Jump to content

Bigglet

Honorary Members
 View Profile  See their activity

  • Posts

    43

  • Joined

  • Last visited

 Content Type 

Everything posted by Bigglet

  1. Bigglet
    So, since my last post alot has happened. Only got it back yesterday. Apparently my retailer miss-informed me that it was already back in their depot, it wasn't. A long week and 7 phonecalls later it still wasn't in. Then, 3 days ago they said it got in and they sent it to me. So a good 8 weeks before I got it back, great customer support... However, everything aside, it does work again, which was the only thing I've been waiting for all this time. Just a heads up when buying a main component from asus in the future for any of you
  2. Bigglet
    So, little update from my side: after 7(!) weeks I have finally received word that my motherboard is back on it's way home. Thanks ASUS for your lovely customer support.
  3. Bigglet
    So, according to my retailer the power connector to the CPU short-circuited and fried both the connector and my CPU. CPU has already been replaced under warranty and the main board will have to be sent back to ASUS for them to investigate and repair it themselves, sadly they don't replace items on-the-fly so I'll be stuck with my old rig for a couple more weeks *sob*. Could've had them send it back and take 5-8 weeks or send it myself and take 2-4 weeks so I've chosen the latter. Will post an update when it's there.
  4. Bigglet
    What are the odds of the ATX12v connector that takes the power from my PSU being fried compared to my CPU dieing at random? I don't see any case why the CPU should be dead in any case, temperatures weren't too high nor was the voltage. It just doesn't make sense unless my PSU had a random power surge or something of the like. Trying to compare what could've gone wrong... I find it weird that the connector would die at random too, nothing crazy happened with it at all since it was overclocked. Even ran prime 95 stable for an hour at some higher temperatures, but it died randomly 4 days later. Oh well, shipping it back to the retailer on wednesday and I'll have the finalising answer then...
  5. Bigglet
    Thanks for trying to help, it´s appreciated, although overclocking an i5 to 4.5 Ghz is perfectly fine with just stock items according to a lot of websites. I´ve had it run stable at 4.7 Ghz for a day aswell but it got too hot for my taste. Keep in mind that these ´2500K´ and ´i7 2600K´s are specifically designed for overclocks. I have a friend of mine who runs his baby stable at 5.7 Ghz and has it had running stable for three quarters of a year. Obviously has a little better cooling but just saying it´s far from impossible to run at these speeds. 3.4 Ghz is hardly an overclock for a 3.3 Ghz standard CPU . But yeah, once I get a new CPU I will take it easier and try some lower frequencies. Contacted my dealer and heading off on wednesday to get it checked to definitely know if it´s toast. Apparently if it didn´t get fried to over-voltaging it there isnt even a way of telling whether you overclocked it or not, thus being covered under warranty, which might be my luck. Will keep you posted as the story unfolds...
  6. Bigglet
    The problem is I can't get into my BIOS as this requires my CPU to be active, and as either the CPU or the power connector to it are messed up, this is impossible. I've plugged the CMOS jumper and put it onto pin 2-3 for ~10sec as said in the manua to reset CMOS. No effect, CPU should be downclocked to original setting though. Board Im using is the Asus P8P67 and my cooling is sufficient as I've been running it stable for a small week 24/7 (I dont turn it off over night). Under load it runs at around 53 degrees C and while running prime 95 it jumps up to 65 degrees which is hot but still pulls off (it never reaches max load under the circumstances I use it, though). My cooler is a Noctua NH-U9D SE2. Just to be sure, clearing the CMOS by the jumper as said in manual resets everything stored in the BIOS settings to default, right? I am about to return the pieces to my manufacturer this week, but if I can test or solve anything myself further I obviously want to do it as I cant miss the PC.
  7. Bigglet
    Hi there MB users, Recently I´ve run into a serious problem with a new PC I built. In the middle of playing a game two nights ago my PC shut down and refused to show any form of life ever since. Brought my PC to the store and had it checked, unfortunately they told me it was a PSU problem, but it wasn´t. I´ve used 3 different PSU´s and all three show the same problem. I can plug in all cables and the CPU fan will spin 1/4th of a rotation before it shuts down, after that, powering on gives no sign of life whatsoever untill I unplug the mainboard power cable and switch the PSU off and back on. My current thoughts are it is a problem with my CPU. If I plug in every cable except for the CPU one, it´ll run. Obviously no screen or boot-up without a CPU, but everything else is powered on. As soon as I plug in the CPU cables and power on, it does nothing. Same with all three PSU´s. Now how can I check whether it is a problem with the CPU power connector or the CPU itself? Specs: CPU: Intel i5 2500k (overclocked it to 4.5 ghz @ 1.3 volts, this might have caused a short circuit? Only overclocked it a couple of days ago though.) GPU: ATI Radeon HD 6950 2GB Mem: 2x 4GB Kingston DDR3 1600 Mhz RAM HDD: 2x 500GB WD 7200 rpm SSD: OCZ Vertex3 120 GB PSU: Corsair 750W <tested> PSU2: Corsair 600W <tested> PSU3: Standard 400W (d/k brand) from stock PC <tested> OS: Windows 7 64 bit I have cleared my CMOS without any positive results aswell. Am really desperate for options... Still under warranty though as it´s only 6 months old. Thanks in advance for any help! Bigglet
  8. Bigglet
    Okay that would be all I need then Much love and stuff to you and the rest of malwarebytes voluntary helpers! <3 Topic can be closed as far as I can say, thats another happy malwarebytes user
  9. Bigglet
    Read the above and deleted the programs. How about that other program that was required to undo the virtual CD/DVD drives or something? Something I had to install to be able to scan properly... can't find the name right now but according to the topic that redirected me here I had to do it and so I have, waiting for further instructions to re-enable it again, that's safe too I'm guessing? If so, could you please relink that program one last time? Other than that, again, thanks a huge lot for your assistance, no more farm animals driving me nuts through my speakers
  10. Bigglet
    I imagine the NOD32 AV I currently have installed would produce the same result but I ran the online scan anyway, no log file created so I'll just post the screenshot. Green light after all this I take it? If so, thanks alot again!
