Software Sim Editor Feitian / internet Explorer

[Marcver]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:35:46, on 27/06/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\GreenPrint\gpsrdg01.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Frank\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0638A490-83D3-11D4-9A98-009027713462} (DinaTierraCtl.DinaTierra) - http://w3.mapya.es/dinatierra_v3/Redist/DinaTierraCtl.CAB

O16 - DPF: {E8A4D743-13C0-4E03-A2D9-0C92FE038200} (TragsatecRuntimeVB.TTecRuntimeVBCtl) - http://w3.mapya.es/dinatierra_v3/Redist/RuntimeVB.CAB

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: 3CX PhoneSystem Database Server - PostgreSQL Global Development Group - C:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe

O23 - Service: 3CX PhoneSystem Assistant Server (3CXAssistantServer) - 3CX Ltd - C:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe

O23 - Service: 3CX PhoneSystem Call History (3CXCallHistoryService) - 3CX - C:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe

O23 - Service: 3CX PhoneSystem Configuration Service (3CXCfgServ) - 3CX Ltd - C:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe

O23 - Service: 3CX PhoneSystem Conference Room (3CXConferenceRoom) - 3CX Software Ltd. - C:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe

O23 - Service: 3CX PhoneSystem FAX Server (3CXFAXSrv) - 3CX Software Ltd. - C:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe

O23 - Service: 3CX PhoneSystem Digital Receptionist (3CXIvr) - 3CX Software Ltd. - C:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe

O23 - Service: 3CX PhoneSystem Media Server (3CXMediaServer) - 3CX Software Ltd. - C:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe

O23 - Service: 3CX PhoneSystem Parking Orbit (3CXParkOrbit) - 3CX Software Ltd. - C:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe

O23 - Service: 3CX PhoneSystem (3CXPhoneSystem) - 3CX Software Ltd. - C:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe

O23 - Service: 3CX PhoneSystem Queue Manager (3CXQueueManager) - 3CX Ltd. - C:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe

O23 - Service: 3CX PhoneSystem SIP/RTP Tunneling Proxy (3CXTunnel) - 3CX Software Ltd. - C:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe

O23 - Service: 3CX PhoneSystem Voicemail Manager (3CXVBoxMgr) - 3CX - C:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe

O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium - C:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: GreenPrint - GreenPrint Technologies LLC. - C:\Program Files\GreenPrint\GPSRHT01.exe

O23 - Service: Servicio Google Update (gupdate1ca6074d716ad0) (gupdate1ca6074d716ad0) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Servicio HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Rezip - Unknown owner - C:\Windows\SYSTEM32\Rezip.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: Servicio de Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - C:\Windows\System32\svchost.exe

--

End of file - 24287 bytes

[kweezie wabbit]

Hoe staat het nu met het probleem?

[Marcver]

Ik moet even weg, rond 6 u 30 terug. dan kijk ik onmiddellijk en dan antwoord. Hartelijk dank

---------- Post toegevoegd om 05:59 ---------- Vorige post was om 05:47 ----------

Nog steeds hetzelfde.

[kweezie wabbit]

Dan zoeken we verder.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
  Klik hier
  Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  
• Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
  **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  
• Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.
  

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

[Marcver]

Het installeren van ComboFix lukt niet.

Eerst AVG uitgeschakeld, melding dat het niet lukte met AVG. Nadien AVG verwijderd, meerdere malen opnieuw, maar steeds de volgende melding, You cannot rename ComboFix as ComboFix (1). Please use another name , preferably made up of alphanumeric characters.

[Marcver]

Ik had ook nog spamfighter staan, na verwijdering, lukte de installatie van ComboFix, zie bijlage

ComboFix 11-06-28.05 - Frank 29/06/2011 11:39:55.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.3036.1091 [GMT 2:00]

Running from: c:\users\Frank\Documents\Downloads +++\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Frank\AppData\Roaming\EurekaLog

c:\windows\IsUn0413.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))

.

.

