Ga naar inhoud

[OPGELOST] Windows Securty Alerts


Aanbevolen berichten

Hai iedereen, ik heb een problem help mij ....

Mijn HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:21:34, on 4/5/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\sony\ISB Utility\ISBMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\le0zi\AppData\Local\Temp\tuvSmnoo.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\le0zi\AppData\Local\Temp\qoMcbbXq.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O13 - Gopher Prefix:

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9605 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\le0zi\AppData\Local\Temp\tuvSmnoo.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\le0zi\AppData\Local\Temp\qoMcbbXq.dll,c

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Malwarebytes' Anti-Malware 1.35

Database version: 1940

Windows 6.0.6001 Service Pack 1

4/6/2009 00:51:54

mbam-log-2009-04-06 (00-51-54).txt

Scan type: Quick Scan

Objects scanned: 64671

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=======================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:58:50, on 4/6/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\sony\ISB Utility\ISBMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Home

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8929 bytes

Link naar reactie
Delen op andere sites

ComboFix 09-04-04.01 - le0zi 2009-04-06 1:14:29.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2938.1931 [GMT 2:00]

Running from: c:\users\le0zi\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\x64

.

((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))

.

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\programdata\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-05 09:54 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-05 09:54 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-05 09:53 . 2009-04-05 09:53 <DIR> d-------- c:\program files\Trend Micro

2009-04-05 03:16 . 2009-04-05 03:17 128,000 --a------ c:\windows\System32\winsetup63.exe

2009-04-05 01:00 . 2009-04-05 15:57 <DIR> d-------- c:\program files\TagRename

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d----c--- c:\windows\System32\DRVSTORE

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-04-03 00:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-04-03 00:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-04-03 00:36 . 2009-04-03 08:45 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Symantec

2009-04-03 00:33 . 2009-04-03 08:37 <DIR> d-------- c:\program files\Norton 360

2009-04-03 00:31 . 2009-04-03 00:59 <DIR> d-------- c:\program files\Symantec

2009-04-03 00:31 . 2009-04-03 00:58 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS

2009-04-03 00:31 . 2009-04-03 00:58 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT

2009-04-03 00:31 . 2009-04-03 00:58 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF

2009-04-03 00:29 . 2009-04-03 00:59 <DIR> d-------- c:\users\All Users\Symantec

2009-04-03 00:29 . 2009-04-03 00:59 <DIR> d-------- c:\programdata\Symantec

2009-04-03 00:29 . 2009-04-03 01:01 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\users\le0zi\Tracing

2009-04-02 02:14 . 2009-04-02 02:20 <DIR> d-------- c:\program files\Microsoft Silverlight

2009-04-02 02:13 . 2009-04-02 02:13 <DIR> d-------- c:\program files\Microsoft Sync Framework

2009-04-02 02:12 . 2009-04-02 02:12 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-04-02 02:11 . 2009-04-02 11:26 <DIR> d-------- c:\program files\Microsoft

2009-04-02 02:10 . 2009-04-02 02:13 <DIR> d-------- c:\program files\Windows Live

2009-04-02 02:03 . 2009-04-02 02:03 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-04-02 00:17 . 2009-04-02 00:17 <DIR> d-------- c:\program files\TweakNow RegCleaner Professional

2009-04-01 23:59 . 2009-04-01 23:59 <DIR> d-------- c:\program files\Microsoft Visual Studio 8

2009-04-01 23:58 . 2009-04-02 00:04 <DIR> d-------- c:\program files\Microsoft Office(118)

2009-03-30 01:01 . 2009-04-02 11:52 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Winamp

2009-03-30 00:59 . 2009-03-30 00:59 3,702 --a------ c:\windows\poppers.exe

2009-03-29 20:09 . 2009-03-29 20:09 <DIR> d-------- c:\users\All Users\WebcamMax

2009-03-29 20:09 . 2009-03-29 20:09 <DIR> d-------- c:\programdata\WebcamMax

2009-03-29 01:55 . 2009-03-29 20:09 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Webcammax

2009-03-29 01:54 . 2009-03-29 02:01 <DIR> d-------- c:\program files\WebcamMax

2009-03-29 01:54 . 2008-03-11 15:14 941,784 --a------ c:\windows\System32\drivers\CAMTHWDM.sys