  11. Bigglet
    Right, I haven't heard the sound play anymore, so I'm assuming it's gone, as the scans don't reveal anything either. Updated JAVA and ran another MBAM scan, results are here: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4402 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 7-8-2010 16:42:11 mbam-log-2010-08-07 (16-42-11).txt Scantype: Volledige scan (C:\|D:\|) Objecten gescand: 307916 Verstreken tijd: 1 uur/uren, 1 minuut/minuten, 44 seconde(n) Geheugenprocessen ge
  12. Bigglet
    Hah very well then, makes things easier eh Here's the log you requested: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000003ec Kernel Drivers (total 165): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xB85A8000 \WINDOWS\system32\KDCOM.DLL 0xB84B8000 \WINDOWS\system32\BOOTVID.dll 0xB7F78000 ACPI.sys 0xB85AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xB7F67000 pci.sys 0xB80A8000 isapnp.sys 0xB8670000 pciide.sys 0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xB80B8000 MountMgr.sys 0xB7F48000 ftdisk.sys 0xB85AC000 dmload.sys 0xB7F22000 dmio.sys 0xB8330000 PartMgr.sys 0xB80C8000 VolSnap.sys 0xB7F0A000 atapi.sys 0xB80D8000 jraid.sys 0xB7EF2000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xB80E8000 disk.sys 0xB80F8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xB7ED2000 fltmgr.sys 0xB7EC0000 sr.sys 0xB8108000 PxHelp20.sys 0xB7EA9000 KSecDD.sys 0xB7E96000 WudfPf.sys 0xB7E09000 Ntfs.sys 0xB7DDC000 NDIS.sys 0xB8118000 Combo-Fix.sys 0xB7DC2000 Mup.sys 0xB85AE000 JGOGO.sys 0xB8574000 \SystemRoot\System32\DRIVERS\tunmp.sys 0xB8218000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xB6F41000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB6F2D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB83C8000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xB6F09000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xB83D0000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xB6EE1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB6E60000 \SystemRoot\system32\drivers\ctaud2k.sys 0xB6E3C000 \SystemRoot\system32\drivers\portcls.sys 0xB8238000 \SystemRoot\system32\drivers\drmk.sys 0xB6E19000 \SystemRoot\system32\drivers\ks.sys 0xB6DE4000 \SystemRoot\system32\drivers\ctoss2k.sys 0xB83D8000 \SystemRoot\system32\drivers\ctprxy2k.sys 0xB6CA7000 \SystemRoot\system32\DRIVERS\WMP300Nv2.sys 0xB8248000 \SystemRoot\System32\DRIVERS\serial.sys 0xB857C000 \SystemRoot\System32\DRIVERS\serenum.sys 0xB85D2000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0xB6C93000 \SystemRoot\System32\DRIVERS\parport.sys 0xB8258000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xB8580000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys 0xB83E0000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xB8268000 \SystemRoot\System32\DRIVERS\imapi.sys 0xB85D4000 \SystemRoot\System32\Drivers\ElbyDelay.sys 0xB83E8000 \SystemRoot\System32\Drivers\ElbyCDFL.sys 0xB6C7D000 \SystemRoot\System32\Drivers\AnyDVD.sys 0xB8278000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xB8288000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB6C6C000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys 0xB879C000 \SystemRoot\System32\DRIVERS\audstub.sys 0xB82E8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xB858C000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB6C55000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xB82F8000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xB8308000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xB83F8000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xB6C44000 \SystemRoot\System32\DRIVERS\psched.sys 0xB8318000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xB8400000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xB8408000 \SystemRoot\System32\DRIVERS\raspti.sys 0xB7994000 \SystemRoot\System32\Drivers\pcouffin.sys 0xB85EA000 \SystemRoot\System32\Drivers\RootMdm.sys 0xB8410000 \SystemRoot\System32\Drivers\Modem.SYS 0xB6C14000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xB7984000 \SystemRoot\System32\DRIVERS\termdd.sys 0xB8418000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xB85EC000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB6BB6000 \SystemRoot\System32\DRIVERS\update.sys 0xB85A0000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xB86D2000 \SystemRoot\system32\drivers\portio32.sys 0xB7974000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB7964000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xB85F0000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xB4A1A000 \SystemRoot\system32\drivers\ADIHdAud.sys 0xB4A03000 \SystemRoot\system32\drivers\AEAudio.sys 0xB49A3000 \SystemRoot\system32\drivers\Senfilt.sys 0xB3675000 \SystemRoot\system32\drivers\ha20x22k.sys 0xB3645000 \SystemRoot\system32\drivers\emupia2k.sys 0xB361B000 \SystemRoot\system32\drivers\ctsfm2k.sys 0xB3606000 \SystemRoot\System32\drivers\CTHWIUT.SYS 0xB35D1000 \SystemRoot\System32\drivers\CT20XUT.SYS 0xB3483000 \SystemRoot\System32\drivers\CTEXFIFX.SYS 0xB85F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB870B000 \SystemRoot\System32\Drivers\Null.SYS 0xB85F8000 \SystemRoot\System32\Drivers\Beep.SYS 0xB343E000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0xB8438000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS 0xB8440000 \SystemRoot\System32\drivers\vga.sys 0xB85FA000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xB85FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xB8448000 \SystemRoot\System32\Drivers\Msfs.SYS 0xB8450000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB855C000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB340B000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB33B2000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xB338A000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB3364000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xB7924000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xB332C000 \SystemRoot\System32\DRIVERS\tcpip6.sys 0xB3313000 \SystemRoot\system32\DRIVERS\epfwtdir.sys 0xB7914000 \SystemRoot\system32\drivers\ip6fw.sys 0xB8570000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xB3251000 \SystemRoot\System32\drivers\afd.sys 0xB7904000 \SystemRoot\System32\DRIVERS\netbios.sys 0xB3216000 \??