2100-02-08 14:03 . 2001-05-11 09:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe

2011-06-29 09:52 . 2011-06-29 09:52 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-06-29 09:52 . 2011-06-29 09:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-26 17:52 . 2011-06-26 17:52 -------- d-----w- c:\users\Frank\AppData\Local\{CD0F442E-8A5B-49EB-9900-147C23947519}

2011-06-26 05:51 . 2011-06-26 05:52 -------- d-----w- c:\users\Frank\AppData\Local\{D7D725B0-5A96-4210-BFB0-3D3283A57F2E}

2011-06-26 05:47 . 2011-06-26 05:47 -------- d-----w- c:\users\Frank\AppData\Local\{33625A55-488E-4B70-B837-74F118DCBD72}

2011-06-25 08:13 . 2011-06-25 08:13 -------- d-----w- c:\users\Frank\AppData\Local\{5E946715-5F98-4483-A08F-7D43A9D3DA1C}

2011-06-25 07:08 . 2011-06-25 07:08 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes

2011-06-25 07:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-25 07:07 . 2011-06-25 07:07 -------- d-----w- c:\programdata\Malwarebytes

2011-06-25 07:07 . 2011-06-25 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-25 07:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 05:35 . 2011-06-24 05:35 -------- d-----w- c:\users\Frank\AppData\Local\{1B6CE336-E5F7-4844-88A1-050AC3254096}

2011-06-23 08:10 . 2011-06-23 08:10 -------- d-----w- c:\users\Frank\AppData\Local\{A45BC8D0-5078-4011-8B27-741E840041AF}

2011-06-22 17:54 . 2011-06-22 17:54 -------- d-----w- c:\users\Frank\AppData\Local\{9E06A6FC-EC1A-4C43-BF48-30B7BCD8925E}

2011-06-22 12:46 . 2011-06-22 12:46 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-22 12:46 . 2011-06-22 12:46 -------- d-----w- c:\program files\Trend Micro

2011-06-22 03:13 . 2011-06-22 03:14 -------- d-----w- c:\users\Frank\AppData\Local\{A4F84049-CF36-47DD-A3D0-185DF86A1615}

2011-06-21 18:14 . 2011-06-23 12:06 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter

2011-06-21 17:46 . 2011-06-21 17:46 -------- d-----w- c:\users\Frank\AppData\Local\Conduit

2011-06-21 17:46 . 2011-06-21 17:46 -------- d-----w- c:\program files\Softonic_Netherlands

2011-06-21 15:44 . 2011-06-21 16:04 -------- d-----w- c:\users\Frank\AppData\Roaming\EBBE

2011-06-21 15:44 . 2011-06-21 15:44 -------- d-----w- c:\program files\Elcomsoft

2011-06-21 15:44 . 2011-06-21 15:44 -------- d-----w- c:\program files\Elcomsoft Password Recovery

2011-06-21 15:44 . 2011-06-21 15:44 -------- d-----w- c:\programdata\Elcomsoft Password Recovery

2011-06-21 12:05 . 2011-06-21 12:05 -------- d-----w- c:\users\Frank\AppData\Local\{22BC67E2-0828-4C7E-8472-19721AA5EF82}

2011-06-21 07:25 . 2011-06-21 07:25 -------- d-----w- c:\users\Frank\AppData\Local\{81A72C9B-ABCA-4F28-BDD9-B503767021C4}

2011-06-20 10:10 . 2011-06-20 10:10 -------- d-----w- c:\users\Frank\AppData\Local\{22B7B84B-D297-418B-912D-A1BD9985C80D}

2011-06-19 06:13 . 2011-06-19 06:13 -------- d-----w- c:\users\Frank\AppData\Local\{995A32D0-49C0-46C1-B4DE-9F5710521106}

2011-06-19 05:07 . 2011-06-19 05:07 161792 ----a-w- c:\windows\system32\msls31.dll

2011-06-19 05:07 . 2011-06-19 05:07 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-06-19 05:07 . 2011-06-19 05:07 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe

2011-06-19 05:07 . 2011-06-19 05:07 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe

2011-06-18 10:09 . 2011-06-18 10:09 -------- d-----w- c:\users\Frank\AppData\Local\{14E5EA49-517B-488F-B369-751DDD53CA14}

2011-06-18 09:50 . 2011-06-18 09:50 -------- d-----w- c:\users\Frank\AppData\Local\{2B10D6CB-BC08-425C-A735-44EF11A42AE8}

2011-06-18 07:08 . 2011-06-26 07:02 -------- d-----w- c:\users\Frank\AppData\Roaming\XnView

