tulp85
-
Items
45 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door tulp85
-
ComboFix 12-03-09.03 - steve 10/03/2012 3:33.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.3069.1722 [GMT 8:00] Running from: c:\users\steve\Desktop\ComboFix.exe Command switches used :: c:\users\steve\Desktop\CFScript.txt AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 ))))))))))))))))))))))))))))))) . . 2012-03-09 19:40 . 2012-03-09 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-06 19:58 . 2012-03-06 19:58 -------- d-----w- c:\program files\CCleaner 2012-03-03 04:28 . 2012-03-03 04:28 -------- d-----w- c:\program files\Application Updater 2012-03-03 03:51 . 2012-03-03 04:17 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-03-03 03:21 . 2012-03-03 03:31 -------- d-----w- C:\hitat 2012-03-03 03:05 . 2012-03-03 03:05 -------- d-----w- c:\users\steve\AppData\Roaming\Malwarebytes 2012-03-03 03:05 . 2012-03-07 10:13 -------- d-----w- c:\programdata\Malwarebytes 2012-03-03 03:05 . 2012-03-03 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-03 03:05 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-03 01:46 . 2012-03-03 01:46 -------- d-----w- c:\users\steve\AppData\Roaming\kodak 2012-02-21 17:52 . 2012-02-21 17:52 -------- d-----w- c:\programdata\Trymedia 2012-02-21 17:48 . 2012-02-21 17:48 -------- d-----w- c:\users\steve\AppData\Roaming\Jenkat 2012-02-10 04:29 . 2012-02-10 09:37 -------- d-----w- c:\program files\Real . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-10 04:29 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-01-25 18:00 . 2012-02-04 00:45 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2011-12-21 18:14 . 2012-02-04 00:45 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-12-12 00:17 . 2011-12-12 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-01-26 15:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-26 1811296] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "MediaGet2"="c:\users\steve\AppData\Local\MediaGet2\mediaget.exe" [2012-01-27 8109800] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2012-02-07 347008] "GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2012-02-07 347008] "GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2012-02-07 347008] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-26 939872] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-26 928096] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "ehTray.exe"=c:\windows\ehome\ehTray.exe "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe "DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "QPService"="c:\program files\HP\QuickPlay\QPService.exe" "hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 09:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-03-09 c:\windows\Tasks\FinalTorrent Update Checker.job - c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-09-16 07:24] . 2012-02-25 c:\windows\Tasks\HPCeeScheduleForsteve.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-07 19:58] . 2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E5780BE7-AE92-40D4-B551-0E0FC5CD97B6}.job - c:\windows\system32\msfeedssync.exe [2012-02-16 04:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.be/bravia/RegistrationAgent.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-10 03:40 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(924) c:\windows\system32\DPPWDFLT.dll . Completion time: 2012-03-10 03:42:18 ComboFix-quarantined-files.txt 2012-03-09 19:42 ComboFix2.txt 2012-03-09 10:13 ComboFix3.txt 2012-03-07 18:20 ComboFix4.txt 2012-03-07 16:25 . Pre-Run: 95,457,308,672 bytes free Post-Run: 95,449,178,112 bytes free . - - End Of File - - A4803FC7F1353C88FF9434D65C689F6C
-
wederom zie hij dat er een tread was maar ik heb hem niet verwijderd het is mieschien mogelijk dat de tijd dat combo aan het werk was, de tijd dat ik de scaner heb uitgeschakeld verstreken was. hier het log bestand van combofix ComboFix 12-03-09.03 - steve 09/03/2012 17:50:37.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.3069.1951 [GMT 8:00] Running from: c:\users\steve\Desktop\ComboFix.exe Command switches used :: c:\users\steve\Desktop\CFScript.txt AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Common Files\Spigot c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml c:\program files\Common Files\Spigot\Search Settings\config.