Ga naar inhoud

PC start zeer traag op !!

David Dierickx

Door David Dierickx
in Archief Hardware algemeen

 Delen

Aanbevolen berichten

David Dierickx Leerling

David Dierickx

Geplaatst:
Geplaatst:

Beste mensen

Mijn PC start zéér traag op.

Opstarten duurt zelfs tot 20 à 25 minuten

Afsluiten gaat redelijk.

Vanaf de Log in begint het...

Wat heb ik allemaal al uitgevoerd:

Symantec virusscanner (niks gevonden)

AVG virusscanner (niks gevonden)

MalwareBytes (niks gevonden)

CCleaner (+/-90 threads gevonden en gefixt)

Tweaknow Regcleaner (nog eens 3 threads gevonden en gefixt)

Windows Defragmentatie uitgevoerd (kan niet alles terug goed zetten)

Heel veel rommelprogramma's, die niet relevant waren, uninstalled

Dan heb ik een HijackThis Log genomen.

Ik hoop dat er iemand van jullie mij kan helpen ...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:33:14, on 02/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\Prot_srv.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe

C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDClient\tmcsvc.exe

C:\PROGRA~1\LANDesk\LDClient\issuser.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe

c:\Program Files\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\LANDesk\LDClient\collector.exe

C:\WINDOWS\system32\pstartSr.exe

C:\Program Files\LANDesk\LDClient\softmon.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\TwinCAT\EventLogger\TcEventLogger.exe

C:\TwinCAT\TCATSysSrv.exe

C:\PROGRA~1\LANDesk\LDClient\rcgui.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Skynet.be - LE portail belge – DE Belgische portaalsite!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktop, Printers, Servers, and more

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = europroxy.emrsn.co.uk:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.controltechniques.com;192.186.1.100;<local>

R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe

O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O15 - Trusted Zone: http://lx-gbnew-app.controltechniques.ia.priv

O15 - Trusted Zone: http://lx-gbnew-tst.controltechniques.ia.priv

O15 - Trusted Zone: http://lx-gbnew-app.controltechniques.ia.priv (HKLM)

O15 - ESC Trusted Zone: http://runonce.msn.com

O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203422187479

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227783639184

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emrsn.org

O17 - HKLM\Software\..\Telephony: DomainName = emrsn.org

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emrsn.org

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emrsn.org

O17 - HKLM\System\CS2\Services\Tcpip\..\{0CE5E879-8E5F-4D40-A81C-2E9661431801}: NameServer = 129.111.0.5,129.111.1.14

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: Pointsec - Check Point Software Tech Ltd - C:\WINDOWS\system32\Prot_srv.exe

O23 - Service: Pointsec Service Start (Pointsec_start) - Check Point Software Tech Ltd - C:\WINDOWS\system32\pstartSr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exe

O23 - Service: TwinCAT System Service - BECKHOFF Automation - C:\TwinCAT\TCATSysSrv.exe

O23 - Service: VERISMIC PowerManager Client - VERISMIC Software - C:\Program Files\VERISMIC\PowerManager\Client\VERISMIC.PowerManager.ClientService.exe

--

End of file - 10960 bytes

met vriendelijke groeten

David

Link naar reactie
Delen op andere sites
  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Eerst een vraagje :

Zijn deze twee URL's bekend voor jou : emrsn.org en Control Techniques Global Home Page ? Laat dat even weten.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)

O15 - ESC Trusted Zone: http://runonce.msn.com

O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook

Klik op 'Fix checked' om de items te verwijderen.

Link naar reactie
Delen op andere sites
David Dierickx Leerling

David Dierickx

Geplaatst:
  • Auteur
Geplaatst: (aangepast)
Dubbelpost aub niet,

Als je iets wilt toevoegen of verwijderen doeje een edit.

Is de pc ook traag tijdens het gebruik?

Tim,

Sorry Tim

Er was een foutje opgetreden tijdens de eerste post

Nee de PC reageert normaal tijdens gewoon werken.

Nu nog een opmerking:

Soms als ik Ctrl + Alt + Del moet drukken om in te loggen als de pc net opgestart is

dan duurt het zeer lang vooraleer het scherm met de Username en het Password

te voorschijn komt.

