\Riverdeep_ESD_03040717\vdp.cab
c:\program files\temp\Riverdeep_ESD_03040717\VirtualDrive.msi
c:\windows\BackUp
c:\windows\Downloaded Program Files\rave
c:\windows\Downloaded Program Files\rave\avirexe.vdm
c:\windows\Downloaded Program Files\rave\avirscr.vdm
c:\windows\Downloaded Program Files\rave\base.vdm
c:\windows\Downloaded Program Files\rave\daily.vdm
c:\windows\Downloaded Program Files\rave\daily.vdt
c:\windows\Downloaded Program Files\rave\filters.vdm
c:\windows\Downloaded Program Files\rave\kernel.vdk
c:\windows\Downloaded Program Files\rave\keyring.vdk
c:\windows\Downloaded Program Files\rave\mapi_vdm.vdm
c:\windows\Downloaded Program Files\rave\modules.vdk
c:\windows\Downloaded Program Files\rave\rav8def.vdm
c:\windows\Downloaded Program Files\rave\rufs.vdm
c:\windows\Downloaded Program Files\rave\rufsplg.vdm
c:\windows\Downloaded Program Files\rave\unarch.vdm
c:\windows\Downloaded Program Files\rave\unmail.vdm
c:\windows\Downloaded Program Files\rave\unpack.vdm
c:\windows\EventSystem.log
c:\windows\patch.exe
c:\windows\Readme.txt
c:\windows\struct~.ini
c:\windows\system32\drivers\H8SRTymxbnevppx.sys
c:\windows\system32\H8SRTdamdiybwve.dll
c:\windows\system32\H8SRTigouhtapqj.dat
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTngqltqsmpl.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTuwuruunrhp.dll
c:\windows\system32\H8SRTxjeltcbvdy.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Legacy_OREANS32
-------\Service_oreans32
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))))
.
2010-02-01 13:32 . 2010-02-01 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 03:08 . 2010-01-31 03:08 -------- d--h--r- c:\documents and settings\K. Kuord\Onlangs geopend
2010-01-23 02:16 . 2010-01-23 02:16 -------- d-----w- c:\documents and settings\K. Kuord\Downloads
2010-01-22 17:43 . 2010-01-22 17:43 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\CheckPoint
2010-01-22 17:41 . 2010-02-01 17:30 -------- d-----w- c:\windows\Internet Logs
2010-01-20 23:09 . 2010-01-20 23:09 -------- d-----w- c:\program files\GSA Delphi.Induc Cleaner
2010-01-16 20:47 . 2010-01-16 20:47 490 ---ha-w- C:\aaw7boot.cmd
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-01-15 13:06 . 2010-01-18 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 09:25 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 22:37 . 2010-01-12 22:54 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-12 17:11 . 2010-01-12 17:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 12:32 . 2005-11-24 23:11 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\uTorrent
2010-01-31 03:07 . 2009-08-09 15:20 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\vlc
2010-01-28 16:55 . 2007-12-04 14:24 -------- d-----w- c:\program files\PartyGaming
2010-01-28 09:56 . 2006-10-08 20:36 -------- d-----w- c:\program files\Hijack This
2010-01-27 12:26 . 2006-04-11 23:54 -------- d-----w- c:\program files\PPStream
2010-01-24 01:47 . 2005-12-26 01:26 -------- d-----w- c:\program files\tvants
2010-01-24 01:46 . 2006-12-15 02:25 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\ppStream
2010-01-23 00:28 . 2004-11-10 14:18 -------- d-----w- c:\program files\Common Files\Java
2010-01-23 00:28 . 2008-12-18 11:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-22 17:50 . 2010-01-22 17:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-22 17:42 . 2010-01-22 17:42 -------- d-----w- c:\program files\CheckPoint
2010-01-22 17:42 . 2010-01-22 17:42 -------- d-----w- c:\program files\Zone Labs
2010-01-21 22:16 . 2007-08-01 10:11 -------- d-----w- c:\program files\AVI MPEG ASF WMV Splitter
2010-01-20 14:42 . 2009-02-18 19:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 15:24 . 2006-04-05 13:41 -------- d-----w- c:\program files\Lavasoft
2009-12-28 20:24 . 2009-12-18 13:31 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\Belastingdienst
2009-12-21 19:10 . 2005-10-21 14:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 20:22 . 2008-04-22 02:12 -------- d-----w- c:\program files\PokerStars
2009-12-13 19:50 . 2007-02-18 01:42 -------- d-----w- c:\program files\SopCast
2009-12-09 19:52 . 2003-04-08 12:00 70426 ----a-w- c:\windows\system32\perfc013.dat
2009-12-09 19:52 . 2003-04-08 12:00 444960 ----a-w- c:\windows\system32\perfh013.dat
2009-11-17 19:38 . 2008-03-11 21:23 87512 ----a-w- c:\documents and settings\shahla en dawood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-06-15 19:24 . 2004-05-05 16:54 56 --sh--r- c:\windows\system32\562AD544BF.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="c:\program files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe" [2005-06-02 516096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-09-22 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-09-04 722288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-2-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\tvants\\Tvants.exe"=
"c:\\Documents and Settings\\K. Kuord\\Mijn documenten\\appz\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Documents and Settings\\K. Kuord\\Local Settings\\Application Data\\RayV\\RayV.dll"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3594:TCP"= 3594:TCP:ppLive
"2186:UDP"= 2186:UDP:ppLive
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [13-5-2004 16:02 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [13-5-2004 16:02 5248]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4-9-2009 13:53 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4-9-2009 13:54 435568]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [4-2-2007 18:43 2368]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 18:31
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82BADF00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8725f28
\Driver\ACPI -> ACPI.sys @ 0xf8640cb8
\Driver\atapi -> atapi.sys @ 0xf85e0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
user & kernel MBR OK
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A13AB9F-0214-342E-0FA0-CAA388CD5A84}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahegomlhbmgnoeojc"=hex:6b,61,67,68,6c,61,68,63,6d,6f,6c,62,69,70,61,6e,64,6d,
70,68,66,62,00,82
"hancebfpikekmpha"=hex:6b,61,67,68,6c,61,68,63,6d,6f,6c,62,69,70,61,6e,64,6d,
70,68,66,62,00,82
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(576)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(632)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'explorer.exe'(3964)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2010-02-01 18:48:02 - machine werd herstart
ComboFix-quarantined-files.txt 2010-02-01 17:47
Pre-Run: 2.069.479.424 bytes beschikbaar
Post-Run: 2.014.486.528 bytes beschikbaar
- - End Of File - - 2F832F862FD02D65558E7DD8EF1261FA