2011-06-18 07:07 . 2011-06-18 07:07 -------- d-----w- c:\program files\XnView

2011-06-16 03:35 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 03:35 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 03:35 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 03:35 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 03:35 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 03:35 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 03:35 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 03:35 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 03:35 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 03:33 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-16 03:24 . 2011-06-16 03:25 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-15 10:33 . 2011-06-15 10:33 -------- d-----w- c:\users\Frank\AppData\Local\{C74B001F-5487-4AE7-9935-C71724A469F5}

2011-06-14 16:06 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F8BF6A-6833-4388-9C21-350B6F5824EB}\mpengine.dll

2011-06-14 15:47 . 2011-06-14 15:47 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

2011-06-14 09:06 . 2011-06-14 09:06 -------- d-----w- c:\users\Frank\AppData\Local\{35B24467-6E0F-462B-AB18-BCF4F8AA791A}

2011-06-14 06:42 . 2011-06-14 06:42 -------- d-----w- c:\users\Frank\AppData\Local\{89F1A0D1-4E16-45D8-BF11-2B7A40933637}

2011-06-12 03:46 . 2011-06-12 03:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-11 16:17 . 2011-06-29 08:04 -------- d-----w- c:\users\Frank\AppData\Roaming\PrimoPDF

2011-06-11 16:17 . 2011-06-11 16:17 -------- d-----w- c:\program files\Common Files\Nitro PDF

2011-06-11 16:16 . 2011-06-12 03:40 -------- d-----w- c:\users\Frank\AppData\Local\OpenCandy

2011-06-11 16:16 . 2011-06-11 16:16 -------- d-----w- c:\users\Frank\AppData\Roaming\OpenCandy

2011-06-11 16:16 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll

2011-06-11 16:16 . 2011-06-11 16:17 -------- d-----w- c:\program files\Nitro PDF

2011-06-09 15:16 . 2011-06-09 15:16 -------- d-----w- c:\users\Frank\AppData\Local\{27237B24-1F61-4D20-9516-A139832E76EB}

2011-06-09 14:58 . 2011-06-09 14:58 -------- d-----w- c:\users\Frank\AppData\Roaming\PeerNetworking

2011-06-08 17:42 . 2011-06-08 17:42 -------- d-----w- c:\users\Frank\AppData\Local\{44FE6265-7CD3-48EA-8FEF-FBF0BBE18848}

2011-06-07 04:40 . 2011-06-07 04:40 -------- d-----w- c:\users\Frank\AppData\Local\{E367EF0E-3AA5-47FE-99A3-6202CD24B432}

2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-02 05:16 . 2011-05-23 18:31 330600 ----a-w- c:\windows\system32\HMIPCore.dll

2011-06-02 05:16 . 2011-06-02 08:02 -------- d-----w- c:\program files\Hide My IP

2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Frank\AppData\Local\{7D0720AC-C2F3-46C9-9A92-C4C9F6EE6900}

2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\Frank\AppData\Local\{028717E6-B076-48BB-816D-EB7247076E1C}

2011-05-31 06:18 . 2011-05-31 06:20 -------- d-----w- c:\windows\Freecorder

2011-05-31 06:18 . 2011-05-31 06:19 -------- d-----w- c:\program files\Freecorder

2011-05-30 11:41 . 2011-05-30 11:41 -------- d-----w- c:\users\Frank\AppData\Local\{6F5729F1-9FB7-483D-8199-15F2F3856E35}

2011-05-30 11:19 . 2011-05-30 11:19 -------- d-----w- c:\users\Frank\AppData\Local\{36F3B66E-037D-40E9-A4F4-F011377D3997}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 17:14 . 2011-04-16 19:34 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-04-14 19:28 . 2011-04-14 19:28 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-04 22:59 . 2011-04-04 22:59 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2001-05-08 14:36 . 2000-12-05 13:56 114688 ----a-w- c:\program files\lxarscan.dll

2011-04-14 16:57 . 2011-04-04 08:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-05-29 07:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

R2 3CXAssistantServer;3CX PhoneSystem Assistant Server;c:\program files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe [2011-01-04 571480]

R2 3CXCallHistoryService;3CX PhoneSystem Call History;c:\program files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe [2011-01-04 31832]

R2 3CXCfgServ;3CX PhoneSystem Configuration Service;c:\program files\3CX PhoneSystem\Bin\3CXSLDBServ.exe [2011-01-04 666712]

R2 3CXConferenceRoom;3CX PhoneSystem Conference Room;c:\program files\3CX PhoneSystem\Bin\3CXCP.exe [2011-01-04 2251864]