Hier is echter geen regelmaat op, soms gaat dit wel vrijwel onmiddelijk

@Kape

De twee URL's lijken mij bekend van mijn werk

emrsn.org komt waarschijnlijk van Emerson

Control Techniques is een dochterfirma van Emerson

Ik heb gedaan wat je gevraagd hebt met HijackThis maar resultaat blijft hetzelfde

mvg

David

aangepast door David Dierickx
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites
David Dierickx Leerling

David Dierickx

Geplaatst:
  • Auteur
Geplaatst:

Heb ComboFix laten uitvoeren.

Ik kan jammer genoeg Symantec Endpoint Protection niet uitschakelen

De selectie Disable is niet toegankelijk.

Heb toch ComboFix uitgevoerd

ComboFix heeft alles uitgevoerd

tot het punt van van de logfile

toen is de computer gecrasht en heb ik hem zelf moeten herstarten

Heeft dan de volgende fout gegeven

Windows is hersteld van een ernstige fout (of zoiets)

BCCode : 1000008e BCP1 : 80000004 BCP2 : 8054B97F BCP3 : 9EE16888

BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Blijft traag opstarten

nog suggesties?

mvg

David

Link naar reactie
Delen op andere sites
David Dierickx Leerling

David Dierickx

Geplaatst:
  • Auteur
Geplaatst:

In veilige modus is het gelukt

Hier is de log

ComboFix 10-11-02.06 - dierda01 04/11/2010 0:12.3.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.743 [GMT 1:00]

Running from: c:\documents and settings\dierda01\Desktop\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Security

((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))

.

2010-11-03 07:33 . 2010-11-03 07:33 114688 ----a-w- c:\windows\system32\chg.exe

2010-11-02 10:28 . 2010-11-02 10:28 388096 ----a-r- c:\documents and settings\dierda01\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-11-01 19:28 . 2010-11-01 19:28 -------- d-----w- c:\documents and settings\dierda01\Application Data\AVG10

2010-11-01 19:26 . 2010-11-01 19:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2010-11-01 19:24 . 2010-11-01 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2010-11-01 19:19 . 2010-11-01 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2010-11-01 19:01 . 2010-11-01 19:01 -------- d-----w- c:\program files\CCleaner

2010-11-01 18:00 . 2010-11-01 18:03 -------- d-----w- c:\program files\TweakNow RegCleaner

2010-11-01 18:00 . 2010-11-01 18:00 -------- d-----w- c:\documents and settings\dierda01\Application Data\TweakNow RegCleaner

2010-10-14 06:49 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 06:49 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-14 06:49 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 06:49 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-25 11:49 . 2010-03-19 13:43 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-25 11:49 . 2010-04-21 12:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-22 14:00 . 2009-07-24 08:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-09-22 14:00 . 2009-07-24 08:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-09-18 10:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 21:32 . 2010-09-22 14:04 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2010-09-10 05:58 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-04-17 07:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2004-08-04 08:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2007-03-30 11:34 . 2007-08-03 13:06 25263144 ------w- c:\program files\Skype.exe

2006-12-11 19:58 . 2007-08-03 13:06 826936 ------w- c:\program files\blacklightrootkit.exe

2006-11-12 12:23 . 2007-08-03 13:06 174163 ------w- c:\program files\utorrent.exe

2006-11-09 06:29 . 2007-08-03 13:06 2198320 ------w- c:\program files\Procmon.exe

2006-11-01 12:07 . 2007-08-03 13:06 3623736 ------w- c:\program files\procexp.exe

2006-11-01 12:07 . 2007-10-31 12:04 363320 ------w- c:\program files\portmon.exe

2006-09-23 20:05 . 2007-08-03 13:06 340992 ------w- c:\program files\FolderSize.exe

2006-08-09 10:56 . 2007-08-03 13:06 1413120 ------w- c:\program files\WinsockXPFix.exe

2006-07-10 12:22 . 2007-08-03 13:06 398912 ------w- c:\program files\autoruns.exe

2006-07-10 12:21 . 2007-08-03 13:06 294912 ------w- c:\program files\autorunsc.exe

2006-06-27 22:05 . 2007-08-03 13:06 262144 ------w- c:\program files\xp-AntiSpy.exe

2006-03-24 10:33 . 2007-08-03 13:06 69632 ------w- c:\program files\Contig.exe

2006-02-18 01:50 . 2007-08-03 13:06 1024000 ------w- c:\program files\vncviewer.exe

2006-02-17 20:06 . 2007-08-03 13:06 12411150 ------w- c:\program files\YamiPod.exe

2006-02-01 15:02 . 2007-08-03 13:06 237651 ------w- c:\program files\RootkitRevealer.exe