DDS (Ver_09-06-26.01) - NTFSx86
Run by K. Kuord at 18:51:20,79 on ma 01-02-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.225 [GMT 1:00]
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\RUNDLL32.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\K. Kuord\Bureaublad\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - c:\program files\dap\DAPBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
uRun: [PopUpStopperProfessional] "c:\program files\panicware\pop-up stopper professional\PopUpStopperProfessional.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.05\amvconverter\grab.html
IE: Download &all with DAP - c:\progra~1\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.05\mediamanager\grab.html
IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\progra~1\dap\DAP.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - hxxp://www.windowsecurity.com/trojanscan/TDECntrl.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2004-5-13 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2004-5-13 5248]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-22 482696]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-9-4 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-9-4 435568]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-2-4 2368]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]
=============== Created Last 30 ================
2010-02-01 17:11 261,632 a------- c:\windows\PEV.exe
2010-02-01 17:11 161,792 a------- c:\windows\SWREG.exe
2010-02-01 17:11 98,816 a------- c:\windows\sed.exe
2010-02-01 17:11 77,312 a------- c:\windows\MBR.exe
2010-02-01 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 04:08 <DIR> --d-hr-- c:\documents and settings\k. kuord\Onlangs geopend
2010-01-24 02:49 60 a------- c:\windows\MediaList.ini
2010-01-24 02:49 140 a------- c:\windows\powerlist.ini
2010-01-24 02:46 1,557 a------- c:\windows\psnetwork.ini
2010-01-24 02:46 849 a------- c:\windows\powerplayer.ini
2010-01-23 03:16 <DIR> --d----- c:\documents and settings\k. kuord\Downloads
2010-01-22 18:43 <DIR> --d----- c:\docume~1\k49eb~1.kuo\applic~1\CheckPoint
2010-01-22 18:42 <DIR> --d----- c:\program files\CheckPoint
2010-01-22 18:42 4,212 a---h--- c:\windows\system32\zllictbl.dat
2010-01-22 18:42 1,238,408 a------- c:\windows\system32\zpeng25.dll
2010-01-22 18:42 <DIR> --d----- c:\windows\system32\ZoneLabs
2010-01-22 18:42 418,012 a------- c:\windows\system32\vsconfig.xml
2010-01-22 18:42 <DIR> --d----- c:\program files\Zone Labs
2010-01-22 18:41 <DIR> --d----- c:\windows\Internet Logs
2010-01-21 00:09 <DIR> --d----- c:\program files\GSA Delphi.Induc Cleaner
2010-01-16 21:47 490 a---h--- C:\aaw7boot.cmd
2010-01-13 10:25 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll
2010-01-12 23:37 <DIR> --d----- c:\windows\SxsCaPendDel
==================== Find3M ====================
2010-01-23 01:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-21 20:10 916,480 -------- c:\windows\system32\wininet.dll
2009-12-09 20:52 444,960 a------- c:\windows\system32\perfh013.dat
2009-12-09 20:52 70,426 a------- c:\windows\system32\perfc013.dat
2009-11-21 17:03 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-01 20:42 39,916,560 a------- c:\docume~1\k49eb~1.kuo\applic~1\setupengpro.exe
2007-09-08 01:22 744 a------- c:\docume~1\k49eb~1.kuo\applic~1\filterclsid.dat
2006-06-15 20:24 56 ---shr-- c:\windows\system32\562AD544BF.sys
2008-10-25 22:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008102520081026\index.dat
============= FINISH: 18:51:48,78 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7-2-2004 10:53:25
System Uptime: 2-1-2010 18:27:16 (720 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 1913/166mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 1,911 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.64
AAC Decoder
Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 8.1.2 - Nederlands
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVI/MPEG/ASF/WMV Splitter 3.25
AVIcodec (remove only)
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB883939)
Beveiligingsupdate voor Windows XP (KB896688)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
BULLFROG GAMEPAD
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CDisplay 1.8
Compatibiliteitspakket voor het 2007 Microsoft Office system
CoreAAC Audio Decoder (remove only)
DC++ 0.698
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Accelerator Plus
DVD X Ghost 1.5
EA SPORTS online 2007
Essentiële update voor Windows Media Player 11 (KB959772)
ffdshow (remove only)
FLV Player 1.3.3
FLV Player 2.0 (build 25)
Gebruikersregistratie voor Canon MP190 series
GSA Delphi.Induc Cleaner v1.00
H.264 Decoder
Hijack This 1.99.1
HijackThis 1.99.1
hkSFV (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Huffyuv AVI lossless video codec (Remove Only)
ImTOO MPEG Encoder
InterVideo DeviceService
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
MainConcept MPEG Encoder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Editie 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
MKV Splitter
Move Networks Media Player for Internet Explorer
MP3 Player Utilities 4.05
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero - Burning Rom
Nero 7 Premium
NVIDIA Drivers
NvMixer
oggcodecs 0.71.0946
Orange Livebox
Parche Stats NBA Live 07
PartyPoker
PokerStars
Pop-Up Stopper Professional
PPStream V2.6.86.8989 Final
Proxy Changer
QuickTime
RealPlayer
RegistryBooster 2
Roster Season 06-07 for NBA live 06
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for CAPICOM (KB931906)
Segoe UI
SLD CODEC PACK 1.3
SopCast 3.2.4
Stream Torrent 1.0
The KMPlayer (remove only)
TigerGame Superjoy Box Series
Trillian
TVAnts 1.0
TVUPlayer 2.4.9.1
TypingMaster Pro
Update voor Windows Internet Explorer 8 (KB971930)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows XP (KB894391)
Update voor Windows XP (KB896727)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
Video to Audio Converter 1.00
VidGIF
VidGIF 2.3.0.1
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xilisoft MP4 Converter
XviD 1.1 final uninstall
ZoneAlarm Pro
ZoneAlarm Toolbar
==== End Of File ===========================
Hi,
Seems that I missed DC++ in my previous post. Please uninstall it. Run ComboFix again and let it install recovery console if asked for a permission.
hi blade,
haven't had the radio ads today yet and the extra iexplorer.exe isn't running on its own anymore.
Here are the logs again:
ComboFix 10-02-01.02 - K. Kuord 01-02-2010 22:59:09.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.258 [GMT 1:00]
Gestart vanuit: c:\documents and settings\K. Kuord\Bureaublad\thunder.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))))
.