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files\Common Files\Spigot\Search Settings\wth.dll c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\IE\5.0\config.ini c:\program files\Dealio Toolbar\Res\Lang\res1031.ini c:\program files\Dealio Toolbar\Res\Lang\res1033.ini c:\program files\Dealio Toolbar\Res\Lang\res1034.ini c:\program files\Dealio Toolbar\Res\Lang\res1036.ini c:\program files\Dealio Toolbar\Res\Lang\res1040.ini c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe c:\program files\PriceGong c:\program files\PriceGong\2.5.3\FF\chrome.manifest c:\program files\PriceGong\2.5.3\FF\chrome\content\options.js c:\program files\PriceGong\2.5.3\FF\chrome\content\options.xul c:\program files\PriceGong\2.5.3\FF\chrome\content\overlay.js c:\program files\PriceGong\2.5.3\FF\chrome\content\PriceGong.png c:\program files\PriceGong\2.5.3\FF\chrome\content\pricegong.xul c:\program files\PriceGong\2.5.3\FF\chrome\locale\en-US\overlay.dtd c:\program files\PriceGong\2.5.3\FF\chrome\locale\en-US\pricegong.dtd c:\program files\PriceGong\2.5.3\FF\chrome\skin\overlay.css c:\program files\PriceGong\2.5.3\FF\components\pg_inst.txt c:\program files\PriceGong\2.5.3\FF\components\PriceGong.xpt c:\program files\PriceGong\2.5.3\FF\components\PriceGongFF.dll c:\program files\PriceGong\2.5.3\FF\components\PriceGongFF_50.dll c:\program files\PriceGong\2.5.3\FF\components\PriceGongFF_60.dll c:\program files\PriceGong\2.5.3\FF\install.rdf c:\program files\PriceGong\2.5.3\PriceGong.crx c:\program files\PriceGong\uninst.exe c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico c:\users\steve\Taskmgr.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 ))))))))))))))))))))))))))))))) . . 2012-03-09 10:04 . 2012-03-09 10:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-06 19:58 . 2012-03-06 19:58 -------- d-----w- c:\program files\CCleaner 2012-03-03 04:28 . 2012-03-03 04:28 -------- d-----w- c:\program files\Application Updater 2012-03-03 03:51 . 2012-03-03 04:17 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-03-03 03:21 . 2012-03-03 03:31 -------- d-----w- C:\hitat 2012-03-03 03:05 . 2012-03-03 03:05 -------- d-----w- c:\users\steve\AppData\Roaming\Malwarebytes 2012-03-03 03:05 . 2012-03-07 10:13 -------- d-----w- c:\programdata\Malwarebytes 2012-03-03 03:05 . 2012-03-03 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-03 03:05 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-03 01:46 . 2012-03-03 01:46 -------- d-----w- c:\users\steve\AppData\Roaming\kodak 2012-02-21 17:52 . 2012-02-21 17:52 -------- d-----w- c:\programdata\Trymedia 2012-02-21 17:48 . 2012-02-21 17:48 -------- d-----w- c:\users\steve\AppData\Roaming\Jenkat 2012-02-10 04:29 . 2012-02-10 09:37 -------- d-----w- c:\program files\Real . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-10 04:29 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-01-25 18:00 . 2012-02-04 00:45 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2011-12-21 18:14 . 2012-02-04 00:45 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-12-12 00:17 . 2011-12-12 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-01-26 15:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-26 1811296] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "MediaGet2"="c:\users\steve\AppData\Local\MediaGet2\mediaget.exe" [2012-01-27 8109800] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2012-02-07 347008] "GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2012-02-07 347008] "GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2012-02-07 347008] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-26 939872] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-26 928096] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "ehTray.exe"=c:\windows\ehome\ehTray.exe "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe "DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe "facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe" /md I "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "QPService"="c:\program files\HP\QuickPlay\QPService.exe" "hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 09:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-03-09 c:\windows\Tasks\FinalTorrent Update Checker.job - c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-09-16 07:24] . 2012-02-25 c:\windows\Tasks\HPCeeScheduleForsteve.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-07 19:58] . 2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E5780BE7-AE92-40D4-B551-0E0FC5CD97B6}.job - c:\windows\system32\msfeedssync.exe [2012-02-16 04:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.be/bravia/RegistrationAgent.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-09 18:05 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(924) c:\windows\system32\DPPWDFLT.dll . Completion time: 2012-03-09 18:12:57 ComboFix-quarantined-files.txt 2012-03-09 10:12 ComboFix2.txt 2012-03-07 18:20 ComboFix3.txt 2012-03-07 16:25 . Pre-Run: 95,204,806,656 bytes free Post-Run: 95,151,464,448 bytes free . - - End Of File - - AD4EB8755ED2CDBAA9BFAF69F93D030F