2006-01-11 20:31 . 2007-08-03 13:06 992399 ------w- c:\program files\JHymn.exe

2005-12-04 18:00 . 2007-08-03 13:06 79384 ------w- c:\program files\xpy.exe

2005-10-27 07:57 . 2007-08-03 13:06 36864 ------w- c:\program files\sync.exe

2005-09-20 20:45 . 2007-08-03 13:06 49664 ------w- c:\program files\WMDecode.exe

2005-07-14 04:06 . 2007-08-03 13:06 98361 ------w- c:\program files\pagedfrg.exe

2005-06-30 01:07 . 2007-08-03 13:06 181776 ------w- c:\program files\handle.exe

2005-05-25 16:10 . 2007-08-03 13:06 784896 ------w- c:\program files\DoubleKiller.exe

2005-04-20 11:07 . 2007-08-03 13:06 106496 ------w- c:\program files\Tcpview.exe

2005-04-13 13:32 . 2007-08-03 13:06 186368 ------w- c:\program files\LSPFix.exe

2005-04-09 20:12 . 2007-08-03 13:06 32768 ------w- c:\program files\PPSFix.exe

2005-04-04 11:15 . 2007-08-03 13:06 53248 ------w- c:\program files\whois.exe

2005-03-24 11:56 . 2007-08-03 13:06 291792 ------w- c:\program files\vnc-4_1_1_viewer.exe

2005-03-24 11:56 . 2007-08-03 13:06 291792 ------w- c:\program files\realvncviewer.exe

2005-03-21 14:03 . 2007-08-03 13:06 345600 ------w- c:\program files\SafeXP.exe

2005-02-20 09:34 . 2007-08-03 13:06 865792 ------w- c:\program files\ExplorerXP.exe

2005-02-16 09:06 . 2007-08-03 13:06 218112 ------w- c:\program files\HijackThis.exe

2005-02-16 07:57 . 2007-08-03 13:06 45056 ------w- c:\program files\streams.exe

2005-02-13 12:43 . 2007-08-03 13:06 1013211 ------w- c:\program files\tv.exe

2005-02-01 12:48 . 2007-08-03 13:06 94208 ------w- c:\program files\WINOBJ.EXE

2005-01-28 21:23 . 2007-08-03 13:06 1036800 ------w- c:\program files\filmerit_21en.exe

2004-12-21 07:23 . 2007-08-03 13:06 65536 ------w- c:\program files\LISTDLLS.exe

2004-12-08 13:26 . 2007-08-03 13:06 49152 ------w- c:\program files\junction.exe

2004-12-01 15:27 . 2007-08-03 13:06 86016 ------w- c:\program files\pslist.exe

2004-11-29 16:43 . 2007-08-03 13:06 81920 ------w- c:\program files\sherlock2.0.exe

2004-11-21 07:26 . 2007-08-03 13:06 331776 ------w- c:\program files\emailcatcher.exe

2004-11-05 11:05 . 2007-08-03 13:06 81920 ------w- c:\program files\logonsessions.exe

2004-10-03 07:15 . 2007-08-03 13:06 253952 ------w- c:\program files\LockedCopy.exe

2004-09-22 14:46 . 2007-08-03 13:06 741421 ------w- c:\program files\Bginfo.exe

2004-09-15 09:39 . 2007-08-03 13:06 585728 ------w- c:\program files\OEView.exe

2004-08-26 12:04 . 2007-08-03 13:06 159795 ------w- c:\program files\ShareEnum.exe

2004-08-19 17:18 . 2007-08-03 13:06 343040 ------w- c:\program files\OptimumJPEG.exe

2004-08-08 14:10 . 2007-08-03 13:06 94208 ------w- c:\program files\tcpvcon.exe

2004-07-16 08:39 . 2007-08-03 13:06 135168 ------w- c:\program files\tweakol2003.exe

2004-06-22 13:14 . 2007-08-03 13:06 118784 ------w- c:\program files\Diskmon.exe

2004-03-20 23:47 . 2007-08-03 13:06 94208 ------w- c:\program files\tweakol.exe

2004-03-19 23:20 . 2007-08-03 13:06 98304 ------w- c:\program files\DetachOL.exe

2004-02-27 11:58 . 2007-08-03 13:06 45056 ------w- c:\program files\DriveZ.exe

2004-01-29 23:10 . 2007-08-03 13:06 208896 ------w- c:\program files\ConfigInspector.exe