\C:\WINDOWS\system32\Drivers\vmm.sys 0xB8458000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0xB31C3000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xB3153000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xB8178000 \SystemRoot\System32\Drivers\Fips.SYS 0xB8460000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xB8468000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys 0xB8470000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS 0xB81A8000 \SystemRoot\System32\Drivers\LHidUsbK.Sys 0xB81B8000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0xB81C8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB8480000 \SystemRoot\System32\DRIVERS\usbccgp.sys 0xB8488000 \SystemRoot\system32\DRIVERS\LHidKE.Sys 0xB4A6A000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xB311A000 \SystemRoot\system32\DRIVERS\LMouKE.Sys 0xB81D8000 \SystemRoot\system32\drivers\LVUSBSta.sys 0xB2B09000 \SystemRoot\system32\DRIVERS\lvuvc.sys 0xB81E8000 \SystemRoot\system32\drivers\usbaudio.sys 0xB2A4F000 \SystemRoot\system32\DRIVERS\lvrs.sys 0xB2A37000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xB8602000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB346F000 \SystemRoot\System32\drivers\Dxapi.sys 0xB8490000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xB8794000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xB233B000 \SystemRoot\system32\DRIVERS\eamon.sys 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB231B000 \SystemRoot\system32\DRIVERS\mdc8021x.sys 0xB21E5000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xB2477000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xB226B000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xB1FF0000 \SystemRoot\system32\drivers\wdmaud.sys 0xB214D000 \SystemRoot\system32\drivers\sysaudio.sys 0xB211D000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xB1F25000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xB85DC000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB1EE2000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xB1DB1000 \SystemRoot\System32\Drivers\HTTP.sys 0xB84A8000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xB1C6A000 \SystemRoot\System32\DRIVERS\srv.sys 0xB83B8000 \SystemRoot\system32\Drivers\LVPr2Mon.sys 0xB861C000 \??\C:\WINDOWS\nvoclock.sys 0xB16F1000 \??\C:\PROGRA~1\Linksys\WMP300N\GTNDIS5.SYS 0xB8420000 \??\C:\DOCUME~1\BJORNH~1\LOCALS~1\Temp\mbr.sys 0xB1462000 \SystemRoot\system32\drivers\kmixer.sys 0xB8428000 \??\C:\ComboFix\catchme.sys 0xB866C000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 48): 0 System Idle Process 4 System 744 C:\WINDOWS\system32\smss.exe 824 csrss.exe 860 C:\WINDOWS\system32\winlogon.exe 904 C:\WINDOWS\system32\services.exe 916 C:\WINDOWS\system32\lsass.exe 1092 C:\WINDOWS\system32\nvsvc32.exe 1144 C:\WINDOWS\system32\svchost.exe 1232 svchost.exe 1368 C:\WINDOWS\system32\svchost.exe 1412 C:\WINDOWS\system32\svchost.exe 1608 svchost.exe 1732 svchost.exe 1924 C:\WINDOWS\system32\spoolsv.exe 1968 C:\Program Files\Creative\Shared Files\CTAudSvc.exe 652 svchost.exe 784 C:\WINDOWS\system32\CTSVCCDA.EXE 820 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 1136 C:\WINDOWS\system32\svchost.exe 1212 C:\WINDOWS\system32\svchost.exe 1460 C:\WINDOWS\system32\svchost.exe 1504 C:\Program Files\Java\jre6\bin\jqs.exe 1624 C:\WINDOWS\system32\svchost.exe 200 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe 280 C:\WINDOWS\system32\svchost.exe 396 sqlbrowser.exe 444 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 488 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 496 C:\WINDOWS\system32\svchost.exe 552 C:\Program Files\Linksys\WMP300N\WLService.exe 244 C:\Program Files\Linksys\WMP300N\WMP300N.exe 2040 wmpnetwk.exe 2628 alg.exe 2868 C:\Program Files\Creative\Volume Panel\VolPanlu.exe 3112 C:\WINDOWS\system32\rundll32.exe 3196 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 3284 C:\WINDOWS\system32\CTxfispi.exe 6864 C:\WINDOWS\explorer.exe 10196 C:\WINDOWS\system32\notepad.exe 4736 C:\Program Files\Mozilla Firefox\firefox.exe 6272 C:\Program Files\Mozilla Firefox\plugin-container.exe 8612 C:\Program Files\Windows Defender\MsMpEng.exe 2268 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3556 C:\WINDOWS\system32\ctfmon.exe 976 C:\Program Files\Windows Live\Contacts\wlcomm.exe 1072 C:\Program Files\Winamp\winamp.exe 1692 C:\Documents and Settings\Bjorn Hamburg\Bureaublad\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-10 PhysicalDrive1 Model Number: WDCWD5000AAKS-00YGA0, Rev: 12.01C02 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 465 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!
  13. Bigglet
    I am now being helped in the thread you directed me to, this topic can be closed, thank you for your time and effort!
