llle0zill

6 april 2009

OK,voor nog een keer ... hartelijk bedankt voor de moeite, Kape

misschien ik ga eens proberen met recovery CD dat hoop ik is gelukt ...

6 april 2009

ik kan niet verwijderen....

windows cannot find 'C:\windows\System32\winsetup63\'.make sure you typed the name correctly, and try again.

6 april 2009

Ja, die is nog steed verschijnen ... hoe ik moet deze oplossen

alvast bedankt Kape

6 april 2009

ComboFix 09-04-04.01 - le0zi 2009-04-06 13:30:16.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2938.1875 [GMT 2:00]

Running from: c:\users\le0zi\Desktop\ComboFix.exe

Command switches used :: c:\users\le0zi\Desktop\CFScript.txt

FILE ::

c:\windows\System32\winsetup63.exe

.

((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))

.

2009-04-06 09:14 . 2009-04-06 09:14 <DIR> d-------- c:\users\le0zi\AppData\Roaming\InterVideo

2009-04-06 01:37 . 2009-04-06 01:38 291,914,889 --a------ c:\windows\MEMORY.DMP

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\programdata\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-05 09:54 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-05 09:54 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-05 09:53 . 2009-04-05 09:53 <DIR> d-------- c:\program files\Trend Micro

2009-04-05 01:00 . 2009-04-05 15:57 <DIR> d-------- c:\program files\TagRename

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d----c--- c:\windows\System32\DRVSTORE

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-04-03 00:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-04-03 00:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-04-03 00:36 . 2009-04-03 08:45 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Symantec

2009-04-03 00:33 . 2009-04-03 08:37 <DIR> d-------- c:\program files\Norton 360

2009-04-03 00:31 . 2009-04-03 00:59 <DIR> d-------- c:\program files\Symantec

2009-04-03 00:31 . 2009-04-03 00:58 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS

2009-04-03 00:31 . 2009-04-03 00:58 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT

2009-04-03 00:31 . 2009-04-03 00:58 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF

2009-04-03 00:29 . 2009-04-03 00:59 <DIR> d-------- c:\users\All Users\Symantec

2009-04-03 00:29 . 2009-04-03 00:59 <DIR> d-------- c:\programdata\Symantec

2009-04-03 00:29 . 2009-04-03 01:01 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\users\le0zi\Tracing

2009-04-02 02:14 . 2009-04-02 02:20 <DIR> d-------- c:\program files\Microsoft Silverlight

2009-04-02 02:13 . 2009-04-02 02:13 <DIR> d-------- c:\program files\Microsoft Sync Framework

2009-04-02 02:12 . 2009-04-02 02:12 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-04-02 02:11 . 2009-04-02 11:26 <DIR> d-------- c:\program files\Microsoft

2009-04-02 02:10 . 2009-04-02 02:13 <DIR> d-------- c:\program files\Windows Live

2009-04-02 02:03 . 2009-04-02 02:03 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-04-02 00:17 . 2009-04-02 00:17 <DIR> d-------- c:\program files\TweakNow RegCleaner Professional

2009-04-01 23:59 . 2009-04-01 23:59 <DIR> d-------- c:\program files\Microsoft Visual Studio 8

2009-04-01 23:58 . 2009-04-02 00:04 <DIR> d-------- c:\program files\Microsoft Office(118)

2009-03-30 01:01 . 2009-04-02 11:52 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Winamp

2009-03-30 00:59 . 2009-03-30 00:59 3,702 --a------ c:\windows\poppers.exe

2009-03-29 20:09 . 2009-03-29 20:09 <DIR> d-------- c:\users\All Users\WebcamMax

2009-03-29 20:09 . 2009-03-29 20:09 <DIR> d-------- c:\programdata\WebcamMax

2009-03-29 01:55 . 2009-03-29 20:09 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Webcammax

2009-03-29 01:54 . 2009-03-29 02:01 <DIR> d-------- c:\program files\WebcamMax

2009-03-29 01:54 . 2008-03-11 15:14 941,784 --a------ c:\windows\System32\drivers\CAMTHWDM.sys

2009-03-29 01:49 . 2009-03-29 01:49 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Camfrog