2010-02-01 13:32 . 2010-02-01 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 03:08 . 2010-02-01 17:57 -------- d--h--r- c:\documents and settings\K. Kuord\Onlangs geopend
2010-01-23 02:16 . 2010-01-23 02:16 -------- d-----w- c:\documents and settings\K. Kuord\Downloads
2010-01-22 17:43 . 2010-01-22 17:43 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\CheckPoint
2010-01-22 17:41 . 2010-02-01 20:27 -------- d-----w- c:\windows\Internet Logs
2010-01-20 23:09 . 2010-01-20 23:09 -------- d-----w- c:\program files\GSA Delphi.Induc Cleaner
2010-01-16 20:47 . 2010-01-16 20:47 490 ---ha-w- C:\aaw7boot.cmd
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-01-15 13:06 . 2010-01-18 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 09:25 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 22:37 . 2010-01-12 22:54 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-12 17:11 . 2010-01-12 17:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 12:32 . 2005-11-24 23:11 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\uTorrent
2010-01-31 03:07 . 2009-08-09 15:20 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\vlc
2010-01-28 16:55 . 2007-12-04 14:24 -------- d-----w- c:\program files\PartyGaming
2010-01-28 09:56 . 2006-10-08 20:36 -------- d-----w- c:\program files\Hijack This
2010-01-27 12:26 . 2006-04-11 23:54 -------- d-----w- c:\program files\PPStream
2010-01-24 01:47 . 2005-12-26 01:26 -------- d-----w- c:\program files\tvants
2010-01-24 01:46 . 2006-12-15 02:25 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\ppStream
2010-01-23 00:28 . 2004-11-10 14:18 -------- d-----w- c:\program files\Common Files\Java
2010-01-23 00:28 . 2008-12-18 11:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-22 17:50 . 2010-01-22 17:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-22 17:42 . 2010-01-22 17:42 -------- d-----w- c:\program files\CheckPoint
2010-01-22 17:42 . 2010-01-22 17:42 -------- d-----w- c:\program files\Zone Labs
2010-01-21 22:16 . 2007-08-01 10:11 -------- d-----w- c:\program files\AVI MPEG ASF WMV Splitter
2010-01-20 14:42 . 2009-02-18 19:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 15:24 . 2006-04-05 13:41 -------- d-----w- c:\program files\Lavasoft
2009-12-28 20:24 . 2009-12-18 13:31 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\Belastingdienst
2009-12-21 19:10 . 2005-10-21 14:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 20:22 . 2008-04-22 02:12 -------- d-----w- c:\program files\PokerStars
2009-12-13 19:50 . 2007-02-18 01:42 -------- d-----w- c:\program files\SopCast
2009-12-09 19:52 . 2003-04-08 12:00 70426 ----a-w- c:\windows\system32\perfc013.dat
2009-12-09 19:52 . 2003-04-08 12:00 444960 ----a-w- c:\windows\system32\perfh013.dat
2009-11-21 16:03 . 2004-11-30 09:44 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 19:38 . 2008-03-11 21:23 87512 ----a-w- c:\documents and settings\shahla en dawood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-06-15 19:24 . 2004-05-05 16:54 56 --sh--r- c:\windows\system32\562AD544BF.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="c:\program files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe" [2005-06-02 516096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-09-22 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-09-04 722288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-2-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\tvants\\Tvants.exe"=
"c:\\Documents and Settings\\K. Kuord\\Mijn documenten\\appz\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Documents and Settings\\K. Kuord\\Local Settings\\Application Data\\RayV\\RayV.dll"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3594:TCP"= 3594:TCP:ppLive
"2186:UDP"= 2186:UDP:ppLive
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [13-5-2004 16:02 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [13-5-2004 16:02 5248]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [4-9-2009 13:53 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [4-9-2009 13:54 435568]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [4-2-2007 18:43 2368]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 23:14
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82BADF00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8725f28
\Driver\ACPI -> ACPI.sys @ 0xf8640cb8
\Driver\atapi -> atapi.sys @ 0xf85e0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
user & kernel MBR OK
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A13AB9F-0214-342E-0FA0-CAA388CD5A84}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahegomlhbmgnoeojc"=hex:6b,61,67,68,6c,61,68,63,6d,6f,6c,62,69,70,61,6e,64,6d,
70,68,66,62,00,82
"hancebfpikekmpha"=hex:6b,61,67,68,6c,61,68,63,6d,6f,6c,62,69,70,61,6e,64,6d,
70,68,66,62,00,82
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(576)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(632)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'explorer.exe'(3528)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Panicware\Pop-Up Stopper Professional\XAHook.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-02-01 23:25:45
ComboFix-quarantined-files.txt 2010-02-01 22:25
Pre-Run: 2.018.332.672 bytes beschikbaar
Post-Run: 2.017.058.816 bytes beschikbaar
- - End Of File - - C52FA121B71F8CEBA8B849D4E5CFBADD
DDS (Ver_09-06-26.01) - NTFSx86
Run by K. Kuord at 23:27:27,64 on ma 01-02-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.211 [GMT 1:00]
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\windows\system32\wscntfy.exe
C:\windows\system32\RUNDLL32.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\ctfmon.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\K. Kuord\Bureaublad\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - c:\program files\dap\DAPBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
uRun: [PopUpStopperProfessional] "c:\program files\panicware\pop-up stopper professional\PopUpStopperProfessional.exe"
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.05\amvconverter\grab.html
IE: Download &all with DAP - c:\progra~1\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.05\mediamanager\grab.html
IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\progra~1\dap\DAP.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - hxxp://www.windowsecurity.com/trojanscan/TDECntrl.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2004-5-13 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2004-5-13 5248]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-22 482696]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-9-4 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-9-4 435568]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-2-4 2368]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]
=============== Created Last 30 ================
2010-02-01 17:11 261,632 a------- c:\windows\PEV.exe
2010-02-01 17:11 161,792 a------- c:\windows\SWREG.exe
2010-02-01 17:11 98,816 a------- c:\windows\sed.exe
2010-02-01 17:11 77,312 a------- c:\windows\MBR.exe
2010-02-01 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 04:08 <DIR> --d-hr-- c:\documents and settings\k. kuord\Onlangs geopend
2010-01-24 02:49 60 a------- c:\windows\MediaList.ini