  14. Bigglet
    Hi there Elise and thank you for your time and effort in trying to help me. I ran ComboFix and it produces a log accordingly, which I'll post up, some parts are apparently in dutch so if you need them translated let me know. I think it is cleaned but I'll leave that decision up to you. Thank you either way and I hope to hear from you soon <3 ComboFix 10-08-06.03 - Bjorn Hamburg 07-08-2010 13:10:32.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1507 [GMT 2:00] Gestart vanuit: c:\documents and settings\Bjorn Hamburg\Bureaublad\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Aanwezig AV is actief . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bjorn Hamburg\Application Data\.# c:\documents and settings\Bjorn Hamburg\Application Data\inst.exe c:\windows\system32\_004058_.tmp.dll c:\windows\system32\_004059_.tmp.dll c:\windows\system32\_004060_.tmp.dll c:\windows\system32\_004061_.tmp.dll c:\windows\system32\_004068_.tmp.dll c:\windows\system32\_004069_.tmp.dll c:\windows\system32\_004070_.tmp.dll c:\windows\system32\_004071_.tmp.dll c:\windows\system32\_004072_.tmp.dll c:\windows\system32\_004073_.tmp.dll c:\windows\system32\_004074_.tmp.dll c:\windows\system32\_004075_.tmp.dll c:\windows\system32\_004076_.tmp.dll c:\windows\system32\_004077_.tmp.dll c:\windows\system32\_004078_.tmp.dll c:\windows\system32\_004079_.tmp.dll c:\windows\system32\_004080_.tmp.dll c:\windows\system32\_004081_.tmp.dll c:\windows\system32\_004083_.tmp.dll c:\windows\system32\_004086_.tmp.dll c:\windows\system32\_004087_.tmp.dll c:\windows\system32\_004091_.tmp.dll c:\windows\system32\_004092_.tmp.dll c:\windows\system32\_004093_.tmp.dll c:\windows\system32\_004094_.tmp.dll c:\windows\system32\_004095_.tmp.dll c:\windows\system32\_004096_.tmp.dll c:\windows\system32\_004097_.tmp.dll c:\windows\system32\_004099_.tmp.dll c:\windows\system32\_004100_.tmp.dll c:\windows\system32\_004101_.tmp.dll c:\windows\system32\_004102_.tmp.dll c:\windows\system32\_004103_.tmp.dll c:\windows\system32\_004104_.tmp.dll c:\windows\system32\_004105_.tmp.dll c:\windows\system32\_004106_.tmp.dll c:\windows\system32\_004107_.tmp.dll c:\windows\system32\_004108_.tmp.dll c:\windows\system32\_004109_.tmp.dll c:\windows\system32\_004112_.tmp.dll c:\windows\system32\_004113_.tmp.dll c:\windows\system32\_004114_.tmp.dll c:\windows\system32\_004116_.tmp.dll c:\windows\system32\_004117_.tmp.dll c:\windows\system32\_004118_.tmp.dll c:\windows\system32\_004119_.tmp.dll c:\windows\system32\_004121_.tmp.dll c:\windows\system32\_004124_.tmp.dll c:\windows\system32\_004125_.tmp.dll c:\windows\system32\_004129_.tmp.dll c:\windows\system32\_004130_.tmp.dll c:\windows\system32\_004132_.tmp.dll c:\windows\system32\_004135_.tmp.dll c:\windows\system32\_004137_.tmp.dll c:\windows\system32\_004138_.tmp.dll c:\windows\system32\_004139_.tmp.dll c:\windows\system32\_004140_.tmp.dll c:\windows\system32\_004143_.tmp.dll c:\windows\system32\_004144_.tmp.dll c:\windows\system32\_004145_.tmp.dll c:\windows\system32\_004146_.tmp.dll c:\windows\system32\_004147_.tmp.dll c:\windows\system32\_004148_.tmp.dll c:\windows\system32\_004152_.tmp.dll c:\windows\system32\_004154_.tmp.dll c:\windows\system32\_006204_.tmp.dll c:\windows\system32\_006205_.tmp.dll c:\windows\system32\_006206_.tmp.dll c:\windows\system32\_006207_.tmp.dll c:\windows\system32\_006214_.tmp.dll c:\windows\system32\_006215_.tmp.dll c:\windows\system32\_006216_.tmp.dll c:\windows\system32\_006217_.tmp.dll c:\windows\system32\_006219_.tmp.dll c:\windows\system32\_006220_.tmp.dll c:\windows\system32\_006223_.tmp.dll c:\windows\system32\_006224_.tmp.dll c:\windows\system32\_006226_.tmp.dll c:\windows\system32\_006227_.tmp.dll c:\windows\system32\_006228_.tmp.dll c:\windows\system32\_006230_.tmp.dll c:\windows\system32\_006233_.tmp.dll c:\windows\system32\_006234_.tmp.dll c:\windows\system32\_006238_.tmp.dll c:\windows\system32\_006239_.tmp.dll c:\windows\system32\_006241_.tmp.dll c:\windows\system32\_006244_.tmp.dll c:\windows\system32\_006246_.tmp.dll c:\windows\system32\_006247_.tmp.dll c:\windows\system32\_006248_.tmp.dll c:\windows\system32\_006249_.tmp.dll c:\windows\system32\_006250_.tmp.dll c:\windows\system32\_006253_.tmp.dll c:\windows\system32\_006254_.tmp.dll c:\windows\system32\_006255_.tmp.dll c:\windows\system32\_006256_.tmp.dll c:\windows\system32\_006257_.tmp.dll c:\windows\system32\_006258_.tmp.dll c:\windows\system32\_006262_.tmp.dll c:\windows\system32\_006264_.tmp.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\skinboxer43.dll c:\windows\system32\wpcap.dll . \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF (((((((((((((((((((( Bestanden Gemaakt van 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))) . 2010-08-06 10:44 . 2010-08-06 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-08-05 16:05 . 2010-08-05 16:05 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\Malwarebytes 2010-08-05 16:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-05 16:04 . 2010-08-05 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-05 16:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-05 16:04 . 2010-08-05 16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-05 11:53 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-08-05 11:53 . 2010-08-05 11:53 -------- d-----w- c:\program files\Windows Defender 2010-08-02 15:03 . 2010-08-06 01:39 -------- d--h--r- c:\documents and settings\Bjorn Hamburg\Onlangs geopend 2010-08-01 14:03 . 2010-08-06 17:27 -------- d-----w- c:\program files\StarCraft II 2010-08-01 12:01 . 2010-08-01 12:01 -------- d-----w- c:\program files\CCleaner 2010-07-30 15:15 . 2010-07-30 15:15 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-07-28 19:58 . 2010-08-06 17:24 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-07-28 19:58 . 2010-08-01 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2010-07-28 19:56 . 