2009-03-29 01:47 . 2009-03-29 01:47 <DIR> d-------- c:\program files\Camfrog

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Links

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Digital Asphyxia

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\users\All Users\Digital Asphyxia

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\programdata\Digital Asphyxia

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\users\All Users\Tarma Installer

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\programdata\Tarma Installer

2009-03-28 02:31 . 2009-03-30 01:07 <DIR> d-------- c:\program files\WinAmp

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\program files\Digital Asphyxia

2009-03-28 02:24 . 2009-03-28 02:30 <DIR> d-------- c:\users\le0zi\AppData\Roaming\YTK Enhanced

2009-03-28 02:18 . 2009-03-28 02:23 <DIR> d-------- c:\program files\YTK Enhanced

2009-03-28 02:08 . 2009-03-28 02:14 <DIR> d-------- c:\users\le0zi\AppData\Roaming\YTK Pro

2009-03-28 01:59 . 2009-03-28 01:59 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Yahoo!

2009-03-28 01:59 . 2009-03-28 01:59 360,448 --a------ c:\windows\System32\kdu_v32r.dll

2009-03-28 01:59 . 2009-03-28 01:59 274,432 --a------ c:\windows\System32\ywcvwr.dll

2009-03-28 01:59 . 2009-03-28 01:59 274,432 --a------ c:\windows\System32\yacscom.dll

2009-03-28 01:59 . 2009-03-28 01:59 253,952 --a------ c:\windows\System32\ywcupl.dll

2009-03-28 01:59 . 2009-03-28 01:59 204,800 --a------ c:\windows\System32\yuplapp.dll

2009-03-28 01:59 . 2009-03-28 01:59 200,704 --a------ c:\windows\System32\yacsui.dll

2009-03-28 01:59 . 2009-03-28 01:59 192,512 --a------ c:\windows\System32\yvwrctl.dll

2009-03-28 01:59 . 2009-03-28 01:59 137,184 --a------ c:\windows\System32\YCabby2.Form1.resources

2009-03-28 01:59 . 2009-03-28 01:59 15,360 --a------ c:\windows\System32\tsd32.dll

2009-03-28 01:59 . 2009-03-28 01:59 8,192 --a------ c:\windows\System32\tssoft32.acm

2009-03-28 01:59 . 2009-03-28 01:59 1,978 --a------ c:\windows\System32\YCabby2.Properties.Resources.resources

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\users\All Users\Yahoo!

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\programdata\Yahoo!

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\program files\Yahoo!

2009-03-28 00:34 . 2009-03-28 00:34 <DIR> d-------- c:\users\le0zi\AppData\Roaming\TuneUp Software

2009-03-28 00:34 . 2009-03-28 00:34 603,904 --a------ c:\windows\System32\TUProgSt.exe

2009-03-28 00:34 . 2009-03-28 00:34 362,240 --a------ c:\windows\System32\TuneUpDefragService.exe

2009-03-28 00:34 . 2008-11-12 17:44 27,904 --a------ c:\windows\System32\uxtuneup.dll

2009-03-28 00:34 . 2008-11-12 17:44 17,152 --a------ c:\windows\System32\authuitu.dll

2009-03-28 00:33 . 2009-03-28 00:33 <DIR> d-------- c:\users\All Users\TuneUp Software

2009-03-28 00:33 . 2009-03-28 00:33 <DIR> d-------- c:\programdata\TuneUp Software

2009-03-28 00:33 . 2009-03-28 00:34 <DIR> d-------- c:\program files\TuneUp Utilities 2009

2009-03-28 00:04 . 2009-03-28 00:04 <DIR> d-------- c:\program files\BitLord

2009-03-27 23:54 . 2009-03-28 00:33 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-27 23:54 . 2009-03-28 00:33 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-27 20:43 . 2009-03-27 20:43 <DIR> d-------- c:\program files\CCleaner

2009-03-27 06:00 . 2009-03-27 06:00 40 --ah----- c:\windows\System32\ivireg.ivr

2009-03-27 05:55 . 2009-03-27 05:55 <DIR> d-------- c:\program files\Common Files\InterVideo