2010-01-24 02:49 140 a------- c:\windows\powerlist.ini
2010-01-24 02:46 1,557 a------- c:\windows\psnetwork.ini
2010-01-24 02:46 849 a------- c:\windows\powerplayer.ini
2010-01-23 03:16 <DIR> --d----- c:\documents and settings\k. kuord\Downloads
2010-01-22 18:43 <DIR> --d----- c:\docume~1\k49eb~1.kuo\applic~1\CheckPoint
2010-01-22 18:42 <DIR> --d----- c:\program files\CheckPoint
2010-01-22 18:42 4,212 a---h--- c:\windows\system32\zllictbl.dat
2010-01-22 18:42 1,238,408 a------- c:\windows\system32\zpeng25.dll
2010-01-22 18:42 <DIR> --d----- c:\windows\system32\ZoneLabs
2010-01-22 18:42 418,012 a------- c:\windows\system32\vsconfig.xml
2010-01-22 18:42 <DIR> --d----- c:\program files\Zone Labs
2010-01-22 18:41 <DIR> --d----- c:\windows\Internet Logs
2010-01-21 00:09 <DIR> --d----- c:\program files\GSA Delphi.Induc Cleaner
2010-01-16 21:47 490 a---h--- C:\aaw7boot.cmd
2010-01-13 10:25 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll
2010-01-12 23:37 <DIR> --d----- c:\windows\SxsCaPendDel
==================== Find3M ====================
2010-01-23 01:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-21 20:10 916,480 -------- c:\windows\system32\wininet.dll
2009-12-09 20:52 444,960 a------- c:\windows\system32\perfh013.dat
2009-12-09 20:52 70,426 a------- c:\windows\system32\perfc013.dat
2009-11-21 17:03 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-01 20:42 39,916,560 a------- c:\docume~1\k49eb~1.kuo\applic~1\setupengpro.exe
2007-09-08 01:22 744 a------- c:\docume~1\k49eb~1.kuo\applic~1\filterclsid.dat
2006-06-15 20:24 56 ---shr-- c:\windows\system32\562AD544BF.sys
2008-10-25 22:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008102520081026\index.dat
============= FINISH: 23:27:55,15 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7-2-2004 10:53:25
System Uptime: 2-1-2010 18:26:14 (725 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 1913/166mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 1,905 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1592: 1-2-2010 21:13:50 - Controlepunt van systeem
==== Installed Programs ======================
7-Zip 4.64
AAC Decoder
Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 8.1.2 - Nederlands
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVI/MPEG/ASF/WMV Splitter 3.25
AVIcodec (remove only)
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB883939)
Beveiligingsupdate voor Windows XP (KB896688)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
BULLFROG GAMEPAD
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CDisplay 1.8
Compatibiliteitspakket voor het 2007 Microsoft Office system
CoreAAC Audio Decoder (remove only)
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Accelerator Plus
DVD X Ghost 1.5
EA SPORTS online 2007
Essentiële update voor Windows Media Player 11 (KB959772)
ffdshow (remove only)
FLV Player 1.3.3
FLV Player 2.0 (build 25)
Gebruikersregistratie voor Canon MP190 series
GSA Delphi.Induc Cleaner v1.00
H.264 Decoder
Hijack This 1.99.1
HijackThis 1.99.1
hkSFV (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Huffyuv AVI lossless video codec (Remove Only)
ImTOO MPEG Encoder
InterVideo DeviceService
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
MainConcept MPEG Encoder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Editie 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
MKV Splitter
Move Networks Media Player for Internet Explorer
MP3 Player Utilities 4.05
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero - Burning Rom
Nero 7 Premium
NVIDIA Drivers
NvMixer
oggcodecs 0.71.0946
Orange Livebox
Parche Stats NBA Live 07
PartyPoker
PokerStars
Pop-Up Stopper Professional
PPStream V2.6.86.8989 Final
Proxy Changer
QuickTime
RealPlayer
RegistryBooster 2
Roster Season 06-07 for NBA live 06
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for CAPICOM (KB931906)
Segoe UI
SLD CODEC PACK 1.3
SopCast 3.2.4
Stream Torrent 1.0
The KMPlayer (remove only)
TigerGame Superjoy Box Series
Trillian
TVAnts 1.0
TVUPlayer 2.4.9.1
TypingMaster Pro
Update voor Windows Internet Explorer 8 (KB971930)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows XP (KB894391)
Update voor Windows XP (KB896727)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
Video to Audio Converter 1.00
VidGIF
VidGIF 2.3.0.1
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xilisoft MP4 Converter
XviD 1.1 final uninstall
ZoneAlarm Pro
ZoneAlarm Toolbar
==== End Of File ===========================
Hi again,
Good to hear that things have improved. There's some work left to do though :)
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\K. Kuord\Application Data\uTorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall ZoneAlarm Toolbar if not installed on purpose.
Ad-Aware SE Personal is not supported anymore. You may get the latest version here (http://www.lavasoft.com/products/ad_aware_free.php) if you want.
Uninstall old Adobe Reader versions and get the latest one (9.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
hi blade,
i'm doing it now. i have to leave soon though. my combofix log gave me all the ames of all the torrents i have downloaded ever........don't know if i'm comfortable with that, you really need me to post it? I will if i have to...it basically stated that it deleted all the resulting torrent files in the utorrent folder.
let me know please.
You may leave that part of cf log away if there're personal things there. However, if you have downloaded copyrighted material you know how you have to deal with them.
Post also those other logs when ready.
hi,
well it's safer to just leave that part off then. but the scan is taking forever. it's been on for hours and it's just on 42 % and seems to be stuck too.
not sure what to do with it, cause so far it found 13 infected files and 10 threats
hi blade,
i tried to run the KAS. Scan, but it stopped at 42% and i couldn't get a log from it.
i reduced the log from combofix for copyright reasons. it look something like this:
ComboFix 10-02-01.05 - K. Kuord 02-02-2010 18:03:17.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.266 [GMT 1:00]
Gestart vanuit: c:\documents and settings\K. Kuord\Bureaublad\thunder.exe
gebruikte Opdracht switches :: c:\documents and settings\K. Kuord\Bureaublad\CFScript.txt
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\K. Kuord\Application Data\setup.exe
c:\documents and settings\K. Kuord\Application Data\uTorrent
c:\documents and settings\K. Kuord\Application Data\uTorrent\-^mininova[1].org^- 2006 NBA Playoffs - Phoenix Suns vs LA Lakers 6.torrent
c:\documents and settings\K. Kuord\Application Data\uTorrent\-^mininova[1].org^- NBA.03.24.06.Bucks-Lakers.TVRiP.XviD.torrent
c:\documents and settings\K. Kuord\Application Data\uTorrent\????.torrent
c:\documents and settings\K. Kuord\Application Data\uTorrent\[????][01.15][NBA??? ??VS???]by ?????.torrent
c:\documents and settings\K. Kuord\Application Data\uTorrent\[????][02.16][NBA??? ??VS??]by JasonFeng.torrent
*it goes on like that and ends with*
c:\documents and settings\K. Kuord\Application Data\uTorrent\Zab Judah vs Joshua Clottey (TZ).avi.torrent
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-02 to 2010-02-02 ))))))))))))))))))))))))))))))
.