2010-07-28 19:57 -------- d-----w- C:\StarCraft II 2010-07-26 20:57 . 2007-06-27 06:00 61440 ----a-w- c:\windows\system32\zIMF.DLL 2010-07-26 20:57 . 2007-06-27 06:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\zIMFPRNT.DLL 2010-07-26 20:57 . 2007-06-27 06:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL 2010-07-26 20:55 . 2010-07-26 20:55 -------- d-----w- c:\program files\Hewlett-Packard 2010-07-23 08:34 . 2010-07-23 08:34 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-07-22 16:37 . 2010-07-23 08:34 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\HpUpdate 2010-07-22 16:37 . 2010-07-22 16:37 -------- d-----w- c:\windows\Hewlett-Packard 2010-07-19 18:19 . 2010-07-19 18:19 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\UDC Profiles 2010-07-19 17:44 . 2010-07-19 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2010-07-19 17:42 . 2010-07-19 17:42 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Local Settings\Application Data\HP 2010-07-19 17:41 . 2010-07-19 17:44 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\HP 2010-07-19 17:40 . 2009-04-20 10:23 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll 2010-07-19 17:40 . 2009-04-20 10:23 123904 ----a-w- c:\windows\system32\hpf3l70w.dll 2010-07-19 17:40 . 2009-04-15 14:53 452408 ----a-r- c:\windows\system32\hpzids01.dll 2010-07-19 17:39 . 2009-02-10 13:03 315392 ----a-r- c:\windows\system32\hposc_p02a.dll 2010-07-19 17:39 . 2008-10-28 03:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll 2010-07-19 17:39 . 2008-10-28 03:27 309760 ----a-r- c:\windows\system32\difxapi.dll 2010-07-19 17:39 . 2009-02-10 13:03 966656 ----a-r- c:\windows\system32\hpost_p02f.dll 2010-07-19 17:39 . 2009-02-10 13:03 712704 ----a-r- c:\windows\system32\hposwia_p02f.dll 2010-07-19 17:39 . 2001-09-06 18:47 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2010-07-19 17:39 . 2001-09-06 18:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys 2010-07-19 11:35 . 2010-07-19 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2010-07-19 11:33 . 2010-07-19 11:33 -------- d-----w- c:\program files\Common Files\HP 2010-07-19 11:33 . 2010-07-19 11:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-07-19 11:33 . 2010-07-19 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-07-19 11:31 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-07-19 11:31 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-07-19 11:27 . 2010-07-19 17:44 204556 ----a-w- c:\windows\hpoins39.dat 2010-07-19 11:27 . 2009-06-11 02:32 703 ------w- c:\windows\hpomdl39.dat 2010-07-15 13:17 . 2010-07-19 11:36 -------- d-----w- c:\program files\HP 2010-07-13 21:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-11 14:14 . 2010-01-24 14:46 -------- d-----w- C:\eset_upd_3_(4800) 2010-07-11 13:42 . 2010-07-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-07-11 11:40 . 2010-07-11 11:40 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin 2010-07-11 11:39 . 2010-08-05 18:11 -------- d-----w- c:\program files\jv16 PowerTools 2010 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-07 11:21 . 2009-01-08 21:40 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-08-07 11:21 . 2009-01-08 21:39 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-08-06 10:39 . 2008-02-24 20:24 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\uTorrent 2010-08-06 01:46 . 2010-06-09 20:51 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\vlc 2010-08-05 16:25 . 2009-01-22 15:15 -------- d-----w- c:\program files\Messenger Plus! Live 2010-08-04 18:36 . 2008-07-04 23:03 -------- d-----w- c:\program files\MPlayer for Windows 2010-07-31 11:11 . 2009-09-02 15:32 99 ----a-w- c:\documents and settings\Bjorn Hamburg\jagex_runescape_preferences2.dat 2010-07-31 11:11 . 2010-03-24 17:32 41 ----a-w- c:\documents and settings\Bjorn Hamburg\jagex__preferences3.dat 2010-07-31 11:10 . 2008-07-05 19:47 46 ----a-w- c:\documents and settings\Bjorn Hamburg\jagex_runescape_preferences.dat 2010-07-31 02:15 . 2009-02-08 21:19 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\LimeWire 2010-07-30 21:24 . 2007-08-10 11:58 -------- d-----w- c:\program files\Winamp 2010-07-30 18:19 . 2007-08-13 02:40 -------- d-----w- c:\program files\Incomplete 2010-07-30 18:15 . 2007-08-10 12:13 -------- d-----w- c:\program files\My Music 2010-07-28 20:18 . 2010-07-28 20:18 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-07-27 01:50 . 2010-07-27 01:50 0 ----a-w- c:\documents and settings\Bjorn Hamburg\ntuser.tmp 2010-07-23 00:40 . 2007-08-10 21:00 -------- d-----w- c:\program files\VentriloMIX 2010-07-19 17:41 . 2007-08-10 13:17 77016 ----a-w- c:\documents and settings\Bjorn Hamburg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-13 23:11 . 2008-08-31 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-11 13:30 . 2007-10-27 21:29 -------- d-----w- c:\program files\ESET 2010-07-11 11:57 . 2007-08-10 14:53 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\Ventrilo 2010-07-11 11:40 . 2010-07-11 11:40 22 --sha-w- c:\documents and settings\Bjorn Hamburg\Application Data\Sys6925.Config Collection.sys 2010-07-11 11:40 . 2010-07-11 11:40 22 --sha-w- c:\documents and settings\Bjorn Hamburg\Application Data\Sys6925.Config Collection.sys 2010-07-10 17:51 . 2007-08-11 10:26 -------- d-----w- c:\program files\CyberLink 2010-07-10 17:40 . 2010-06-13 23:16 -------- d-----w- c:\program files\Acro Software 2010-07-10 17:34 . 2008-10-01 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-07-10 17:31 . 2009-01-17 10:28 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-07-10 17:29 . 2010-04-24 03:28 -------- d-----w- c:\program files\Nokia 2010-07-10 17:25 . 2001-09-07 14:00 578476 ----a-w- c:\windows\system32\perfh013.dat 2010-07-10 17:25 . 2001-09-07 14:00 118626 ----a-w- c:\windows\system32\perfc013.dat 2010-07-10 17:17 . 