2009-03-27 05:52 . 2009-03-27 05:55 <DIR> d-------- c:\program files\InterVideo

2009-03-27 05:50 . 2009-03-27 05:50 <DIR> d-------- C:\Documentation

2009-03-27 05:50 . 2009-03-27 05:50 0 --a------ c:\windows\VAIOUpdt.INI

2009-03-27 05:47 . 2008-10-21 19:52 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll

2009-03-27 05:46 . 2008-11-06 03:32 98,304 --a------ c:\windows\System32\VESWinlogon.dll

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Uninstall

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Sonic

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Uninstall

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Sonic

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Roxio

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\Skype

2009-03-27 05:41 . 2009-03-27 05:41 <DIR> d-------- c:\program files\Common Files\Sonic Shared

2009-03-27 05:41 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\Roxio Shared

2009-03-27 05:41 . 2008-08-30 01:23 129,520 --------- c:\windows\System32\pxafs.dll

2009-03-27 05:36 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Office Suite Activation Assistant

2009-03-27 05:35 . 2009-03-27 05:36 422 --a------ c:\windows\System32\mapisvc.inf

2009-03-27 05:34 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Small Business

2009-03-27 05:32 . 2009-04-02 12:04 <DIR> d-------- c:\program files\Microsoft SQL Server

2009-03-27 05:28 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Works

2009-03-27 05:27 . 2009-03-27 05:27 <DIR> d-------- c:\windows\PCHEALTH

2009-03-27 05:27 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft.NET

2009-03-27 05:26 . 2009-04-05 18:23 <DIR> d-------- c:\users\All Users\Microsoft Help

2009-03-27 05:26 . 2009-04-05 18:23 <DIR> d-------- c:\programdata\Microsoft Help

2009-03-27 05:25 . 2009-04-02 11:52 <DIR> dr-h----- C:\MSOCache

2009-03-27 05:19 . 2009-04-02 16:47 <DIR> d-------- c:\users\All Users\McAfee

2009-03-27 05:19 . 2009-04-02 16:47 <DIR> d-------- c:\programdata\McAfee

2009-03-27 05:18 . 2009-03-27 05:51 <DIR> d-------- c:\program files\Common Files\ArcSoft

2009-03-27 05:18 . 2009-03-27 05:51 <DIR> d-------- c:\program files\ArcSoft

2009-03-27 05:18 . 2005-04-28 01:36 245,408 --a------ c:\windows\System32\unicows.dll

2009-03-27 05:18 . 1995-07-31 22:44 212,480 --a------ c:\windows\System32\PCDLIB32.DLL

2009-03-27 05:18 . 2008-09-05 02:06 55,808 --a------ c:\windows\System32\ArcSoftKsUFilter.dll

2009-03-27 05:18 . 2008-04-24 23:06 17,920 --a------ c:\windows\System32\drivers\ArcSoftKsUFilter.sys

2009-03-27 05:17 . 2009-03-27 05:17 <DIR> d-------- c:\windows\System32\Macromed

2009-03-27 05:12 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\PX Storage Engine

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\windows\Sonysys

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\program files\Picasa2

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\program files\Big Fish Games Game Suite

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 22:05 --------- d-----w c:\program files\MSBuild

2009-03-28 09:53 --------- d-----w c:\programdata\Sony Corporation

2009-03-28 06:40 --------- d-----w c:\program files\Google

2009-03-28 00:43 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-27 03:55 --------- d-----w c:\program files\sony

2009-03-27 03:46 --------- d-----w c:\program files\Common Files\Sony Shared

2009-03-27 03:18 --------- d-----w c:\program files\Common Files\InstallShield

2009-03-26 22:22 --------- d-----w c:\program files\Windows Mail

2009-02-19 11:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys

2009-02-19 11:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat

2009-02-19 11:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys

2009-02-19 11:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys

2009-02-19 11:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys

2009-02-19 11:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys

2009-02-19 11:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys

2009-02-19 11:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys

2009-02-19 11:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2006-07-21 11:44 244,224 --sha-r c:\users\le0zi\AppData\Roaming\plugin.dat