R2 3CXFAXSrv;3CX PhoneSystem FAX Server;c:\program files\3CX PhoneSystem\Bin\3CXFaxServer.exe [2011-01-04 2944088]

R2 3CXIvr;3CX PhoneSystem Digital Receptionist;c:\program files\3CX PhoneSystem\Bin\3CXIvrServer.exe [2011-01-04 3751000]

R2 3CXMediaServer;3CX PhoneSystem Media Server;c:\program files\3CX PhoneSystem\Bin\3CXMediaServer.exe [2011-01-04 1248344]

R2 3CXParkOrbit;3CX PhoneSystem Parking Orbit;c:\program files\3CX PhoneSystem\Bin\3CXPO.exe [2011-01-04 2202712]

R2 3CXPhoneSystem;3CX PhoneSystem;c:\program files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe [2011-01-04 3951704]

R2 3CXQueueManager;3CX PhoneSystem Queue Manager;c:\program files\3CX PhoneSystem\Bin\VCEHost.exe [2011-01-04 2166784]

R2 3CXVBoxMgr;3CX PhoneSystem Voicemail Manager;c:\program files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe [2011-01-04 35928]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca6074d716ad0;Servicio Google Update (gupdate1ca6074d716ad0);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 133104]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]

R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 133104]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 token;USB Token Service;c:\windows\system32\DRIVERS\eps2kt1.sys [2004-10-14 21888]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 Zsc;Zsc;c:\windows\system32\DRIVERS\Zsc.sys [2010-02-23 78336]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]

S1 Znf;Znf;c:\windows\system32\DRIVERS\Znf.sys [2010-06-16 49992]

S2 3CX PhoneSystem Database Server;3CX PhoneSystem Database Server;C:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe runservice -N 3CX PhoneSystem Database Server -D C:/Program Files/3CX PhoneSystem/Data/DB [x]

S2 3CXTunnel;3CX PhoneSystem SIP/RTP Tunneling Proxy;c:\program files\3CX PhoneSystem\Bin\3CXTunnel.exe [2011-01-04 1432664]

S2 AbyssWebServer;Abyss Web Server;c:\program files\3CX PhoneSystem\Bin\Webserver\abyssws.exe [2010-12-08 536122]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 GreenPrint;GreenPrint;c:\program files\GreenPrint\GPSRHT01.exe [2009-10-27 427048]

S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-08-12 13312]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-02-04 196912]

S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-04-28 9216]

S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]

S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2008-11-21 238464]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

yksvcs REG_MULTI_SZ yksvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\3CXAbyss Webserver Recycling.job

- c:\program files\3CX PhoneSystem\Bin\Webserver\3CXAbyss_recycling.bat [2010-12-10 13:59]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 13:04]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 13:04]

.

2011-01-04 c:\windows\Tasks\User_Feed_Synchronization-{470A3D83-E0FB-4CF9-B5E9-C46FE963AA37}.job

- c:\windows\system32\msfeedssync.exe [2011-06-19 05:06]

.

2011-06-26 c:\windows\Tasks\WebReg Deskjet D4100 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.1.5

DPF: {0638A490-83D3-11D4-9A98-009027713462} - hxxp://w3.mapya.es/dinatierra_v3/Redist/DinaTierraCtl.CAB

DPF: {E8A4D743-13C0-4E03-A2D9-0C92FE038200} - hxxp://w3.mapya.es/dinatierra_v3/Redist/RuntimeVB.CAB

FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ngjyuuj9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic Netherlands Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/webhp?sourceid=navclient-ff

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2603445&q=

.

.

------- File Associations -------

.

.reg=Regedit.Document

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-29 11:57

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\3CX PhoneSystem Database Server]

"ImagePath"="C:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe runservice -N \"3CX PhoneSystem Database Server\" -D \"C:/Program Files/3CX PhoneSystem/Data/DB\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\3CX PhoneSystem Database Server]

"ImagePath"="C:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe runservice -N \"3CX PhoneSystem Database Server\" -D \"C:/Program Files/3CX PhoneSystem/Data/DB\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,08,d4,ae,e3,5a,ae,41,86,08,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,08,d4,ae,e3,5a,ae,41,86,08,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-06-29 12:01:51

ComboFix-quarantined-files.txt 2011-06-29 10:01

.

Pre-Run: 151.381.487.616 bytes libres

Post-Run: 152.337.776.640 bytes libres

.