2007-08-09 20:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-06 11:35 . 2009-01-14 23:45 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\Hamachi 2010-07-05 20:40 . 2010-06-23 19:25 -------- d-----w- c:\program files\7-Zip 2010-07-05 17:59 . 2007-08-16 00:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-07-01 21:38 . 2007-10-10 20:09 -------- d-----w- c:\program files\Registry Clean Expert 2010-07-01 21:12 . 2010-07-01 21:12 -------- d-----w- c:\program files\Firefly Studios 2010-06-30 08:26 . 2010-06-24 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-29 17:17 . 2010-06-24 21:54 25 ----a-w- c:\windows\popcinfot.dat 2010-06-29 09:49 . 2007-08-10 13:39 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-29 09:30 . 2009-10-06 15:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-28 18:27 . 2008-12-24 21:15 -------- d-----w- c:\program files\Gpotato 2010-06-27 12:48 . 2007-08-13 02:37 -------- d-----w- c:\program files\LimeWire 2010-06-27 12:40 . 2009-08-28 16:36 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\Samsung 2010-06-27 12:40 . 2009-08-28 16:35 -------- d-----w- c:\program files\Samsung 2010-06-27 12:36 . 2007-08-10 00:29 -------- d-----w- c:\program files\BitLord 2010-06-25 08:48 . 2007-08-10 21:49 -------- d-----w- c:\program files\Google 2010-06-24 21:56 . 2010-06-24 21:56 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-06-23 20:01 . 2010-06-23 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2010-06-19 18:25 . 2007-09-09 12:49 -------- d-----w- c:\documents and settings\Bjorn Hamburg\Application Data\Vso 2010-06-15 12:04 . 2008-02-24 20:26 -------- d-----w- c:\program files\uTorrent 2010-06-14 14:31 . 2007-08-09 19:34 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-12 19:58 . 2007-08-10 01:02 -------- d-----w- c:\program files\Steam 2010-05-23 14:16 . 2010-05-23 14:16 503808 ----a-w- c:\documents and settings\Bjorn Hamburg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-667bcfcf-n\msvcp71.dll 2010-05-23 14:16 . 2010-05-23 14:16 499712 ----a-w- c:\documents and settings\Bjorn Hamburg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-667bcfcf-n\jmc.dll 2010-05-23 14:16 . 2010-05-23 14:16 348160 ----a-w- c:\documents and settings\Bjorn Hamburg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-667bcfcf-n\msvcr71.dll 2010-05-23 14:16 . 2010-05-23 14:16 61440 ----a-w- c:\documents and settings\Bjorn Hamburg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11243969-n\decora-sse.dll 2010-05-23 14:16 . 2010-05-23 14:16 12800 ----a-w- c:\documents and settings\Bjorn Hamburg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-11243969-n\decora-d3d.dll 2008-08-20 23:14 . 2008-05-15 19:11 2619 ----a-w- c:\program files\torrentbytes.txt 2008-03-15 13:25 . 2008-02-25 22:39 72 --sh--w- c:\windows\SA26FAF3F.tmp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576] "CTxfiHlp"="CTXFIHLP.EXE" [2008-08-06 23040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bjorn Hamburg^Menu Start^Programma's^Opstarten^Logitech . Productregistratie.lnk] path=c:\documents and settings\Bjorn Hamburg\Menu Start\Programma's\Opstarten\Logitech . Productregistratie.lnk backup=c:\windows\pss\Logitech . Productregistratie.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2008-02-06 10:06 89024 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 11:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] 2007-03-05 11:57 1103480 ----a-w- c:\program files\IGN\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] 2006-10-30 12:44 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] 2006-10-30 12:44 36864 ----a-r- c:\windows\JM\JMInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2004-12-10 10:45 49152 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-12-20 06:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler] 2010-05-13 03:59 604032 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2006-07-13 06:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2006-12-18 20:34 868352 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] 2005-10-27 14:01 139264 ----a-w- c:\program files\Multimedia Card Reader\shwicon2k.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\mIRC2\\mirc.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Steam\\steamapps\\brmhamburg@hotmail.com\\counter-strike\\hl.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\{722B4A13-F24D-43AE-8813-5DB82C0B23C2}\\setup\\hpznui01.exe"= "c:\\Program Files\\StarCraft II\\StarCraft II.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29-9-2009 13:02 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29-9-2009 13:05 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29-9-2009 13:03 735960] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] R2 WMP300NSvc;WMP300NSvc;c:\program files\Linksys\WMP300N\WLService.exe [8-11-2008 17:21 53307] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [16-1-2009 17:27 198168] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [16-1-2009 17:27 1353240] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [16-1-2009 17:27 73752] R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [16-1-2009 17:27 1221144] R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [8-8-2009 13:44 2048] R3 WMP300Nv2;Linksys Wireless-N PCI Adapter WMP300Nv2 Service;c:\windows\system32\drivers\WMP300Nv2.sys [11-10-2008 19:48 1297824] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25-6-2010 10:47 136176] S3 ConicG;ConicG Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ConicG.sys --> c:\windows\system32\DRIVERS\ConicG.sys [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [16-1-2009 17:25 79360] S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [16-1-2009 17:32 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [16-1-2009 17:27 198168] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [16-1-2009 17:27 1353240] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [16-1-2009 17:27 73752] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [28-8-2009 18:36 36608] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24-11-2008 23:31 29263712] S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [13-11-2008 11:52 24576] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [19-8-2007 16:04 223128] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18-8-2007 18:57 685816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 08:47] 2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 08:47] 2010-08-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2010-08-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Bjorn Hamburg\Application Data\Mozilla\Firefox\Profiles\zv8a8a4b.