2009-03-29 01:49 . 2009-03-29 01:49 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Camfrog

2009-03-29 01:47 . 2009-03-29 01:47 <DIR> d-------- c:\program files\Camfrog

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Links

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Digital Asphyxia

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\users\All Users\Digital Asphyxia

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\programdata\Digital Asphyxia

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\users\All Users\Tarma Installer

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\programdata\Tarma Installer

2009-03-28 02:31 . 2009-03-30 01:07 <DIR> d-------- c:\program files\WinAmp

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\program files\Digital Asphyxia

2009-03-28 02:24 . 2009-03-28 02:30 <DIR> d-------- c:\users\le0zi\AppData\Roaming\YTK Enhanced

2009-03-28 02:18 . 2009-03-28 02:23 <DIR> d-------- c:\program files\YTK Enhanced

2009-03-28 02:08 . 2009-03-28 02:14 <DIR> d-------- c:\users\le0zi\AppData\Roaming\YTK Pro

2009-03-28 01:59 . 2009-03-28 01:59 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Yahoo!

2009-03-28 01:59 . 2009-03-28 01:59 360,448 --a------ c:\windows\System32\kdu_v32r.dll

2009-03-28 01:59 . 2009-03-28 01:59 274,432 --a------ c:\windows\System32\ywcvwr.dll

2009-03-28 01:59 . 2009-03-28 01:59 274,432 --a------ c:\windows\System32\yacscom.dll

2009-03-28 01:59 . 2009-03-28 01:59 253,952 --a------ c:\windows\System32\ywcupl.dll

2009-03-28 01:59 . 2009-03-28 01:59 204,800 --a------ c:\windows\System32\yuplapp.dll

2009-03-28 01:59 . 2009-03-28 01:59 200,704 --a------ c:\windows\System32\yacsui.dll

2009-03-28 01:59 . 2009-03-28 01:59 192,512 --a------ c:\windows\System32\yvwrctl.dll

2009-03-28 01:59 . 2009-03-28 01:59 137,184 --a------ c:\windows\System32\YCabby2.Form1.resources

2009-03-28 01:59 . 2009-03-28 01:59 15,360 --a------ c:\windows\System32\tsd32.dll

2009-03-28 01:59 . 2009-03-28 01:59 8,192 --a------ c:\windows\System32\tssoft32.acm

2009-03-28 01:59 . 2009-03-28 01:59 1,978 --a------ c:\windows\System32\YCabby2.Properties.Resources.resources

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\users\All Users\Yahoo!

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\programdata\Yahoo!

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\program files\Yahoo!

2009-03-28 00:34 . 2009-03-28 00:34 <DIR> d-------- c:\users\le0zi\AppData\Roaming\TuneUp Software

2009-03-28 00:34 . 2009-03-28 00:34 603,904 --a------ c:\windows\System32\TUProgSt.exe

2009-03-28 00:34 . 2009-03-28 00:34 362,240 --a------ c:\windows\System32\TuneUpDefragService.exe

2009-03-28 00:34 . 2008-11-12 17:44 27,904 --a------ c:\windows\System32\uxtuneup.dll

2009-03-28 00:34 . 2008-11-12 17:44 17,152 --a------ c:\windows\System32\authuitu.dll

2009-03-28 00:33 . 2009-03-28 00:33 <DIR> d-------- c:\users\All Users\TuneUp Software

2009-03-28 00:33 . 2009-03-28 00:33 <DIR> d-------- c:\programdata\TuneUp Software

2009-03-28 00:33 . 2009-03-28 00:34 <DIR> d-------- c:\program files\TuneUp Utilities 2009

2009-03-28 00:04 . 2009-03-28 00:04 <DIR> d-------- c:\program files\BitLord

2009-03-27 23:54 . 2009-03-28 00:33 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-27 23:54 . 2009-03-28 00:33 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-27 20:43 . 2009-03-27 20:43 <DIR> d-------- c:\program files\CCleaner

2009-03-27 06:00 . 2009-03-27 06:00 40 --ah----- c:\windows\System32\ivireg.ivr

2009-03-27 05:55 . 2009-03-27 05:55 <DIR> d-------- c:\program files\Common Files\InterVideo