- - End Of File - - E7306A09D87A05C5D5E0498F0F323E3D

[Marcver]

juist even proef gedaan met Feitian via Explorer, maar nog steeds hetzelfde.

[kweezie wabbit]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Frank\AppData\Local\{CD0F442E-8A5B-49EB-9900-147C23947519}

c:\users\Frank\AppData\Local\{D7D725B0-5A96-4210-BFB0-3D3283A57F2E}

c:\users\Frank\AppData\Local\{33625A55-488E-4B70-B837-74F118DCBD72}

c:\users\Frank\AppData\Local\{5E946715-5F98-4483-A08F-7D43A9D3DA1C}

c:\users\Frank\AppData\Local\{1B6CE336-E5F7-4844-88A1-050AC3254096}

c:\users\Frank\AppData\Local\{A45BC8D0-5078-4011-8B27-741E840041AF}

c:\users\Frank\AppData\Local\{9E06A6FC-EC1A-4C43-BF48-30B7BCD8925E}

c:\users\Frank\AppData\Local\{A4F84049-CF36-47DD-A3D0-185DF86A1615}

c:\users\Frank\AppData\Local\{22BC67E2-0828-4C7E-8472-19721AA5EF82}

c:\users\Frank\AppData\Local\{81A72C9B-ABCA-4F28-BDD9-B503767021C4}

c:\users\Frank\AppData\Local\{22B7B84B-D297-418B-912D-A1BD9985C80D}

c:\users\Frank\AppData\Local\{995A32D0-49C0-46C1-B4DE-9F5710521106}

c:\users\Frank\AppData\Local\{14E5EA49-517B-488F-B369-751DDD53CA14}

c:\users\Frank\AppData\Local\{2B10D6CB-BC08-425C-A735-44EF11A42AE8}

c:\users\Frank\AppData\Local\{C74B001F-5487-4AE7-9935-C71724A469F5}

c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

c:\users\Frank\AppData\Local\{35B24467-6E0F-462B-AB18-BCF4F8AA791A}

c:\users\Frank\AppData\Local\{89F1A0D1-4E16-45D8-BF11-2B7A40933637}

c:\users\Frank\AppData\Local\{27237B24-1F61-4D20-9516-A139832E76EB}

c:\users\Frank\AppData\Local\{44FE6265-7CD3-48EA-8FEF-FBF0BBE18848}

c:\users\Frank\AppData\Local\{E367EF0E-3AA5-47FE-99A3-6202CD24B432}

c:\users\Frank\AppData\Local\{7D0720AC-C2F3-46C9-9A92-C4C9F6EE6900}

c:\users\Frank\AppData\Local\{028717E6-B076-48BB-816D-EB7247076E1C}

c:\users\Frank\AppData\Local\{6F5729F1-9FB7-483D-8199-15F2F3856E35}

c:\users\Frank\AppData\Local\{36F3B66E-037D-40E9-A4F4-F011377D3997}

Firefox::

FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ngjyuuj9.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[Marcver]

ComboFix 11-06-28.05 - Frank 29/06/2011 13:52:51.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.3036.1582 [GMT 2:00]

Running from: c:\users\Frank\Desktop\ComboFix.exe

Command switches used :: c:\users\Frank\Desktop\CFScript.txt..txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))

.

.

2100-02-08 14:03 . 2001-05-11 09:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe

2011-06-29 12:10 . 2011-06-29 12:10 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-06-29 12:10 . 2011-06-29 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-29 08:35 . 2011-06-29 08:35 -------- d-----w- c:\users\Frank\AppData\Local\{4C9999AC-27EA-4347-8522-5C9417313F76}

2011-06-26 17:52 . 2011-06-26 17:52 -------- d-----w- c:\users\Frank\AppData\Local\{CD0F442E-8A5B-49EB-9900-147C23947519}

2011-06-26 05:51 . 2011-06-26 05:52 -------- d-----w- c:\users\Frank\AppData\Local\{D7D725B0-5A96-4210-BFB0-3D3283A57F2E}

2011-06-26 05:47 . 2011-06-26 05:47 -------- d-----w- c:\users\Frank\AppData\Local\{33625A55-488E-4B70-B837-74F118DCBD72}

2011-06-25 08:13 . 2011-06-25 08:13 -------- d-----w- c:\users\Frank\AppData\Local\{5E946715-5F98-4483-A08F-7D43A9D3DA1C}