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-nwiz - nwiz.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-07 13:32 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="a" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-343818398-688789844-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:84,5a,ff,be,79,95,c4,e0,10,00,3f,3b,a8,a7,f0,4f,b7,6f,76,d5,81,b8,96, 74,91,b5,78,9d,b5,f5,72,30,9b,ab,89,87,52,c3,c2,30,42,e8,4d,fc,79,45,f4,35,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-343818398-688789844-839522115-1004\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "datasecu"=hex:78,c8,6a,de,5c,04,19,c9,b8,89,6c,92,01,b1,c3,83,a7,5e,6c,2d,41, 33,d6,69,7d,46,03,0d,5e,b6,92,97,fb,8e,a8,5c,28,53,64,b7,7f,b6,1c,15,f9,15,\ "rkeysecu"=hex:9e,f6,24,6b,d5,c7,93,b8,5d,24,d9,09,3c,4d,4b,31 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ
  15. Bigglet
    Hi there MB users! I was redirected here by one of your members after I had to run a few scans etc. Malware scan didn't reveal anything, nor did my NOD32 AV, CCleaner, JV16 powertools etc. I ran the scans I was told to if the problem still persisted, and GMER came up with a rootkit in iexplore.exe which is hidden and not to be seen in taskmanager. Very well; the DDS.txt log posted in this message: DDS (Ver_10-03-17.01) - NTFSx86 Run by Bjorn Hamburg at 3:07:34,60 on za 07-08-2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1229 [GMT 2:00] AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe svchost.exe 4 C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Volume Panel\VolPanlu.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\ctfmon.exe svchost.exe 4 svchost.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Linksys\WMP300N\WLService.exe C:\Program Files\Linksys\WMP300N\WMP300N.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\ping.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Bjorn Hamburg\Bureaublad\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {555d4d79-4bd2-4094-a395-cfc534424a05} EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear mRun: [updReg] c:\windows\UpdReg.EXE mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [<NO NAME>] dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232201913609 DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232201787359 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll AppInit_DLLs: winmm.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll LSA: Notification Packages = :\windows\system32\srrstr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\bjornh~1\applic~1\mozilla\firefox\profiles\zv8a8a4b.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\ign\download manager\npfpdlm.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-1-16 198168] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-1-16 1353240] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-1-16 73752] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?] S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?] S3 ConicG;ConicG Wireless Network Adapter Service;c:\windows\system32\drivers\conicg.sys --> c:\windows\system32\drivers\ConicG.sys [?] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-1-16 198168] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-1-16 1353240] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-1-16 73752] =============== Created Last 30 ================ 2010-08-05 16:05:10 0 d-----w- c:\docume~1\bjornh~1\applic~1\Malwarebytes 2010-08-05 16:04:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-05 16:04:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-05 16:04:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-05 16:04:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-05 11:53:52 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-08-02 15:03:17 0 d--h--r- c:\documents and settings\bjorn hamburg\Onlangs geopend 2010-08-01 14:03:41 0 d-----w- c:\program files\StarCraft II 2010-08-01 12:01:35 0 d-----w- c:\program files\CCleaner 2010-07-28 19:58:00 0 d-----w- c:\program files\common files\Blizzard Entertainment 2010-07-28 19:58:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment 2010-07-28 19:56:42 0 d-----w- C:\StarCraft II 2010-07-27 17:54:12 754 ----a-w- c:\windows\WORDPAD.INI 2010-07-27 13:30:24 4175716 ----a-w- C:\fraglist.luar 2010-07-27 01:50:56 0 ----a-w- c:\documents and settings\bjorn hamburg\ntuser.tmp 2010-07-26 20:57:21 61440 ----a-w- c:\windows\system32\zIMF.DLL 2010-07-26 20:57:21 53248 ----a-w- c:\windows\system32\ZTAG.DLL 2010-07-22 16:37:49 0 d-----w- c:\docume~1\bjornh~1\applic~1\HpUpdate 2010-07-22 16:37:35 0 d-----w- c:\windows\Hewlett-Packard 2010-07-19 18:19:02 0 d-----w- c:\docume~1\bjornh~1\applic~1\UDC Profiles 2010-07-19 17:44:18 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG 2010-07-19 17:40:31 123904 ----a-w- c:\windows\system32\hpf3l70w.dll 2010-07-19 17:40:30 452408 ----a-r- c:\windows\system32\hpzids01.dll 2010-07-19 17:39:52 372736 ----a-r- c:\windows\system32\hppldcoi.dll 2010-07-19 17:39:52 315392 ----a-r- c:\windows\system32\hposc_p02a.dll 2010-07-19 17:39:52 309760 ----a-r- c:\windows\system32\difxapi.dll 2010-07-19 17:39:51 966656 ----a-r- c:\windows\system32\hpost_p02f.dll 2010-07-19 17:39:51 712704 ----a-r- c:\windows\system32\hposwia_p02f.dll 2010-07-19 17:39:50 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2010-07-19 17:39:50 6912 ----a-w- c:\windows\system32\drivers\serscan.sys 2010-07-19 17:38:57 703 ------w- c:\windows\hpomdl39.dat.temp 2010-07-19 11:33:55 0 d-----w- c:\program files\common files\HP 2010-07-19 11:33:38 0 d-----w- c:\program files\common files\Hewlett-Packard 2010-07-19 11:31:34 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-07-19 11:31:34 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-07-19 11:27:55 703 ------w- c:\windows\hpomdl39.dat 2010-07-19 11:27:55 204556 ----a-w- c:\windows\hpoins39.dat 2010-07-15 13:17:02 0 d-----w- c:\program files\HP 2010-07-13 21:46:07 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-11 14:14:42 0 d-----w- C:\eset_upd_3_(4800) 2010-07-11 11:40:17 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin 2010-07-11 11:40:17 22 --sha-w- c:\docume~1\bjornh~1\applic~1\Sys6925.Config Collection.sys 2010-07-11 11:39:47 0 d-----w- c:\program files\jv16 PowerTools 2010 2010-07-10 17:23:45 782336 ----a-r- c:\windows\system32\tmp665.tmp ==================== Find3M ==================== 2010-08-06 15:57:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-08-06 15:57:14 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-07-31 11:11:27 99 ----a-w- c:\documents and settings\bjorn hamburg\jagex_runescape_preferences2.dat 2010-07-31 11:11:23 41 ----a-w- c:\documents and settings\bjorn hamburg\jagex__preferences3.dat 2010-07-31 11:10:20 46 ----a-w- c:\documents and settings\bjorn hamburg\jagex_runescape_preferences.dat 2010-07-10 17:25:50 578476 ----a-w- c:\windows\system32\perfh013.dat 2010-07-10 17:25:50 118626 ----a-w- c:\windows\system32\perfc013.dat 2010-07-05 17:59:04 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2008-08-20 23:14:50 2619 ----a-w- c:\program files\torrentbytes.txt 2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe ============= FINISH: 3:09:11,85 =============== Attach.zip
  16. Bigglet
    Okay, so I read the thread and I saw the guy had a "iexplore.exe" running in the background. I have checked for this alot but it actually isn't running and therefore is not the problem. It's not random voices either, it's a soundfile that keeps repeating over and over. Now I moved back upstairs I still have had it play a few times, so it isn't a radio signal or whatever. I do wonder how it can possibly play while the system isn't logged on... who could have a possible explanation for that?
  17. Bigglet
    Hmm, I'll read that through in a moment, thanks. I'd like to add something else though, when I shut down my PC a few hours ago it started installing the windows updates, you know, it logs off and starts updating and shuts down afterwards. Well, after logging off and starting the update installation the sound came back once again, so that makes me wonder, what exactly is it then? It's not possible to play sounds at that moment is it? Could it have been radio signals after all? Now I moved back upstairs I haven't had it play, yet... Will see, maybe it was some shitty radio signal, will update tomorrow.
  18. Bigglet
    Hello there MB users! I'm new here and I just registered a few moments ago, now wonderring if you could assist me in finding and cleaning some trojan that is messing up my pc and my head. First of all; I'm running NOD32 antivirus with realtime protection etc. - no firewall and on a wireless home network with a router. Now; about 2 weeks ago the symptoms started, I can't remember doing anything unusual so I have no idea where this trojan (if at all a trojan) came from. I usually am able to work out this sort of stuff myself but this is a hard one. I'm pretty familiar with all the PC apps and even the registery and, ofcourse, taskmanager. My PC started playing a random soundfile 2 weeks ago, so I though I had a webbrowser streaming something or whatever and didn't think it'd be any harm. Shut down my webbrowser and it still kept playing. Rebooted PC and it was gone. Now I booted starcraft 2 (nothing to do with it, but yeah) and during a game it started playing again (some f***** anoying farm-sounds, sheep, goats, pigs, cows, you name it, they're all starring in the file). Obviously I knew something was wrong. I ran a NOD32 scan and it came up with a trojandownloader and 2 Unruy.AA trojans that were found - quarantained them, yet, the soundfile kept coming back. By now, 2 weeks later, the entire thing escalated and it now plays about every 2 minutes and repeats itself over and over and over again till it eventually shuts down somehow. Soon after it'll repeat and it drives me insane wanting to shoot myself. However, when I disable my internet connection it will not play a sound file, I do however hear clicks of some application trying to open, but nothing will happen, without internet I can't do my work etc though so it's no option leaving it off. I ran a safety-mode NOD32 scan, ran CCleaner, ran JV16 Powertools, ran Malwarebytes' Anti-Malware (even a full system scan) but nothing is found! Nothing unusual in my taskmanager, but there are, in my view, too many svchost.exe's running, so I'm thinking it's hidden in there somewhere. Anyway, it still anoys me now and it is even playing while I am creating this topic. If any of you could assist me in cleaning this thing I would greatly appreciate it as I do not really want to reformat my 2 terrabytes of data and lose it. Any help is greatly appreciated, sorry for the wall of text but I want you to know as much about it as possible, this site really is my last resort as I tried pretty much everything else I know I can do. -Bigglet
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.