2009-03-27 05:52 . 2009-03-27 05:55 <DIR> d-------- c:\program files\InterVideo

2009-03-27 05:50 . 2009-03-27 05:50 <DIR> d-------- C:\Documentation

2009-03-27 05:50 . 2009-03-27 05:50 0 --a------ c:\windows\VAIOUpdt.INI

2009-03-27 05:47 . 2008-10-21 19:52 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll

2009-03-27 05:46 . 2008-11-06 03:32 98,304 --a------ c:\windows\System32\VESWinlogon.dll

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Uninstall

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Sonic

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Uninstall

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Sonic

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Roxio

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\Skype

2009-03-27 05:41 . 2009-03-27 05:41 <DIR> d-------- c:\program files\Common Files\Sonic Shared

2009-03-27 05:41 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\Roxio Shared

2009-03-27 05:41 . 2008-08-30 01:23 129,520 --------- c:\windows\System32\pxafs.dll

2009-03-27 05:36 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Office Suite Activation Assistant

2009-03-27 05:35 . 2009-03-27 05:36 422 --a------ c:\windows\System32\mapisvc.inf

2009-03-27 05:34 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Small Business

2009-03-27 05:32 . 2009-04-02 12:04 <DIR> d-------- c:\program files\Microsoft SQL Server

2009-03-27 05:28 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Works

2009-03-27 05:27 . 2009-03-27 05:27 <DIR> d-------- c:\windows\PCHEALTH

2009-03-27 05:27 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft.NET

2009-03-27 05:26 . 2009-04-05 18:23 <DIR> d-------- c:\users\All Users\Microsoft Help

2009-03-27 05:26 . 2009-04-05 18:23 <DIR> d-------- c:\programdata\Microsoft Help

2009-03-27 05:25 . 2009-04-02 11:52 <DIR> dr-h----- C:\MSOCache

2009-03-27 05:19 . 2009-04-02 16:47 <DIR> d-------- c:\users\All Users\McAfee

2009-03-27 05:19 . 2009-04-02 16:47 <DIR> d-------- c:\programdata\McAfee

2009-03-27 05:18 . 2009-03-27 05:51 <DIR> d-------- c:\program files\Common Files\ArcSoft

2009-03-27 05:18 . 2009-03-27 05:51 <DIR> d-------- c:\program files\ArcSoft

2009-03-27 05:18 . 2005-04-28 01:36 245,408 --a------ c:\windows\System32\unicows.dll

2009-03-27 05:18 . 1995-07-31 22:44 212,480 --a------ c:\windows\System32\PCDLIB32.DLL

2009-03-27 05:18 . 2008-09-05 02:06 55,808 --a------ c:\windows\System32\ArcSoftKsUFilter.dll

2009-03-27 05:18 . 2008-04-24 23:06 17,920 --a------ c:\windows\System32\drivers\ArcSoftKsUFilter.sys

2009-03-27 05:17 . 2009-03-27 05:17 <DIR> d-------- c:\windows\System32\Macromed

2009-03-27 05:12 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\PX Storage Engine

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\windows\Sonysys

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\program files\Picasa2

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\program files\Big Fish Games Game Suite

2009-03-27 05:04 . 2008-01-21 03:43 <DIR> dr------- c:\users\Default\Searches

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 22:05 --------- d-----w c:\program files\MSBuild

2009-03-28 09:53 --------- d-----w c:\programdata\Sony Corporation

2009-03-28 06:40 --------- d-----w c:\program files\Google

2009-03-28 00:43 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-27 03:55 --------- d-----w c:\program files\sony

2009-03-27 03:46 --------- d-----w c:\program files\Common Files\Sony Shared

2009-03-27 03:18 --------- d-----w c:\program files\Common Files\InstallShield

2009-03-26 22:22 --------- d-----w c:\program files\Windows Mail

2009-02-19 11:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys

2009-02-19 11:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat

2009-02-19 11:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys

2009-02-19 11:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys

2009-02-19 11:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys

2009-02-19 11:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys

2009-02-19 11:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys

2009-02-19 11:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys

2009-02-19 11:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2006-07-21 11:44 244,224 --sha-r c:\users\le0zi\AppData\Roaming\plugin.dat