-
als ik comfix gebruikt dan krijg ik meldingen van virusen moet ik die dan verwijderen of acepteren
-
alles werkt weer alleen heb ik nog het probleem wanneer ik de laptop oppstart:could not load or run c:\usser\steve\locals-1\temp\msevah.exe specified in the registry make sure this file exist on your computer or remove the reference to in the registry. nu ik heb het al geprobeert met de registry zelf daar kan ik het niet verwijderen,graag een ander oplossing maar niet met combofix want dan gaat het weer fout ik kan gelukig een herstel uit voeren. bvd
-
ik heb hem opnieuw opgestart en het is nog steeds het zelfde als bericht nr 18
-
als ik dat doe ben ik bang dat hij niet meer opstart omdat alle programa s zelf regedit het zelfde zegt
-
al mijn opstart programma zijn nu weg dit zijn de vermeldingen die ik krijg c:\programfiles\internet Explorer\explore.exe illegal operatio attempted on registry key that has been marked for deletion help
-
hoe sla ik dit op als cfscript
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fssfltr] "ImagePath"="system32\DRIVERS\fssfltr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fsssvc] "ImagePath"="\"c:\program files\Windows Live\Family Safety\fsssvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GameConsoleService] "ImagePath"="\"c:\program files\HP Games\My HP Game Console\GameConsoleService.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hcw85bda] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\CHDART.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth] "ImagePath"="system32\DRIVERS\hidbth.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr] "ImagePath"="\SystemRoot\system32\drivers\hidir.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb] "ImagePath"="\SystemRoot\system32\drivers\hidusb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HP Health Check Service] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs] "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpqKbFiltr] "ImagePath"="system32\DRIVERS\HpqKbFiltr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpqRemHid] "ImagePath"="system32\DRIVERS\HpqRemHid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpqwmiex] "ImagePath"="c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSFHWAZL] "ImagePath"="system32\DRIVERS\VSTAZL3.SYS" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSF_DPV] "ImagePath"="system32\DRIVERS\HSX_DPV.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSXHWAZL] "ImagePath"="system32\DRIVERS\HSXHWAZL.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp] "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStor] "ImagePath"="system32\DRIVERS\iaStor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverT] "ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide] "ImagePath"="system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi] "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid] "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService] "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector] "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService] "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mdmxsdk] "ImagePath"="system32\DRIVERS\mdmxsdk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR] "ImagePath"="\SystemRoot\system32\drivers\megasr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x] "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci] "ImagePath"="system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQL$MSSMLBIZ] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe\" -sMSSMLBIZ" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQLServerADHelper] "ImagePath"="\"c:\program files\Microsoft SQL Server\90\Shared\sqladhlp90.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETw4v32] "ImagePath"="system32\DRIVERS\NETw4v32.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVENETFD] "ImagePath"="system32\DRIVERS\nvm60x32.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm] "ImagePath"="system32\DRIVERS\nvlddmkm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm] "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia] "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Pml Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZipm12.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QPCapSvc] "ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe\"\00\00\00\00\00\00\00\00\00\00\02\00\00\00c:\program files\HP\QuickPlay\Kernel\TV\Ca" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QPSched] "ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe\"\00a\00y\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00Q\00P\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD] .