2010-02-02 16:43 . 2010-02-02 16:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-02 16:36 . 2010-02-02 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-02 16:33 . 2010-02-02 16:33 -------- d-----w- c:\windows\system32\Adobe
2010-02-02 01:59 . 2010-02-02 16:24 -------- d--h--r- c:\documents and settings\K. Kuord\Onlangs geopend
2010-02-01 13:32 . 2010-02-01 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 02:16 . 2010-01-23 02:16 -------- d-----w- c:\documents and settings\K. Kuord\Downloads
2010-01-22 17:43 . 2010-02-02 16:44 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\CheckPoint
2010-01-22 17:42 . 2010-02-02 16:45 -------- d-----w- c:\program files\CheckPoint
2010-01-22 17:42 . 2010-01-22 17:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-16 20:47 . 2010-01-16 20:47 490 ---ha-w- C:\aaw7boot.cmd
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-01-15 13:06 . 2010-01-18 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 09:25 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 22:37 . 2010-01-12 22:54 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-12 17:11 . 2010-01-12 17:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 16:42 . 2004-02-14 18:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-02 16:32 . 2004-11-10 14:19 -------- d-----w- c:\program files\Java
2010-02-02 16:32 . 2004-11-10 14:18 -------- d-----w- c:\program files\Common Files\Java
2010-02-02 16:20 . 2006-04-05 13:41 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\Lavasoft
2010-02-02 02:12 . 2006-04-11 23:54 -------- d-----w- c:\program files\PPStream
2010-02-02 01:57 . 2009-08-09 15:20 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\vlc
2010-02-01 23:21 . 2004-08-04 13:15 -------- d-----w- c:\program files\mIRC
2010-01-28 16:55 . 2007-12-04 14:24 -------- d-----w- c:\program files\PartyGaming
2010-01-28 09:56 . 2006-10-08 20:36 -------- d-----w- c:\program files\Hijack This
2010-01-24 01:47 . 2005-12-26 01:26 -------- d-----w- c:\program files\tvants
2010-01-24 01:46 . 2006-12-15 02:25 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\ppStream
2010-01-23 00:28 . 2008-12-18 11:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 22:16 . 2007-08-01 10:11 -------- d-----w- c:\program files\AVI MPEG ASF WMV Splitter
2010-01-20 14:42 . 2009-02-18 19:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-28 20:24 . 2009-12-18 13:31 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\Belastingdienst
2009-12-21 19:10 . 2005-10-21 14:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 20:22 . 2008-04-22 02:12 -------- d-----w- c:\program files\PokerStars
2009-12-13 19:50 . 2007-02-18 01:42 -------- d-----w- c:\program files\SopCast
2009-12-09 19:52 . 2003-04-08 12:00 70426 ----a-w- c:\windows\system32\perfc013.dat
2009-12-09 19:52 . 2003-04-08 12:00 444960 ----a-w- c:\windows\system32\perfh013.dat
2009-11-17 19:38 . 2008-03-11 21:23 87512 ----a-w- c:\documents and settings\shahla en dawood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-06-15 19:24 . 2004-05-05 16:54 56 --sh--r- c:\windows\system32\562AD544BF.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="c:\program files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe" [2005-06-02 516096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-2-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\tvants\\Tvants.exe"=
"c:\\Documents and Settings\\K. Kuord\\Mijn documenten\\appz\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Documents and Settings\\K. Kuord\\Local Settings\\Application Data\\RayV\\RayV.dll"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3594:TCP"= 3594:TCP:ppLive
"2186:UDP"= 2186:UDP:ppLive
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [13-5-2004 16:02 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [13-5-2004 16:02 5248]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [4-2-2007 18:43 2368]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 18:22
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B92998]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf86eaf28
\Driver\ACPI -> ACPI.sys @ 0xf8605cb8
\Driver\atapi -> atapi.sys @ 0xf85a5852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf847ebd4
PacketIndicateHandler -> NDIS.sys @ 0xf848aa21
SendHandler -> NDIS.sys @ 0xf847ed44
user & kernel MBR OK
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A13AB9F-0214-342E-0FA0-CAA388CD5A84}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahegomlhbmgnoeojc"=hex:6b,61,67,68,6c,61,68,63,6d,6f,6c,62,69,70,61,6e,64,6d,
70,68,66,62,00,82
"hancebfpikekmpha"=hex:6b,61,67,68,6c,61,68,63,6d,6f,6c,62,69,70,61,6e,64,6d,
70,68,66,62,00,82
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(1976)
c:\program files\Panicware\Pop-Up Stopper Professional\XAHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\DAP\DAPBHO.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2010-02-02 18:39:44 - machine werd herstart
ComboFix-quarantined-files.txt 2010-02-02 17:39
ComboFix2.txt 2010-02-01 22:25
Pre-Run: 1.351.983.104 bytes beschikbaar
Post-Run: 1.737.105.408 bytes beschikbaar
- - End Of File - - F8A2E81900371FECA6E917D6018B8713
DDS (Ver_09-06-26.01) - NTFSx86
Run by K. Kuord at 4:34:01,92 on wo 03-02-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.363 [GMT 1:00]
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\windows\system32\wscntfy.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\explorer.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\K. Kuord\Bureaublad\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - c:\program files\dap\DAPBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [PopUpStopperProfessional] "c:\program files\panicware\pop-up stopper professional\PopUpStopperProfessional.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.05\amvconverter\grab.html
IE: Download &all with DAP - c:\progra~1\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.05\mediamanager\grab.html
IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\progra~1\dap\DAP.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - hxxp://www.windowsecurity.com/trojanscan/TDECntrl.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2004-5-13 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2004-5-13 5248]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-2-4 2368]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]
=============== Created Last 30 ================
2010-02-02 17:33 <DIR> --d----- c:\windows\system32\Adobe
2010-02-02 02:59 <DIR> --d-hr-- c:\documents and settings\k. kuord\Onlangs geopend
2010-02-01 17:11 261,632 a------- c:\windows\PEV.exe
2010-02-01 17:11 161,792 a------- c:\windows\SWREG.exe
2010-02-01 17:11 98,816 a------- c:\windows\sed.exe
2010-02-01 17:11 77,312 a------- c:\windows\MBR.exe
2010-02-01 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 02:49 60 a------- c:\windows\MediaList.ini
2010-01-24 02:49 140 a------- c:\windows\powerlist.ini
2010-01-24 02:46 1,599 a------- c:\windows\psnetwork.ini
2010-01-24 02:46 879 a------- c:\windows\powerplayer.ini
2010-01-23 03:16 <DIR> --d----- c:\documents and settings\k. kuord\Downloads
2010-01-22 18:43 <DIR> --d----- c:\docume~1\k49eb~1.kuo\applic~1\CheckPoint
2010-01-22 18:42 <DIR> --d----- c:\program files\CheckPoint
2010-01-22 18:42 4,212 a---h--- c:\windows\system32\zllictbl.dat
2010-01-16 21:47 490 a---h--- C:\aaw7boot.cmd
2010-01-13 10:25 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll
2010-01-12 23:37 <DIR> --d----- c:\windows\SxsCaPendDel
==================== Find3M ====================
2010-01-23 01:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-21 20:10 916,480 -------- c:\windows\system32\wininet.dll
2009-12-09 20:52 444,960 a------- c:\windows\system32\perfh013.dat
2009-12-09 20:52 70,426 a------- c:\windows\system32\perfc013.dat
2009-11-21 17:03 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-01 20:42 39,916,560 a------- c:\docume~1\k49eb~1.kuo\applic~1\setupengpro.exe
2007-09-08 01:22 744 a------- c:\docume~1\k49eb~1.kuo\applic~1\filterclsid.dat
2006-06-15 20:24 56 ---shr-- c:\windows\system32\562AD544BF.sys
2008-10-25 22:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008102520081026\index.dat
============= FINISH: 4:35:18,62 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7-2-2004 10:53:25
System Uptime: 2-2-2010 18:17:26 (10 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 1913/166mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 3,367 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1592: 1-2-2010 21:13:50 - Controlepunt van systeem
RP1593: 2-2-2010 0:17:57 - Removed MP3 Player Utilities 4.05
RP1594: 2-2-2010 17:22:38 - Verwijderd: Adobe Reader 8.1.2 - Nederlands
RP1595: 2-2-2010 17:25:25 - Removed J2SE Runtime Environment 5.0 Update 10
RP1596: 2-2-2010 17:26:08 - Removed J2SE Runtime Environment 5.0 Update 11
RP1597: 2-2-2010 17:26:46 - Removed J2SE Runtime Environment 5.0 Update 2
RP1598: 2-2-2010 17:27:35 - Removed J2SE Runtime Environment 5.0 Update 6
RP1599: 2-2-2010 17:28:14 - Removed J2SE Runtime Environment 5.0 Update 9
RP1600: 2-2-2010 17:28:52 - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP1601: 2-2-2010 17:29:37 - Removed Java(TM) SE Runtime Environment 6 Update 1
RP1602: 2-2-2010 17:30:17 - Removed Java(TM) 6 Update 2
RP1603: 2-2-2010 17:30:53 - Removed Java(TM) 6 Update 3
RP1604: 2-2-2010 17:31:36 - Removed Java(TM) 6 Update 5
RP1605: 2-2-2010 17:32:19 - Removed Java(TM) 6 Update 7
RP1606: 2-2-2010 17:41:16 - Installed Adobe Reader 9.3 - Nederlands.