2005-05-21 20:09 0 --sh--r c:\users\le0zi\AppData\Roaming\logs.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-22 30192]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-11-06 03:32 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1C1BB25C-926A-4DD7-82B0-7F2373A5F7AC}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{A7D48CF0-1E56-4201-8F2D-FEC30F16F526}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{F41E5DCD-4A80-4E31-91E9-E9E08D2D9F22}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{A24B4733-BA29-42E9-9E41-BC470169230C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{446A1642-40FE-49F9-966E-7A071E38CB72}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{72D68F33-D58C-464B-A2D4-C473A3A740C0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{40E6F7DE-A303-454E-B025-8FE57821F1D1}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F84D401C-7E0A-43DE-AD08-5895C0220C87}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{52FF4FC1-9204-4D70-B191-C7E67739CAFA}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{8084222D-7CDE-4743-B371-E8E2D96BB458}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module

"UDP Query User{C3E2AAFD-EB18-46CE-BDB7-FD1675774657}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module

"TCP Query User{B60CB346-222E-4B5E-8BBA-B6B3A8F25056}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord

"UDP Query User{74E91D6A-C746-4176-934E-AF24EF4207D5}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090331.004\IDSvix86.sys [2009-04-03 272432]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [2009-03-29 941784]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]

R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2009-03-27 303104]

R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]

R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-22 104992]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-28 603904]

R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-27 104960]

R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\VAIO Power Management\SPMService.exe [2008-10-22 411488]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-12 446464]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-03-27 337184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [2009-03-27 17920]

R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-13 23888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-03 101936]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2008-10-22 9344]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-22 30192]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\VAIO Media plus\SOHCImp.exe [2009-03-27 103712]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\VAIO Media plus\SOHDms.exe [2009-03-27 353568]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\VAIO Media plus\SOHDs.exe [2009-03-27 62752]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-03-27 83232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - g:\autorun\Autorun.exe

.

Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 17:28]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 01:16:27

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2009-04-06 1:18:04

ComboFix-quarantined-files.txt 2009-04-05 23:18:00

Pre-Run: 176,665,280,512 bytes free

Post-Run: 176,633,729,024 bytes free

264 --- E O F --- 2009-04-02 10:11:08

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:52:59, on 4/6/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\sony\ISB Utility\ISBMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8084 bytes

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\System32\winsetup63.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat meteen even weten of je popup nu verdwenen is ?

Link naar reactie
Delen op andere sites

ComboFix 09-04-04.01 - le0zi 2009-04-06 13:30:16.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2938.1875 [GMT 2:00]

Running from: c:\users\le0zi\Desktop\ComboFix.exe

Command switches used :: c:\users\le0zi\Desktop\CFScript.txt

FILE ::

c:\windows\System32\winsetup63.exe

.

((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))

.

2009-04-06 09:14 . 2009-04-06 09:14 <DIR> d-------- c:\users\le0zi\AppData\Roaming\InterVideo

2009-04-06 01:37 . 2009-04-06 01:38 291,914,889 --a------ c:\windows\MEMORY.DMP

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\programdata\Malwarebytes

2009-04-05 09:54 . 2009-04-05 09:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-05 09:54 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-05 09:54 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-05 09:53 . 2009-04-05 09:53 <DIR> d-------- c:\program files\Trend Micro

2009-04-05 01:00 . 2009-04-05 15:57 <DIR> d-------- c:\program files\TagRename

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d----c--- c:\windows\System32\DRVSTORE

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-04-03 00:57 . 2009-04-03 00:57 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-04-03 00:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-04-03 00:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-04-03 00:36 . 2009-04-03 08:45 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Symantec

2009-04-03 00:33 . 2009-04-03 08:37 <DIR> d-------- c:\program files\Norton 360

2009-04-03 00:31 . 2009-04-03 00:59 <DIR> d-------- c:\program files\Symantec

2009-04-03 00:31 . 2009-04-03 00:58 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS

2009-04-03 00:31 . 2009-04-03 00:58 10,635 --a------ c:\windows\System32\drivers\SYMEVENT.CAT

2009-04-03 00:31 . 2009-04-03 00:58 806 --a------ c:\windows\System32\drivers\SYMEVENT.INF

2009-04-03 00:29 . 2009-04-03 00:59 <DIR> d-------- c:\users\All Users\Symantec

2009-04-03 00:29 . 2009-04-03 00:59 <DIR> d-------- c:\programdata\Symantec

2009-04-03 00:29 . 2009-04-03 01:01 <DIR> d-------- c:\program files\Common Files\Symantec Shared