-
ik moet het in 3 delen sturen ComboFix 12-03-07.05 - steve 08/03/2012 0:00.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.3069.1703 [GMT 8:00] Running from: c:\users\steve\Desktop\ComboFix.exe AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFR5113.tmp c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\IE\5.0\config.ini c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\facebook.gif c:\program files\Dealio Toolbar\Res\googleplus.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\Lang\res1031.ini c:\program files\Dealio Toolbar\Res\Lang\res1033.ini c:\program files\Dealio Toolbar\Res\Lang\res1034.ini c:\program files\Dealio Toolbar\Res\Lang\res1036.ini c:\program files\Dealio Toolbar\Res\Lang\res1040.ini c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\radio-close.gif c:\program files\Dealio Toolbar\Res\radio-minimize.gif c:\program files\Dealio Toolbar\Res\radiobeta.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_baidu.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\search_yandex.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\twitter.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.png c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe c:\programdata\ntuser.dat c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico c:\users\steve\Taskmgr.exe c:\windows\system32\KBL.LOG . . ((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))) . . 2012-03-07 16:15 . 2012-03-07 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-06 19:58 . 2012-03-06 19:58 -------- d-----w- c:\program files\CCleaner 2012-03-03 04:28 . 2012-03-03 04:28 -------- d-----w- c:\program files\Application Updater 2012-03-03 04:28 . 2012-03-03 04:28 -------- d-----w- c:\program files\Common Files\Spigot 2012-03-03 03:51 . 2012-03-03 04:17 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-03-03 03:21 . 2012-03-03 03:31 -------- d-----w- C:\hitat 2012-03-03 03:05 . 2012-03-03 03:05 -------- d-----w- c:\users\steve\AppData\Roaming\Malwarebytes 2012-03-03 03:05 . 2012-03-07 10:13 -------- d-----w- c:\programdata\Malwarebytes 2012-03-03 03:05 . 2012-03-03 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-03 03:05 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-03 01:46 . 2012-03-03 01:46 -------- d-----w- c:\users\steve\AppData\Roaming\kodak 2012-02-21 17:52 . 2012-02-21 17:52 -------- d-----w- c:\programdata\Trymedia 2012-02-21 17:48 . 2012-02-21 17:48 -------- d-----w- c:\users\steve\AppData\Roaming\Jenkat 2012-02-21 17:43 . 2012-02-21 17:43 -------- d-----w- c:\program files\PriceGong 2012-02-10 04:29 . 2012-02-10 09:37 -------- d-----w- c:\program files\Real 2012-02-07 18:19 . 2012-03-07 16:16 -------- d-----w- c:\programdata\GameXN . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-10 04:29 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-01-25 18:00 . 2012-02-04 00:45 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2011-12-21 18:14 . 2012-02-04 00:45 151552 ----a-w- c:\windows\system32\ac3acm.acm 2011-12-12 00:17 . 2011-12-12 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-01-26 15:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-26 1811296] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "Load"=c:\users\steve\LOCALS~1\Temp\msevah.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart SetupExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "ehTray.exe"=c:\windows\ehome\ehTray.exe "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I "ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe "DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "QPService"="c:\program files\HP\QuickPlay\QPService.exe" "hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 09:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-03-07 c:\windows\Tasks\FinalTorrent Update Checker.job - c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-09-16 07:24] . 2012-02-25 c:\windows\Tasks\HPCeeScheduleForsteve.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-07 19:58] . 2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{E5780BE7-AE92-40D4-B551-0E0FC5CD97B6}.job - c:\windows\system32\msfeedssync.exe [2012-02-16 04:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Pavilion&pf=laptop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.be/bravia/RegistrationAgent.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-08 00:17 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m] "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx] "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8] "ImagePath"="system32\DRIVERS\amdk8.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ApfiltrService] "ImagePath"="system32\DRIVERS\Apfiltr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater] "ImagePath"="\"c:\program files\Application Updater\ApplicationUpdater.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ATSWPDRV] "ImagePath"="system32\DRIVERS\ATSwpDrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG Security Toolbar Service] "ImagePath"="c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd] "ImagePath"="system32\DRIVERS\avgfwd6x.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgfws] "ImagePath"="\"c:\program files\AVG\AVG10\avgfws.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent] "ImagePath"="\"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSEH] "ImagePath"="system32\DRIVERS\AVGIDSEH.Sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSFilter] "ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim] "ImagePath"="system32\DRIVERS\AVGIDSShim.Sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86] "ImagePath"="system32\DRIVERS\avgldx86.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86] "ImagePath"="system32\DRIVERS\avgmfx86.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86] "ImagePath"="system32\DRIVERS\avgrkx86.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix] "ImagePath"="system32\DRIVERS\avgtdix.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd] "ImagePath"="\"c:\program files\AVG\AVG10\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bandoo Coordinator] "ImagePath"="\"c:\program files\Bandoo\Bandoo.