Hi, ive done as you said.
Here is my Combofix log. Only some things are in dutch, but must have the same meaning as in english.
Right under it is my NEW hijack this log. With the name; Scanner.exe
----------------------------------------------------------------------------------------------------------------------ComboFix 08-10-19.04 - Chris Holstein 2008-10-20 12:23:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1441 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Chris Holstein\Bureaublad\ComboFix.exe
* Resident AV is active
.
ADS - WINDOWS: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\BM6f7d738c.txt
C:\WINDOWS\BM6f7d738c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aqgahttl.dll
C:\WINDOWS\system32\arnnpfpq.dll
C:\WINDOWS\system32\CMWHRqss.ini
C:\WINDOWS\system32\CMWHRqss.ini2
C:\WINDOWS\system32\ectjew.dll
C:\WINDOWS\system32\flslfqmp.ini
C:\WINDOWS\system32\gqryup.dll
C:\WINDOWS\system32\ixgpppxl.ini
C:\WINDOWS\system32\kqovcfag.ini
C:\WINDOWS\system32\kyaifqec.ini
C:\WINDOWS\system32\lonwyssp.ini
C:\WINDOWS\system32\ltdshnuh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhrnvnsa.ini
C:\WINDOWS\system32\nefnsgrl.ini
C:\WINDOWS\system32\nsuimsbc.dll
C:\WINDOWS\system32\nxcmivjg.ini
C:\WINDOWS\system32\opwjoylq.dll
C:\WINDOWS\system32\qdoisnis.ini
C:\WINDOWS\system32\qlyojwpo.ini
C:\WINDOWS\system32\qpfpnnra.ini
C:\WINDOWS\system32\rkqflrmq.ini
C:\WINDOWS\system32\rtjjrikp.ini
C:\WINDOWS\system32\ssqRHWMC.dll
C:\WINDOWS\system32\ttoqdblu.ini
C:\WINDOWS\system32\urmambjk.ini
C:\WINDOWS\system32\vwxsrxjp.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-09-20 to 2008-10-20 ))))))))))))))))))))))))))))))
.
2008-10-19 16:31 . 2008-10-19 18:18 <DIR> dr-h----- C:\Documents and Settings\Chris Holstein\Onlangs geopend
2008-10-18 13:38 . 2008-10-18 13:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-18 13:38 . 2008-10-18 13:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-12 21:16 . 2008-10-12 21:16 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-10-09 20:17 . 2008-10-10 16:43 <DIR> d-------- C:\Program Files\Project64 1.6
2008-10-09 02:47 . 2008-10-09 02:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-07 14:07 . 2008-10-07 14:34 <DIR> d-------- C:\Program Files\Cheat Engine
2008-10-07 14:07 . 2005-09-04 00:48 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-10-07 14:07 . 2005-09-04 00:48 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-10-01 19:14 . 2008-10-20 12:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-30 21:20 . 2008-09-30 21:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 11:38 . 2008-09-27 11:38 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-25 17:03 . 2006-12-14 20:47 782,336 -ra------ C:\WINDOWS\system32\tmpCF.tmp
2008-09-24 10:17 . 2008-09-24 10:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-09-23 10:15 . 2008-09-23 10:15 <DIR> d-------- C:\Documents and Settings\Chris Holstein\Application Data\McAfee
2008-09-22 22:08 . 2008-09-23 09:44 318 --a------ C:\WINDOWS\WPE PRO - modified.INI
2008-09-22 19:07 . 2008-09-22 22:10 51 --a------ C:\WINDOWS\HexEditor_FindList.hed
2008-09-22 18:42 . 2008-09-22 20:40 336 --a------ C:\WINDOWS\WPE PRO.INI
2008-09-21 13:23 . 2008-09-21 13:23 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-09-21 13:23 . 2008-09-21 13:23 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-09-21 13:15 . 2008-09-21 13:15 <DIR> d-------- C:\WINDOWS\system32\nl
2008-09-21 13:15 . 2008-09-21 13:15 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-21 13:15 . 2008-09-21 13:15 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-21 13:12 . 2008-09-21 13:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-21 13:06 . 2008-09-21 13:06 <DIR> d-------- C:\WINDOWS\EHome
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 19:05 --------- d-----w C:\Program Files\Xfire
2008-10-19 19:05 --------- d-----w C:\Documents and Settings\Chris Holstein\Application Data\Xfire
2008-10-19 18:24 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-19 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-19 12:48 --------- d-----w C:\Documents and Settings\Chris Holstein\Application Data\Hamachi
2008-10-18 13:36 --------- d-----w C:\Program Files\World of Warcraft
2008-10-14 11:03 --------- d-----w C:\Documents and Settings\Chris Holstein\Application Data\uTorrent
2008-10-08 06:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-08 06:54 --------- d-----w C:\Program Files\AGEIA Technologies
2008-10-08 06:52 --------- d-----w C:\Program Files\Ubisoft
2008-10-05 16:03 --------- d-----w C:\Documents and Settings\Chris Holstein\Application Data\Winamp
2008-10-04 08:58 --------- d-----w C:\Program Files\EA Sports
2008-10-04 07:57 --------- d-----w C:\Documents and Settings\Chris Holstein\Application Data\GrabIt
2008-10-03 13:02 --------- d-----w C:\Program Files\Rockstar Games
2008-10-02 16:25 --------- d-----w C:\Program Files\McAfee
2008-10-02 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-02 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-25 15:03 --------- d-----w C:\Program Files\OpenAL
2008-09-15 14:44 --------- d-----w C:\Program Files\Steam
2008-09-13 11:19 --------- d-----w C:\Program Files\Maxis
2008-09-10 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-06 20:58 --------- d-----w C:\Program Files\EA Games
2008-09-06 14:37 --------- d-----w C:\Program Files\Battleships Forever
2008-09-04 12:15 --------- d-----w C:\Documents and Settings\Chris Holstein\Application Data\SPORE
2008-09-04 11:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 14:40 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 10:54 --------- d-----w C:\Program Files\Winamp