2011-06-25 07:08 . 2011-06-25 07:08 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes

2011-06-25 07:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-25 07:07 . 2011-06-25 07:07 -------- d-----w- c:\programdata\Malwarebytes

2011-06-25 07:07 . 2011-06-25 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-25 07:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 05:35 . 2011-06-24 05:35 -------- d-----w- c:\users\Frank\AppData\Local\{1B6CE336-E5F7-4844-88A1-050AC3254096}

2011-06-23 08:10 . 2011-06-23 08:10 -------- d-----w- c:\users\Frank\AppData\Local\{A45BC8D0-5078-4011-8B27-741E840041AF}

2011-06-22 17:54 . 2011-06-22 17:54 -------- d-----w- c:\users\Frank\AppData\Local\{9E06A6FC-EC1A-4C43-BF48-30B7BCD8925E}

2011-06-22 12:46 . 2011-06-22 12:46 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-22 12:46 . 2011-06-22 12:46 -------- d-----w- c:\program files\Trend Micro

2011-06-22 03:13 . 2011-06-22 03:14 -------- d-----w- c:\users\Frank\AppData\Local\{A4F84049-CF36-47DD-A3D0-185DF86A1615}

2011-06-21 18:14 . 2011-06-23 12:06 -------- d-----w- c:\program files\ABC Amber BlackBerry Converter

2011-06-21 17:46 . 2011-06-21 17:46 -------- d-----w- c:\users\Frank\AppData\Local\Conduit

2011-06-21 17:46 . 2011-06-21 17:46 -------- d-----w- c:\program files\Softonic_Netherlands

2011-06-21 15:44 . 2011-06-21 16:04 -------- d-----w- c:\users\Frank\AppData\Roaming\EBBE

2011-06-21 15:44 . 2011-06-21 15:44 -------- d-----w- c:\program files\Elcomsoft

2011-06-21 15:44 . 2011-06-21 15:44 -------- d-----w- c:\program files\Elcomsoft Password Recovery

2011-06-21 15:44 . 2011-06-21 15:44 -------- d-----w- c:\programdata\Elcomsoft Password Recovery

2011-06-21 12:05 . 2011-06-21 12:05 -------- d-----w- c:\users\Frank\AppData\Local\{22BC67E2-0828-4C7E-8472-19721AA5EF82}

2011-06-21 07:25 . 2011-06-21 07:25 -------- d-----w- c:\users\Frank\AppData\Local\{81A72C9B-ABCA-4F28-BDD9-B503767021C4}

2011-06-20 10:10 . 2011-06-20 10:10 -------- d-----w- c:\users\Frank\AppData\Local\{22B7B84B-D297-418B-912D-A1BD9985C80D}

2011-06-19 06:13 . 2011-06-19 06:13 -------- d-----w- c:\users\Frank\AppData\Local\{995A32D0-49C0-46C1-B4DE-9F5710521106}

2011-06-19 05:07 . 2011-06-19 05:07 161792 ----a-w- c:\windows\system32\msls31.dll

2011-06-19 05:07 . 2011-06-19 05:07 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-06-19 05:07 . 2011-06-19 05:07 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe

2011-06-19 05:07 . 2011-06-19 05:07 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe

2011-06-18 10:09 . 2011-06-18 10:09 -------- d-----w- c:\users\Frank\AppData\Local\{14E5EA49-517B-488F-B369-751DDD53CA14}

2011-06-18 09:50 . 2011-06-18 09:50 -------- d-----w- c:\users\Frank\AppData\Local\{2B10D6CB-BC08-425C-A735-44EF11A42AE8}

2011-06-18 07:08 . 2011-06-26 07:02 -------- d-----w- c:\users\Frank\AppData\Roaming\XnView

2011-06-18 07:07 . 2011-06-18 07:07 -------- d-----w- c:\program files\XnView

2011-06-16 03:35 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 03:35 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 03:35 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 03:35 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 03:35 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 03:35 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 03:35 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 03:35 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 03:35 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 03:33 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-16 03:24 . 2011-06-16 03:25 -------- d-----w- c:\program files\Common Files\Adobe

2011-06-15 10:33 . 2011-06-15 10:33 -------- d-----w- c:\users\Frank\AppData\Local\{C74B001F-5487-4AE7-9935-C71724A469F5}

2011-06-14 16:06 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F8BF6A-6833-4388-9C21-350B6F5824EB}\mpengine.dll