2003-12-30 12:33 . 2007-08-03 13:06 253952 ------w- c:\program files\md5.exe

2003-12-20 19:57 . 2007-08-03 13:06 224256 ------w- c:\program files\fentun.exe

2003-07-17 10:19 . 2007-08-03 13:06 5632 ------w- c:\program files\wol.exe

2003-06-18 10:49 . 2007-08-03 13:06 406528 ------w- c:\program files\UnknownDeviceIdentifier.exe

2003-04-01 16:08 . 2007-08-03 13:06 16384 ------w- c:\program files\IP_Agent.exe

2003-03-20 15:43 . 2007-08-03 13:06 73728 ------w- c:\program files\DiskCheckup.exe

2003-02-21 07:31 . 2007-08-03 13:06 659456 ------w- c:\program files\VCD_PLAY.EXE

2003-02-10 09:07 . 2007-08-03 13:06 53028 ------w- c:\program files\netio.exe

2002-03-25 08:52 . 2007-08-03 13:06 644976 ------w- c:\program files\BootVis.exe

2002-03-19 15:30 . 2007-08-03 13:06 216576 ------w- c:\program files\PowerCalc.exe

2002-01-02 13:12 . 2007-08-03 13:06 410624 ------w- c:\program files\DNSQuery.exe

2001-08-23 23:00 . 2007-08-03 13:06 90112 ------w- c:\program files\PlacesBar Editor.exe

2001-03-04 16:01 . 2007-08-03 13:06 13824 ------w- c:\program files\IP2.exe

2001-02-21 19:03 . 2007-08-03 13:06 35840 ------w- c:\program files\base64.exe

2000-11-16 01:01 . 2007-08-03 13:06 210944 ------w- c:\program files\putty.exe

2000-07-29 06:20 . 2007-08-03 13:06 188416 ------w- c:\program files\TDIMON.EXE

2000-06-14 09:30 . 2007-08-03 13:06 872448 ------w- c:\program files\EZSMART.exe

2000-03-24 11:16 . 2007-08-03 13:06 617984 ------w- c:\program files\Dup.exe

1999-04-12 11:15 . 2007-08-03 13:06 236032 ------w- c:\program files\BINCHUNK.EXE

1998-08-02 22:53 . 2007-08-03 13:06 287232 ------w- c:\program files\syslog_server.exe

1998-05-10 16:43 . 2007-08-03 13:06 483840 ------w- c:\program files\SFV32W.exe

1997-07-09 11:53 . 2007-08-03 13:06 40960 ------w- c:\program files\MAPIMAIL.EXE

1997-04-04 15:04 . 2007-08-03 13:06 513536 ------w- c:\program files\TFTPd.exe

1996-11-20 16:35 . 2007-08-03 13:06 340480 ------w- c:\program files\hexedit.exe

1996-10-07 07:16 . 2007-08-03 13:06 114176 ------w- c:\program files\wsttcp.exe

1996-07-28 18:58 . 2007-08-03 13:06 14305 ------w- c:\program files\rawrite.exe

2009-12-25 10:12 203776 --sh--w- c:\windows\system32\unrar.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 292152]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-20 115560]

"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024]

"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-100122\Scripts\Logon\0\0]

"Script"=EnvVar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-100122\Scripts\Logon\1\0]

"Script"=IAEMACT-Logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-441436\Scripts\Logon\0\0]

"Script"=EnvVar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-1682526488-839522115-441436\Scripts\Logon\1\0]

"Script"=IAEMACT-Logon.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-01-05 16:36 872448 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\CBA\\pds.exe"=

"c:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"=

"%windir%\\system32\\msgsys.exe"=

"c:\\Program Files\\Foxit Software\\PDFEdit.exe"=

"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

"445:TCP"= 445:TCP:@xpsp2res.dll,-22005

"137:UDP"= 137:UDP:@xpsp2res.dll,-22001

"138:UDP"= 138:UDP:@xpsp2res.dll,-22002

"67:TCP"= 67:TCP:LANDesk® PXE TCP Port

"67:UDP"= 67:UDP:LANDesk® PXE UDP Port

"9535:TCP"= 9535:TCP:LANDesk® Remote Control Agent TCP Port

"9535:UDP"= 9535:UDP:LANDesk® Remote Control Agent UDP Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [22/02/2010 13:32 224816]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19/09/2006 17:58 36608]

S2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [10/11/2009 12:32 155648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]

S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [21/06/2009 07:59 3584]

S2 glpntdrv;glpntdrv;\??\c:\windows\system32\drivers\glpntdrv.sys --> c:\windows\system32\drivers\glpntdrv.sys [?]