2009-04-02 02:15 . 2009-04-02 02:15 <DIR> d-------- c:\users\le0zi\Tracing

2009-04-02 02:14 . 2009-04-02 02:20 <DIR> d-------- c:\program files\Microsoft Silverlight

2009-04-02 02:13 . 2009-04-02 02:13 <DIR> d-------- c:\program files\Microsoft Sync Framework

2009-04-02 02:12 . 2009-04-02 02:12 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-04-02 02:11 . 2009-04-02 11:26 <DIR> d-------- c:\program files\Microsoft

2009-04-02 02:10 . 2009-04-02 02:13 <DIR> d-------- c:\program files\Windows Live

2009-04-02 02:03 . 2009-04-02 02:03 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-04-02 00:17 . 2009-04-02 00:17 <DIR> d-------- c:\program files\TweakNow RegCleaner Professional

2009-04-01 23:59 . 2009-04-01 23:59 <DIR> d-------- c:\program files\Microsoft Visual Studio 8

2009-04-01 23:58 . 2009-04-02 00:04 <DIR> d-------- c:\program files\Microsoft Office(118)

2009-03-30 01:01 . 2009-04-02 11:52 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Winamp

2009-03-30 00:59 . 2009-03-30 00:59 3,702 --a------ c:\windows\poppers.exe

2009-03-29 20:09 . 2009-03-29 20:09 <DIR> d-------- c:\users\All Users\WebcamMax

2009-03-29 20:09 . 2009-03-29 20:09 <DIR> d-------- c:\programdata\WebcamMax

2009-03-29 01:55 . 2009-03-29 20:09 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Webcammax

2009-03-29 01:54 . 2009-03-29 02:01 <DIR> d-------- c:\program files\WebcamMax

2009-03-29 01:54 . 2008-03-11 15:14 941,784 --a------ c:\windows\System32\drivers\CAMTHWDM.sys

2009-03-29 01:49 . 2009-03-29 01:49 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Camfrog

2009-03-29 01:47 . 2009-03-29 01:47 <DIR> d-------- c:\program files\Camfrog

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games

2009-03-28 02:43 . 2009-03-28 02:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Links

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Digital Asphyxia

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\users\All Users\Digital Asphyxia

2009-03-28 02:32 . 2009-03-28 02:32 <DIR> d-------- c:\programdata\Digital Asphyxia

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\users\All Users\Tarma Installer

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\programdata\Tarma Installer

2009-03-28 02:31 . 2009-03-30 01:07 <DIR> d-------- c:\program files\WinAmp

2009-03-28 02:31 . 2009-03-28 02:31 <DIR> d-------- c:\program files\Digital Asphyxia

2009-03-28 02:24 . 2009-03-28 02:30 <DIR> d-------- c:\users\le0zi\AppData\Roaming\YTK Enhanced

2009-03-28 02:18 . 2009-03-28 02:23 <DIR> d-------- c:\program files\YTK Enhanced

2009-03-28 02:08 . 2009-03-28 02:14 <DIR> d-------- c:\users\le0zi\AppData\Roaming\YTK Pro

2009-03-28 01:59 . 2009-03-28 01:59 <DIR> d-------- c:\users\le0zi\AppData\Roaming\Yahoo!

2009-03-28 01:59 . 2009-03-28 01:59 360,448 --a------ c:\windows\System32\kdu_v32r.dll

2009-03-28 01:59 . 2009-03-28 01:59 274,432 --a------ c:\windows\System32\ywcvwr.dll

2009-03-28 01:59 . 2009-03-28 01:59 274,432 --a------ c:\windows\System32\yacscom.dll

2009-03-28 01:59 . 2009-03-28 01:59 253,952 --a------ c:\windows\System32\ywcupl.dll

2009-03-28 01:59 . 2009-03-28 01:59 204,800 --a------ c:\windows\System32\yuplapp.dll

2009-03-28 01:59 . 2009-03-28 01:59 200,704 --a------ c:\windows\System32\yacsui.dll

2009-03-28 01:59 . 2009-03-28 01:59 192,512 --a------ c:\windows\System32\yvwrctl.dll

2009-03-28 01:59 . 2009-03-28 01:59 137,184 --a------ c:\windows\System32\YCabby2.Form1.resources

2009-03-28 01:59 . 2009-03-28 01:59 15,360 --a------ c:\windows\System32\tsd32.dll

2009-03-28 01:59 . 2009-03-28 01:59 8,192 --a------ c:\windows\System32\tssoft32.acm

2009-03-28 01:59 . 2009-03-28 01:59 1,978 --a------ c:\windows\System32\YCabby2.Properties.Resources.resources

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\users\All Users\Yahoo!