==== Installed Programs ======================
7-Zip 4.64
AAC Decoder
Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.3 - Nederlands
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVI/MPEG/ASF/WMV Splitter 3.25
AVIcodec (remove only)
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB883939)
Beveiligingsupdate voor Windows XP (KB896688)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
BULLFROG GAMEPAD
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CDisplay 1.8
Compatibiliteitspakket voor het 2007 Microsoft Office system
CoreAAC Audio Decoder (remove only)
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Accelerator Plus
DVD X Ghost 1.5
EA SPORTS online 2007
Essentiële update voor Windows Media Player 11 (KB959772)
ffdshow (remove only)
FLV Player 1.3.3
FLV Player 2.0 (build 25)
Gebruikersregistratie voor Canon MP190 series
H.264 Decoder
Hijack This 1.99.1
HijackThis 1.99.1
hkSFV (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Huffyuv AVI lossless video codec (Remove Only)
InterVideo DeviceService
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
MainConcept MPEG Encoder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Editie 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MKV Splitter
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero - Burning Rom
Nero 7 Premium
NVIDIA Drivers
NvMixer
oggcodecs 0.71.0946
Orange Livebox
Parche Stats NBA Live 07
PartyPoker
PokerStars
Pop-Up Stopper Professional
PPStream V2.6.86.8989 Final
Proxy Changer
QuickTime
RealPlayer
RegistryBooster 2
Roster Season 06-07 for NBA live 06
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for CAPICOM (KB931906)
Segoe UI
SLD CODEC PACK 1.3
SopCast 3.2.4
The KMPlayer (remove only)
TigerGame Superjoy Box Series
Trillian
TVAnts 1.0
TVUPlayer 2.4.9.1
TypingMaster Pro
Update voor Windows Internet Explorer 8 (KB971930)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows XP (KB894391)
Update voor Windows XP (KB896727)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
Video to Audio Converter 1.00
VidGIF
VidGIF 2.3.0.1
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xilisoft MP4 Converter
XviD 1.1 final uninstall
==== End Of File ===========================
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
RegNull::
[HKEY_USERS\S-1-5-21-1409082233-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A13AB9F-0214-342E-0FA0-CAA388CD5A84}*]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
See if you're able to run Kaspersky scan after defragging the hard drive first. It's possible that the scan will take hours since you have pretty full drive there.
hi blade,
this is the log from the last combofix scan. The KAS scan still isn't going past 42% no idea why. After 2 hours it just stops even counting the seconds at 42%.
ComboFix 10-02-03.04 - K. Kuord 03-02-2010 23:52:57.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.242 [GMT 1:00]
Gestart vanuit: c:\documents and settings\K. Kuord\Bureaublad\thunder.exe
gebruikte Opdracht switches :: c:\documents and settings\K. Kuord\Bureaublad\CFScript.txt
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-03 to 2010-02-03 ))))))))))))))))))))))))))))))
.
2010-02-03 21:50 . 2010-02-03 21:50 -------- d--h--r- c:\documents and settings\K. Kuord\Onlangs geopend
2010-02-02 16:43 . 2010-02-02 16:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-02 16:36 . 2010-02-02 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-02 16:33 . 2010-02-02 16:33 -------- d-----w- c:\windows\system32\Adobe
2010-02-01 13:32 . 2010-02-01 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 02:16 . 2010-01-23 02:16 -------- d-----w- c:\documents and settings\K. Kuord\Downloads
2010-01-22 17:43 . 2010-02-02 16:44 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\CheckPoint
2010-01-22 17:42 . 2010-02-02 16:45 -------- d-----w- c:\program files\CheckPoint
2010-01-22 17:42 . 2010-01-22 17:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-16 20:47 . 2010-01-16 20:47 490 ---ha-w- C:\aaw7boot.cmd
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-01-15 13:06 . 2010-01-18 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 09:25 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 22:37 . 2010-01-12 22:54 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-12 17:11 . 2010-01-12 17:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 16:42 . 2004-02-14 18:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-02 16:32 . 2004-11-10 14:19 -------- d-----w- c:\program files\Java
2010-02-02 16:32 . 2004-11-10 14:18 -------- d-----w- c:\program files\Common Files\Java
2010-02-02 16:20 . 2006-04-05 13:41 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\Lavasoft
2010-02-02 02:12 . 2006-04-11 23:54 -------- d-----w- c:\program files\PPStream
2010-02-02 01:57 . 2009-08-09 15:20 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\vlc
2010-02-01 23:21 . 2004-08-04 13:15 -------- d-----w- c:\program files\mIRC
2010-01-28 16:55 . 2007-12-04 14:24 -------- d-----w- c:\program files\PartyGaming
2010-01-28 09:56 . 2006-10-08 20:36 -------- d-----w- c:\program files\Hijack This
2010-01-24 01:47 . 2005-12-26 01:26 -------- d-----w- c:\program files\tvants
2010-01-24 01:46 . 2006-12-15 02:25 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\ppStream
2010-01-23 00:28 . 2008-12-18 11:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 22:16 . 2007-08-01 10:11 -------- d-----w- c:\program files\AVI MPEG ASF WMV Splitter
2010-01-20 14:42 . 2009-02-18 19:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-28 20:24 . 2009-12-18 13:31 -------- d-----w- c:\documents and settings\K. Kuord\Application Data\Belastingdienst
2009-12-21 19:10 . 2005-10-21 14:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 20:22 . 2008-04-22 02:12 -------- d-----w- c:\program files\PokerStars
2009-12-13 19:50 . 2007-02-18 01:42 -------- d-----w- c:\program files\SopCast
2009-12-09 19:52 . 2003-04-08 12:00 70426 ----a-w- c:\windows\system32\perfc013.dat
2009-12-09 19:52 . 2003-04-08 12:00 444960 ----a-w- c:\windows\system32\perfh013.dat
2009-11-21 16:03 . 2004-11-30 09:44 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 19:38 . 2008-03-11 21:23 87512 ----a-w- c:\documents and settings\shahla en dawood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-06-15 19:24 . 2004-05-05 16:54 56 --sh--r- c:\windows\system32\562AD544BF.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperProfessional"="c:\program files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe" [2005-06-02 516096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-2-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\tvants\\Tvants.exe"=
"c:\\Documents and Settings\\K. Kuord\\Mijn documenten\\appz\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Documents and Settings\\K. Kuord\\Local Settings\\Application Data\\RayV\\RayV.dll"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3594:TCP"= 3594:TCP:ppLive
"2186:UDP"= 2186:UDP:ppLive
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [13-5-2004 16:02 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [13-5-2004 16:02 5248]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [4-2-2007 18:43 2368]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.05\AMVConverter\grab.html
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.05\MediaManager\grab.html
IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 00:04
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82A7A380]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf86eaf28
\Driver\ACPI -> ACPI.sys @ 0xf8605cb8
\Driver\atapi -> atapi.sys @ 0xf85a5852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf847ebd4
PacketIndicateHandler -> NDIS.sys @ 0xf848aa21
SendHandler -> NDIS.sys @ 0xf847ed44
user & kernel MBR OK
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(212)
c:\program files\Panicware\Pop-Up Stopper Professional\XAHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-02-04 00:15:33
ComboFix-quarantined-files.txt 2010-02-03 23:15
ComboFix2.txt 2010-02-02 17:39
ComboFix3.txt 2010-02-01 22:25
Pre-Run: 3.574.079.488 bytes beschikbaar
Post-Run: 3.635.257.344 bytes beschikbaar
- - End Of File - - F0BD886F2E7A949FF57F3AA64D315310
Hi,
Please see if you're able to run system critical area scan with Kaspersky successfully.