2005-05-21 20:09 0 --sh--r c:\users\le0zi\AppData\Roaming\logs.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-04-06_ 1.16.49.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-04-05 23:07:45 1,751,960 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-04-05 23:58:11 222,560 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-04-05 23:08:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-04-06 05:18:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-04-05 23:08:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-04-06 05:18:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-04-05 23:10:21 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-04-06 05:19:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-04-06 05:19:24 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-04-05 23:16:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-04-06 05:20:01 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-04-06 05:20:01 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-04-05 23:08:47 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-04-06 11:26:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-05 23:08:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-06 11:26:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-05 23:08:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-04-06 11:26:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-05 22:52:06 123,374 ----a-w c:\windows\System32\perfc009.dat

+ 2009-04-06 05:26:13 123,374 ----a-w c:\windows\System32\perfc009.dat

- 2009-04-05 22:52:06 647,086 ----a-w c:\windows\System32\perfh009.dat

+ 2009-04-06 05:26:13 647,086 ----a-w c:\windows\System32\perfh009.dat

- 2009-04-05 23:10:41 8,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3337915833-3909974501-4074879784-1003_UserData.bin

+ 2009-04-06 05:20:55 8,284 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3337915833-3909974501-4074879784-1003_UserData.bin

- 2009-04-05 23:10:41 77,420 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-04-06 05:20:55 77,722 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-04-05 23:10:40 42,200 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-04-06 05:20:54 42,200 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-22 30192]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-11-06 03:32 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1C1BB25C-926A-4DD7-82B0-7F2373A5F7AC}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{A7D48CF0-1E56-4201-8F2D-FEC30F16F526}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{F41E5DCD-4A80-4E31-91E9-E9E08D2D9F22}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{A24B4733-BA29-42E9-9E41-BC470169230C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{446A1642-40FE-49F9-966E-7A071E38CB72}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{72D68F33-D58C-464B-A2D4-C473A3A740C0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{40E6F7DE-A303-454E-B025-8FE57821F1D1}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F84D401C-7E0A-43DE-AD08-5895C0220C87}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{52FF4FC1-9204-4D70-B191-C7E67739CAFA}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{8084222D-7CDE-4743-B371-E8E2D96BB458}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module

"UDP Query User{C3E2AAFD-EB18-46CE-BDB7-FD1675774657}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module

"TCP Query User{B60CB346-222E-4B5E-8BBA-B6B3A8F25056}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord

"UDP Query User{74E91D6A-C746-4176-934E-AF24EF4207D5}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090331.004\IDSvix86.sys [2009-04-03 272432]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [2009-03-29 941784]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]

R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2009-03-27 303104]

R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]

R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-22 104992]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-28 603904]

R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-27 104960]

R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\VAIO Power Management\SPMService.exe [2008-10-22 411488]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-12 446464]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-03-27 337184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [2009-03-27 17920]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-03 101936]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2008-10-22 9344]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]

S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-13 23888]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-22 30192]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\VAIO Media plus\SOHCImp.exe [2009-03-27 103712]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\VAIO Media plus\SOHDms.exe [2009-03-27 353568]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\VAIO Media plus\SOHDs.exe [2009-03-27 62752]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-03-27 83232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 17:28]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 13:33:08

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2009-04-06 13:35:41

ComboFix-quarantined-files.txt 2009-04-06 11:35:35

ComboFix2.txt 2009-04-06 09:39:15

ComboFix3.txt 2009-04-06 09:30:29

ComboFix4.txt 2009-04-05 23:18:05

Pre-Run: 176,241,496,064 bytes free

Post-Run: 176,210,624,512 bytes free

295 --- E O F --- 2009-04-02 10:11:08

5 april 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:52:59, on 4/6/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\sony\ISB Utility\ISBMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8084 bytes

5 april 2009

ComboFix 09-04-04.01 - le0zi 2009-04-06 1:14:29.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2938.1931 [GMT 2:00]

Running from: c:\users\le0zi\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\x64

.

((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))

.

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\programdata\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-05 09:54 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-05 09:54 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-05 09:53 . 2009-04-05 09:53 <DIR> d-------- c:\program files\Trend Micro

2009-04-05 03:16 . 2009-04-05 03:17 128,000 --a------ c:\windows\System32\winsetup63.exe