2011-06-14 15:47 . 2011-06-14 15:47 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

2011-06-14 09:06 . 2011-06-14 09:06 -------- d-----w- c:\users\Frank\AppData\Local\{35B24467-6E0F-462B-AB18-BCF4F8AA791A}

2011-06-14 06:42 . 2011-06-14 06:42 -------- d-----w- c:\users\Frank\AppData\Local\{89F1A0D1-4E16-45D8-BF11-2B7A40933637}

2011-06-12 03:46 . 2011-06-12 03:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-11 16:17 . 2011-06-29 08:04 -------- d-----w- c:\users\Frank\AppData\Roaming\PrimoPDF

2011-06-11 16:17 . 2011-06-11 16:17 -------- d-----w- c:\program files\Common Files\Nitro PDF

2011-06-11 16:16 . 2011-06-12 03:40 -------- d-----w- c:\users\Frank\AppData\Local\OpenCandy

2011-06-11 16:16 . 2011-06-11 16:16 -------- d-----w- c:\users\Frank\AppData\Roaming\OpenCandy

2011-06-11 16:16 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll

2011-06-11 16:16 . 2011-06-11 16:17 -------- d-----w- c:\program files\Nitro PDF

2011-06-09 15:16 . 2011-06-09 15:16 -------- d-----w- c:\users\Frank\AppData\Local\{27237B24-1F61-4D20-9516-A139832E76EB}

2011-06-09 14:58 . 2011-06-09 14:58 -------- d-----w- c:\users\Frank\AppData\Roaming\PeerNetworking

2011-06-08 17:42 . 2011-06-08 17:42 -------- d-----w- c:\users\Frank\AppData\Local\{44FE6265-7CD3-48EA-8FEF-FBF0BBE18848}

2011-06-07 04:40 . 2011-06-07 04:40 -------- d-----w- c:\users\Frank\AppData\Local\{E367EF0E-3AA5-47FE-99A3-6202CD24B432}

2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-02 05:16 . 2011-05-23 18:31 330600 ----a-w- c:\windows\system32\HMIPCore.dll

2011-06-02 05:16 . 2011-06-02 08:02 -------- d-----w- c:\program files\Hide My IP

2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Frank\AppData\Local\{7D0720AC-C2F3-46C9-9A92-C4C9F6EE6900}

2011-05-31 06:26 . 2011-05-31 06:26 -------- d-----w- c:\users\Frank\AppData\Local\{028717E6-B076-48BB-816D-EB7247076E1C}

2011-05-31 06:18 . 2011-05-31 06:20 -------- d-----w- c:\windows\Freecorder

2011-05-31 06:18 . 2011-05-31 06:19 -------- d-----w- c:\program files\Freecorder

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 17:14 . 2011-04-16 19:34 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-04-14 19:28 . 2011-04-14 19:28 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-04 22:59 . 2011-04-04 22:59 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2001-05-08 14:36 . 2000-12-05 13:56 114688 ----a-w- c:\program files\lxarscan.dll

2011-04-14 16:57 . 2011-04-04 08:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-05-29 07:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

R2 3CXAssistantServer;3CX PhoneSystem Assistant Server;c:\program files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe [2011-01-04 571480]

R2 3CXCallHistoryService;3CX PhoneSystem Call History;c:\program files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe [2011-01-04 31832]

R2 3CXCfgServ;3CX PhoneSystem Configuration Service;c:\program files\3CX PhoneSystem\Bin\3CXSLDBServ.exe [2011-01-04 666712]

R2 3CXConferenceRoom;3CX PhoneSystem Conference Room;c:\program files\3CX PhoneSystem\Bin\3CXCP.exe [2011-01-04 2251864]

R2 3CXFAXSrv;3CX PhoneSystem FAX Server;c:\program files\3CX PhoneSystem\Bin\3CXFaxServer.exe [2011-01-04 2944088]

R2 3CXIvr;3CX PhoneSystem Digital Receptionist;c:\program files\3CX PhoneSystem\Bin\3CXIvrServer.exe [2011-01-04 3751000]

R2 3CXMediaServer;3CX PhoneSystem Media Server;c:\program files\3CX PhoneSystem\Bin\3CXMediaServer.exe [2011-01-04 1248344]

R2 3CXParkOrbit;3CX PhoneSystem Parking Orbit;c:\program files\3CX PhoneSystem\Bin\3CXPO.exe [2011-01-04 2202712]