hey Blade,
the KAS scan did better, but it was stuck again, but thistime on 81% after a couple of hours. The timer just stops too and it doesn;t do anything. When i stopped the scan and tried to give you th repot it wouldn;t show either. i get a page error.
Hi,
Have you defragged the hard drive? Seeing that it's almost full there may be fragmentation on the drive.
hi,
i only have 5% HD space left and i need at least 15% so it won;t let me defrag the HD. I did it a while back, though.
Hi,
Could you move temporarily some non important stuff to external drive and then defrag? MyDefrag (http://www.mydefrag.com/) is handy for defragging as well.
i burnt some dvd's and defragmented the HD. I'm gonan run the scan now again to see if it works.
hi blade,
still no luck witht he KA scan.......it still stops at 81% even after defragging the HD.
Hi,
I wonder if it's the same file on each try that makes the scan stall. Please check hard drive for errors by following instructions here (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/kbtip.mspx).
If Kaspersky scan still fails after the operation then try this:
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is not checked.
Click Scan
Wait for the scan to finish
Copy and paste the report back here.
i'm doing the new scan now.....wasn't able to fix any errors if any, though.
it seemed to have found one threat so far i'll post in a little while when finished....
thanks
C:\Documents and Settings\K. Kuord\Bureaublad\u96\u96.exe probably a variant of Win32/Agent trojan
C:\Documents and Settings\K. Kuord\Mijn documenten\appz\splitter\keygen.exe probably a variant of Win32/Agent trojan
C:\Documents and Settings\K. Kuord\Mijn documenten\appz\Symantec Norton Antivirus 2005 (English) (149.9MB) (17 september 2004)\Key Generator\TMG-NAV2K5.EXE probably a variant of Win32/Agent trojan
C:\Documents and Settings\K. Kuord\Mijn documenten\Downloads\AVAST! 4.8.1358 PRO Latest Edition With Registration Keys (Antivirus + Antyspyware)\ setupengpro.exe a variant of Win32/Injector.AHI trojan
C:\Documents and Settings\K. Kuord\Mijn documenten\Downloads\Nidesoft.MP4.Video.Converter.v2.0.62.Cracked-EXPLOSiON\e-nmvc62\EXPLOSiON\crack.exe probably a variant of Win32/Agent trojan
C:\Program Files\Nidesoft MP4 Video Converter v2.0\crack.exe probably a variant of Win32/Agent trojan
C:\Program Files\PPStream\1.0.4.631\ppstreamsetup.exe probably a variant of Win32/TrojanClicker.Agent trojan
C:\Qoobox\Quarantine\C\Documents and Settings\K. Kuord\Application Data\setup.exe.vir a variant of Win32/Injector.AHI trojan
C:\Qoobox\Quarantine\C\windows\system32\H8SRTngqltqsmpl.dll.vir a variant of Win32/Kryptik.CEN trojan
C:\Qoobox\Quarantine\C\windows\system32\H8SRTuwuruunrhp.dll.vir a variant of Win32/Kryptik.CES trojan
C:\Qoobox\Quarantine\C\windows\system32\H8SRTxjeltcbvdy.dll.vir Win32/TrojanClicker.Agent.NIW trojan
C:\Qoobox\Quarantine\C\windows\system32\drivers\H8SRTymxbnevppx.sys.vir a variant of Win32/Olmarik.SR trojan
C:\System Volume Information\_restore{33E1171A-9DB4-4CC3-8634-089E1A43A347}\RP1606\A0281390.exe a variant of Win32/Injector.AHI trojan
C:\System Volume Information\_restore{33E1171A-9DB4-4CC3-8634-089E1A43A347}\RP1607\A0281817.exe a variant of Win32/Injector.AHI trojan
Hi,
Delete these files:
C:\Documents and Settings\K. Kuord\Mijn documenten\appz\splitter\keygen.exe
C:\Program Files\Nidesoft MP4 Video Converter v2.0\crack.exe
and folders:
C:\Documents and Settings\K. Kuord\Mijn documenten\appz\Symantec Norton Antivirus 2005 (English) (149.9MB) (17 september 2004)
C:\Documents and Settings\K. Kuord\Mijn documenten\Downloads\AVAST! 4.8.1358 PRO Latest Edition With Registration Keys (Antivirus + Antyspyware)
C:\Documents and Settings\K. Kuord\Mijn documenten\Downloads\Nidesoft.MP4.Video.Converter.v2.0.62.Cracked-EXPLOSiON
Also, if there's other copyrighted stuff you have to remove it.
After that, post a fresh dds log and let me know how's the system running now.
Hey Blade,
thanks for the help.....i removed the files, but i had to reinstall my Avast antivirus...i can uninstall and reinstall later if needed.