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BBSvc] "ImagePath"="\"c:\program files\Microsoft\BingBar\BBSvc.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BCM43XV] "ImagePath"="system32\DRIVERS\bcmwl6.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BcmSqlStartupSvc] "ImagePath"="\"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthEnum] "ImagePath"="system32\DRIVERS\BthEnum.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM] "ImagePath"="system32\DRIVERS\bthmodem.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthPan] "ImagePath"="system32\DRIVERS\bthpan.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT] "ImagePath"="System32\Drivers\BTHport.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthServ] "ServiceDll"="%SystemRoot%\System32\bthserv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHUSB] "ImagePath"="System32\Drivers\BTHUSB.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTKRNL] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwaudio] "ImagePath"="system32\drivers\btwaudio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwavdt] "ImagePath"="system32\drivers\btwavdt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwrchid] "ImagePath"="system32\DRIVERS\btwrchid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme] "ImagePath"="\??\c:\users\steve\AppData\Local\Temp\catchme.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass] "ImagePath"="\SystemRoot\system32\drivers\circlass.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt] "ImagePath"="system32\DRIVERS\CmBatt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CnxtHdAudService] "ImagePath"="system32\drivers\CHDRT32.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Com4Qlb] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot4] "ImagePath"="system32\DRIVERS\Dot4.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dot4Print] "ImagePath"="system32\DRIVERS\Dot4Prt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot4usb] "ImagePath"="system32\DRIVERS\dot4usb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DpHost] "ImagePath"="c:\program files\DigitalPersona\Bin\DpHostW.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabfiltr] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabusb] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart] "ServiceDll"="%SystemRoot%\ehome\ehstart.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
-
gaat ook niet in veilige mode
-
is niet mogelijk om te verwijderen (unable to delete all specified values)
-
ja hij staat er in de volgende fout maakt mijn brouwser ook als ik een een web page wil afsluiten relaod hij hem telkens een keer of 4 en dan sluit hij hem af.
-
ik geloof dat het er uit is maar nu krijg ik alleen deze melding could not load or run c:\users\steve\locals-1\Temp\msevah.exe specified in the registry
-
dit is mijn laatste scan Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:13:50 PM, on 6/3/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19190) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\System32\Narrator.exe C:\Windows\system32\sc.exe C:\Windows\system32\sc.exe C:\Windows\system32\sc.exe F:\HijackThis (1).exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = xinmsn | Singapore - Hotmail, Messenger, Free online News, Video, Photos, Movies, Entertainment, Sport & more.. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = xinmsn | Singapore - Hotmail, Messenger, Free online News, Video, Photos, Movies, Entertainment, Sport & more.. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing F3 - REG:win.ini: load=C:\Users\steve\LOCALS~1\Temp\msevah.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MediaGet2] C:\Users\steve\AppData\Local\MediaGet2\mediaget.exe --minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u O4 - HKCU\..\Run: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n O4 - HKCU\..\Run: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent O4 - HKCU\..\Run: [installIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} (WalkmanRegistrar Object) - http://www.sony.be/bravia/RegistrationAgent.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10637 bytes
-
niet alle items staan in de laast als ik de hijack heb uitgevoert
-
ik heb het keer op keer geprobeerd is er geen oplossing voor dit propleem? nadat ik mbam het werk laat doen vind hij een trojan maar hoe dan ook hij verwijderd hem niet. bvd
-
op het moment dat ik de eerste ' opdrachten uitvoer van uit start na de derde regel schakel my laptot uit wat te doen?
-
ik heb alles gedaan zoals beschreven maar het zit er nog steeds in help ik kan het programma mbam niet updaten daar ik in save mode de loptop moet opstarten na het uitvoeren van hijack this en mban heb ik nog steeds de virus hier onder plaats ik vederom het log bestand na uit voering van de opdrachten bvd
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:00:06 PM, on 3/3/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19190) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\System32\Narrator.exe F:\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = xinmsn | Singapore - Hotmail, Messenger, Free online News, Video, Photos, Movies, Entertainment, Sport & more.. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = xinmsn | Singapore - Hotmail, Messenger, Free online News, Video, Photos, Movies, Entertainment, Sport & more.. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll F3 - REG:win.ini: load=C:\Users\steve\LOCALS~1\Temp\msevah.exe O1 - Hosts: ::1 localhost O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.3\PriceGongIE.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.0\dealioToolbarIE.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MediaGet2] C:\Users\steve\AppData\Local\MediaGet2\mediaget.exe --minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u O4 - HKCU\..\Run: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n O4 - HKCU\..\Run: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent O4 - HKCU\..\Run: [installIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} (WalkmanRegistrar Object) - http://www.sony.be/bravia/RegistrationAgent.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14827 bytes