2008-08-30 10:49 --------- d-----w C:\Program Files\LimeWire
2008-08-27 18:16 --------- d-----w C:\Program Files\VstPlugins
2008-08-27 18:16 --------- d-----w C:\Program Files\Image-Line
2008-08-12 16:33 22,328 ----a-w C:\Documents and Settings\Chris Holstein\Application Data\PnkBstrK.sys
2008-04-20 20:26 1 ----a-w C:\Documents and Settings\Chris Holstein\SI.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 1103480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 8523776]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\Chris Holstein\Menu Start\Programma's\Opstarten\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-10-09 3098448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris Holstein^Menu Start^Programma's^Opstarten^Alienware Dock.lnk]
path=C:\Documents and Settings\Chris Holstein\Menu Start\Programma's\Opstarten\Alienware Dock.lnk
backup=C:\WINDOWS\pss\Alienware Dock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris Holstein^Menu Start^Programma's^Opstarten^VirtuaGirl HD.LNK]
path=C:\Documents and Settings\Chris Holstein\Menu Start\Programma's\Opstarten\VirtuaGirl HD.LNK
backup=C:\WINDOWS\pss\VirtuaGirl HD.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWave]
--a------ 2008-04-17 18:21 499716 C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 19:02 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2005-10-31 11:51 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 12:34 2772992 C:\Program Files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 23:57 1103480 C:\Program Files\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 19:03 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 03:49 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-03-04 12:02 8523776 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-03-04 12:02 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 09:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-31 11:24 1271032 c:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-08 16:31 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-03-27 08:35 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xfire Music]
--a------ 2006-11-21 04:12 253650 C:\Program Files\Xfire\xfiremusic.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 02:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2006-05-05 00:26 2808832 C:\WINDOWS\alcwzrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2005-05-03 20:38 64512 C:\WINDOWS\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-03-21 22:49 16126464 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-03-16 23:06 1822720 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-22 00:14 86016 C:\WINDOWS\SoundMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\EA GAMESs\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
R2 BroadWaveService;BroadWave;C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe [2008-04-17 499716]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 WMDrive;WMDrive;C:\WINDOWS\system32\drivers\WMDrive.sys [2008-08-19 12288]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2008-02-19 38656]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 wvstljh;wvstljh;C:\Documents and Settings\Chris Holstein\Bureaublad\wow glider\wvstljh.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f7214e2-027f-11dd-9ef8-001e8c9a0e6d}]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e31cd4-0f1d-11dd-9f11-001e8c9a0e6d}]
\Shell\AutoRun\command - P:\Autorun.exe
.
Inhoud van de 'Gedeelde Taken' map
2008-07-14 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-07-06 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-20 C:\WINDOWS\Tasks\PCConfidential.job
- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe []
2008-10-15 C:\WINDOWS\Tasks\rpc.job
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{0223218E-35B0-499B-BB4D-D5E1677198Ae} - (no file)
BHO-{6dc2e29c-18c6-4b17-a6ad-d72ebe93c398} - C:\WINDOWS\system32\ectjew.dll
BHO-{EE23CB47-6322-4BA8-AD68-4E778D71B5E1} - C:\WINDOWS\system32\ssqRHWMC.dll
HKLM-Run-6c4e4010 - C:\WINDOWS\system32\arnnpfpq.dll
Notify-awtusrRh - awtusrRh.dll
MSConfigStartUp-AAWTray - C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MSConfigStartUp-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BM6f7d738c - C:\WINDOWS\system32\htwnksda.dll
MSConfigStartUp-VRS - C:\Program Files\NCH Swift Sound\VRS\vrs.exe
.
------- Bijkomende Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Chris Holstein\Application Data\Mozilla\Firefox\Profiles\acm788bz.default\
FF -: plugin - C:\Program Files\Download Manager\npfpdlm.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1172.2021\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NpFv415.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-20 12:30:04
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Voltooingstijd: 2008-10-20 12:37:17 - machine werd herstart [Chris Holstein]
ComboFix-quarantined-files.txt 2008-10-20 10:37:07
Pre-Run: 58,961,883,136 bytes beschikbaar
Post-Run: 59,340,619,776 bytes beschikbaar
325 --- E O F --- 2008-09-22 21:35:41
-------------------------------------------------------------------------------------------------This is my hijack this logfile.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:57, on 20-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my2.freeze.com/?AcquisitionID=57 ... 6c&s=&ipc=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) -
http://www.yougamers.com/systeminfo/MSC3.cabO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BroadWave (BroadWaveService) - NCH Software - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 9742 bytes