S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [24/02/2010 15:11 139264]

S2 MSSQL$SQL_CTSELECT;SQL Server (SQL_CTSELECT);c:\program files\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 02:27 29262680]

S2 Peakcan;Peakcan;c:\windows\system32\drivers\Peakcan.sys [11/09/2008 15:15 87904]

S2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [22/02/2010 13:33 649776]

S2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [22/02/2010 13:33 231984]

S2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [24/02/2010 15:11 385024]

S2 SsfdcPp;Parallel Port Ssfdc Programmer Driver;c:\windows\system32\drivers\SsfdcPp.sys [30/09/2008 09:12 14604]

S2 TcCam;TwinCAT CAM Server;c:\twincat\Driver\TCCam.sys [17/04/2008 13:24 192563]

S2 TcEventLogger;TcEventLogger;c:\twincat\EventLogger\TcEventLogger.exe [17/04/2008 13:24 249932]

S2 TcIo;TwinCAT IO Server;c:\twincat\Driver\TcIo.sys [17/04/2008 13:24 1154048]

S2 TcPlc;TwinCAT IEC1131 Server;c:\twincat\Driver\TcPlc.sys [17/04/2008 13:24 390709]

S2 TcRouter;TwinCAT Router Server;c:\twincat\Driver\TCRouter.sys [17/04/2008 13:24 186880]

S2 TcRTime;TwinCAT Realtime Server;c:\twincat\Driver\TCRtime.sys [17/04/2008 13:24 138752]

S2 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [17/04/2008 13:24 622652]

S2 VERISMIC PowerManager Client;VERISMIC PowerManager Client;c:\program files\VERISMIC\PowerManager\Client\VERISMIC.PowerManager.ClientService.exe [26/03/2010 08:29 424960]

S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\ddcdrv.sys [13/08/2010 08:55 10240]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [16/03/2009 11:25 23888]

S3 ctndrvd;CTNet NT Driver;c:\windows\system32\drivers\ctndrv2.sys [06/08/2007 08:01 6488]

S3 CTNDRVWDM;CTNet Driver (WDM);c:\windows\system32\drivers\ctndrwdm.sys [03/10/2002 09:45 5145]

S3 DrvSnSht;DrvSnSht;\??\c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\DrvSnSht.sys --> c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\DrvSnSht.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 11:08 102448]

S3 IPCTYPE;IPCTYPE;\??\c:\documents and settings\All Users\Documents\Pro-face\GP-Pro EX 2.2\Simulator\IPCType.sys --> c:\documents and settings\All Users\Documents\Pro-face\GP-Pro EX 2.2\Simulator\IPCType.sys [?]

S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [08/01/2009 17:00 11904]

S3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [08/01/2009 17:00 3328]

S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [08/01/2009 17:00 3712]

S3 pcan_usb;PCAN-USB Device Driver;c:\windows\system32\drivers\pcan_usb.sys [01/03/2003 01:42 201175]

S3 PORTMON;PORTMON;\??\c:\program files\PORTMSYS.SYS --> c:\program files\PORTMSYS.SYS [?]

S3 R-ImageDisk;R-ImageDisk;\??\c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\R-ImageDisk.sys --> c:\docume~1\dierda01\LOCALS~1\Temp\RarSFX0\R-ImageDisk.sys [?]

S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\drivers\FTD2XX.sys [17/01/2010 18:05 29292]

S3 TrioUSB;TrioUSB;c:\windows\system32\drivers\TrioUSB.sys [25/10/2007 09:11 9984]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SRTSPL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 20:23 452136 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.skynet.be

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyServer = europroxy.emrsn.co.uk:80

uInternet Settings,ProxyOverride = www.controltechniques.com;192.186.1.100;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: ia.priv\lx-gbnew-app.controltechniques

Trusted Zone: ia.priv\lx-gbnew-tst.controltechniques

Trusted Zone: ia.priv\lx-gbnew-app.controltechniques

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-Symantec Antvirus

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-04 00:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1212)

c:\windows\system32\pssogina.dll

c:\windows\system32\LogonAgentAPI.dll

c:\windows\system32\msi.dll

- - - - - - - > 'explorer.exe'(268)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2010-11-04 00:20:31

ComboFix-quarantined-files.txt 2010-11-03 23:20

Pre-Run: 39,649,845,248 bytes free

Post-Run: 39,592,603,648 bytes free

- - End Of File - - 5323E1E7DFADFED0A5955B999F6A2DB2

mvg

David

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.