The system seems to be fast and working....no more weird restarting or freezig of the PC and no more radio ads going on by themselves.
i appreciate your help, bro.
thanks
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7-2-2004 10:53:25
System Uptime: 2-7-2010 17:31:49 (-3479 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 1913/166mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 21,192 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1592: 1-2-2010 21:13:50 - Controlepunt van systeem
RP1593: 2-2-2010 0:17:57 - Removed MP3 Player Utilities 4.05
RP1594: 2-2-2010 17:22:38 - Verwijderd: Adobe Reader 8.1.2 - Nederlands
RP1595: 2-2-2010 17:25:25 - Removed J2SE Runtime Environment 5.0 Update 10
RP1596: 2-2-2010 17:26:08 - Removed J2SE Runtime Environment 5.0 Update 11
RP1597: 2-2-2010 17:26:46 - Removed J2SE Runtime Environment 5.0 Update 2
RP1598: 2-2-2010 17:27:35 - Removed J2SE Runtime Environment 5.0 Update 6
RP1599: 2-2-2010 17:28:14 - Removed J2SE Runtime Environment 5.0 Update 9
RP1600: 2-2-2010 17:28:52 - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP1601: 2-2-2010 17:29:37 - Removed Java(TM) SE Runtime Environment 6 Update 1
RP1602: 2-2-2010 17:30:17 - Removed Java(TM) 6 Update 2
RP1603: 2-2-2010 17:30:53 - Removed Java(TM) 6 Update 3
RP1604: 2-2-2010 17:31:36 - Removed Java(TM) 6 Update 5
RP1605: 2-2-2010 17:32:19 - Removed Java(TM) 6 Update 7
RP1606: 2-2-2010 17:41:16 - Installed Adobe Reader 9.3 - Nederlands.
RP1607: 3-2-2010 23:09:35 - Controlepunt van systeem
RP1608: 5-2-2010 15:25:54 - Controlepunt van systeem
RP1609: 7-2-2010 1:16:35 - Controlepunt van systeem
==== Installed Programs ======================
7-Zip 4.64
AAC Decoder
Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.3 - Nederlands
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
AVI/MPEG/ASF/WMV Splitter 3.25
AVIcodec (remove only)
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB883939)
Beveiligingsupdate voor Windows XP (KB896688)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
BULLFROG GAMEPAD
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CDisplay 1.8
Compatibiliteitspakket voor het 2007 Microsoft Office system
CoreAAC Audio Decoder (remove only)
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Accelerator Plus
DVD X Ghost 1.5
EA SPORTS online 2007
ESET Online Scanner v3
Essentiële update voor Windows Media Player 11 (KB959772)
ffdshow (remove only)
FLV Player 1.3.3
FLV Player 2.0 (build 25)
Gebruikersregistratie voor Canon MP190 series
H.264 Decoder
Hijack This 1.99.1
HijackThis 1.99.1
hkSFV (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Huffyuv AVI lossless video codec (Remove Only)
InterVideo DeviceService
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
MainConcept MPEG Encoder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Editie 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MKV Splitter
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero - Burning Rom
Nero 7 Premium
NVIDIA Drivers
NvMixer
oggcodecs 0.71.0946
Orange Livebox
Parche Stats NBA Live 07
PartyPoker
PokerStars
Pop-Up Stopper Professional
PPStream V2.6.86.8989 Final
Proxy Changer
QuickTime
RealPlayer
RegistryBooster 2
Roster Season 06-07 for NBA live 06
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for CAPICOM (KB931906)
Segoe UI
SLD CODEC PACK 1.3
SopCast 3.2.4
The KMPlayer (remove only)
TigerGame Superjoy Box Series
Trillian
TVAnts 1.0
TVUPlayer 2.4.9.1
TypingMaster Pro
Update voor Windows Internet Explorer 8 (KB971930)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows XP (KB894391)
Update voor Windows XP (KB896727)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
Video to Audio Converter 1.00
VidGIF
VidGIF 2.3.0.1
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xilisoft MP4 Converter
XviD 1.1 final uninstall
==== End Of File ===========================
DDS (Ver_09-06-26.01) - NTFSx86
Run by K. Kuord at 18:50:50,54 on zo 07-02-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.214 [GMT 1:00]
AV: avast! antivirus 4.8.1356 [VPS 100206-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\K. Kuord\Bureaublad\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - c:\program files\dap\DAPBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [PopUpStopperProfessional] "c:\program files\panicware\pop-up stopper professional\PopUpStopperProfessional.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.05\amvconverter\grab.html
IE: Download &all with DAP - c:\progra~1\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.05\mediamanager\grab.html
IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\progra~1\dap\DAP.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/MMCShell.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} - hxxp://www.windowsecurity.com/trojanscan/TDECntrl.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2004-5-13 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2004-5-13 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-7 114768]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-2-7 138680]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-2-4 2368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-2-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-2-7 352920]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys --> c:\windows\system32\drivers\CDAWDM.sys [?]
=============== Created Last 30 ================
2010-02-06 23:32 <DIR> --d----- c:\program files\ESET
2010-02-04 18:28 <DIR> --d-hr-- c:\documents and settings\k. kuord\Onlangs geopend
2010-02-02 17:33 <DIR> --d----- c:\windows\system32\Adobe
2010-02-01 17:11 261,632 a------- c:\windows\PEV.exe
2010-02-01 17:11 161,792 a------- c:\windows\SWREG.exe
2010-02-01 17:11 98,816 a------- c:\windows\sed.exe
2010-02-01 17:11 77,312 a------- c:\windows\MBR.exe
2010-02-01 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 02:49 60 a------- c:\windows\MediaList.ini
2010-01-24 02:49 140 a------- c:\windows\powerlist.ini
2010-01-24 02:46 1,599 a------- c:\windows\psnetwork.ini
2010-01-24 02:46 879 a------- c:\windows\powerplayer.ini
2010-01-23 03:16 <DIR> --d----- c:\documents and settings\k. kuord\Downloads
2010-01-22 18:43 <DIR> --d----- c:\docume~1\k49eb~1.kuo\applic~1\CheckPoint
2010-01-22 18:42 <DIR> --d----- c:\program files\CheckPoint
2010-01-22 18:42 4,212 a---h--- c:\windows\system32\zllictbl.dat
2010-01-16 21:47 490 a---h--- C:\aaw7boot.cmd
2010-01-13 10:25 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll
2010-01-12 23:37 <DIR> --d----- c:\windows\SxsCaPendDel
==================== Find3M ====================
2010-01-23 01:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-21 20:10 916,480 -------- c:\windows\system32\wininet.dll
2009-12-09 20:52 444,960 a------- c:\windows\system32\perfh013.dat
2009-12-09 20:52 70,426 a------- c:\windows\system32\perfc013.dat
2009-11-21 17:03 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-21 09:14 143,360 a------- c:\docume~1\k49eb~1.kuo\applic~1\setup.exe
2009-11-01 20:42 39,916,560 a------- c:\docume~1\k49eb~1.kuo\applic~1\setupengpro.exe
2007-09-08 01:22 744 a------- c:\docume~1\k49eb~1.kuo\applic~1\filterclsid.dat
2006-06-15 20:24 56 ---shr-- c:\windows\system32\562AD544BF.sys
2008-10-25 22:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008102520081026\index.dat
============= FINISH: 18:51:31,42 ===============
Hi,
Seems that it's time for the final steps :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.