R2 3CXPhoneSystem;3CX PhoneSystem;c:\program files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe [2011-01-04 3951704]

R2 3CXQueueManager;3CX PhoneSystem Queue Manager;c:\program files\3CX PhoneSystem\Bin\VCEHost.exe [2011-01-04 2166784]

R2 3CXVBoxMgr;3CX PhoneSystem Voicemail Manager;c:\program files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe [2011-01-04 35928]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca6074d716ad0;Servicio Google Update (gupdate1ca6074d716ad0);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 133104]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]

R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 133104]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 token;USB Token Service;c:\windows\system32\DRIVERS\eps2kt1.sys [2004-10-14 21888]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 Zsc;Zsc;c:\windows\system32\DRIVERS\Zsc.sys [2010-02-23 78336]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]

S1 Znf;Znf;c:\windows\system32\DRIVERS\Znf.sys [2010-06-16 49992]

S2 3CX PhoneSystem Database Server;3CX PhoneSystem Database Server;C:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe runservice -N 3CX PhoneSystem Database Server -D C:/Program Files/3CX PhoneSystem/Data/DB [x]

S2 3CXTunnel;3CX PhoneSystem SIP/RTP Tunneling Proxy;c:\program files\3CX PhoneSystem\Bin\3CXTunnel.exe [2011-01-04 1432664]

S2 AbyssWebServer;Abyss Web Server;c:\program files\3CX PhoneSystem\Bin\Webserver\abyssws.exe [2010-12-08 536122]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 GreenPrint;GreenPrint;c:\program files\GreenPrint\GPSRHT01.exe [2009-10-27 427048]

S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-08-12 13312]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-02-04 196912]

S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-04-28 9216]

S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]

S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2008-11-21 238464]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

yksvcs REG_MULTI_SZ yksvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\3CXAbyss Webserver Recycling.job

- c:\program files\3CX PhoneSystem\Bin\Webserver\3CXAbyss_recycling.bat [2010-12-10 13:59]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 13:04]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 13:04]

.

2011-01-04 c:\windows\Tasks\User_Feed_Synchronization-{470A3D83-E0FB-4CF9-B5E9-C46FE963AA37}.job

- c:\windows\system32\msfeedssync.exe [2011-06-19 05:06]

.

2011-06-26 c:\windows\Tasks\WebReg Deskjet D4100 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.1.5

DPF: {0638A490-83D3-11D4-9A98-009027713462} - hxxp://w3.mapya.es/dinatierra_v3/Redist/DinaTierraCtl.CAB

DPF: {E8A4D743-13C0-4E03-A2D9-0C92FE038200} - hxxp://w3.mapya.es/dinatierra_v3/Redist/RuntimeVB.CAB

FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ngjyuuj9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/webhp?sourceid=navclient-ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-29 14:17

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\3CX PhoneSystem Database Server]

"ImagePath"="C:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe runservice -N \"3CX PhoneSystem Database Server\" -D \"C:/Program Files/3CX PhoneSystem/Data/DB\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\3CX PhoneSystem Database Server]

"ImagePath"="C:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe runservice -N \"3CX PhoneSystem Database Server\" -D \"C:/Program Files/3CX PhoneSystem/Data/DB\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,08,d4,ae,e3,5a,ae,41,86,08,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,08,d4,ae,e3,5a,ae,41,86,08,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(6124)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

c:\program files\3CX PhoneSystem\Bin\pgsql\bin\pg_ctl.exe

c:\program files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\3CX PhoneSystem\Bin\Webserver\adn\fcgidotnet_2_0.exe

c:\program files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe

c:\program files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe

c:\program files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe

c:\program files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\GreenPrint\gpsrdg01.exe

c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe

c:\program files\Samsung\Easy Display Manager\dmhkcore.exe

c:\program files\Samsung\EBM\EasyBatteryMgr3.exe

c:\windows\system32\conime.exe

.

**************************************************************************

.

Completion time: 2011-06-29 14:22:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-29 12:22

ComboFix2.txt 2011-06-29 10:01

.

Pre-Run: 152.226.742.272 bytes libres

Post-Run: 152.057.843.712 bytes libres

.

- - End Of File - - B9D7584DBB2AE7DC0E823ADE7E5A0A8D

[kweezie wabbit]

En wat is het resultaat?