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\programdata\Yahoo!

2009-03-28 01:54 . 2009-03-28 01:54 <DIR> d-------- c:\program files\Yahoo!

2009-03-28 00:34 . 2009-03-28 00:34 <DIR> d-------- c:\users\le0zi\AppData\Roaming\TuneUp Software

2009-03-28 00:34 . 2009-03-28 00:34 603,904 --a------ c:\windows\System32\TUProgSt.exe

2009-03-28 00:34 . 2009-03-28 00:34 362,240 --a------ c:\windows\System32\TuneUpDefragService.exe

2009-03-28 00:34 . 2008-11-12 17:44 27,904 --a------ c:\windows\System32\uxtuneup.dll

2009-03-28 00:34 . 2008-11-12 17:44 17,152 --a------ c:\windows\System32\authuitu.dll

2009-03-28 00:33 . 2009-03-28 00:33 <DIR> d-------- c:\users\All Users\TuneUp Software

2009-03-28 00:33 . 2009-03-28 00:33 <DIR> d-------- c:\programdata\TuneUp Software

2009-03-28 00:33 . 2009-03-28 00:34 <DIR> d-------- c:\program files\TuneUp Utilities 2009

2009-03-28 00:04 . 2009-03-28 00:04 <DIR> d-------- c:\program files\BitLord

2009-03-27 23:54 . 2009-03-28 00:33 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-27 23:54 . 2009-03-28 00:33 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-03-27 20:43 . 2009-03-27 20:43 <DIR> d-------- c:\program files\CCleaner

2009-03-27 06:00 . 2009-03-27 06:00 40 --ah----- c:\windows\System32\ivireg.ivr

2009-03-27 05:55 . 2009-03-27 05:55 <DIR> d-------- c:\program files\Common Files\InterVideo

2009-03-27 05:52 . 2009-03-27 05:55 <DIR> d-------- c:\program files\InterVideo

2009-03-27 05:50 . 2009-03-27 05:50 <DIR> d-------- C:\Documentation

2009-03-27 05:50 . 2009-03-27 05:50 0 --a------ c:\windows\VAIOUpdt.INI

2009-03-27 05:47 . 2008-10-21 19:52 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll

2009-03-27 05:46 . 2008-11-06 03:32 98,304 --a------ c:\windows\System32\VESWinlogon.dll

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Uninstall

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Sonic

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\users\All Users\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Uninstall

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Sonic

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\programdata\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Skype

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Roxio

2009-03-27 05:42 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\Skype

2009-03-27 05:41 . 2009-03-27 05:41 <DIR> d-------- c:\program files\Common Files\Sonic Shared

2009-03-27 05:41 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\Roxio Shared

2009-03-27 05:41 . 2008-08-30 01:23 129,520 --------- c:\windows\System32\pxafs.dll

2009-03-27 05:36 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Office Suite Activation Assistant

2009-03-27 05:35 . 2009-03-27 05:36 422 --a------ c:\windows\System32\mapisvc.inf

2009-03-27 05:34 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Small Business

2009-03-27 05:32 . 2009-04-02 12:04 <DIR> d-------- c:\program files\Microsoft SQL Server

2009-03-27 05:28 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft Works

2009-03-27 05:27 . 2009-03-27 05:27 <DIR> d-------- c:\windows\PCHEALTH

2009-03-27 05:27 . 2009-04-02 11:52 <DIR> d-------- c:\program files\Microsoft.NET

2009-03-27 05:26 . 2009-04-05 18:23 <DIR> d-------- c:\users\All Users\Microsoft Help

2009-03-27 05:26 . 2009-04-05 18:23 <DIR> d-------- c:\programdata\Microsoft Help

2009-03-27 05:25 . 2009-04-02 11:52 <DIR> dr-h----- C:\MSOCache

2009-03-27 05:19 . 2009-04-02 16:47 <DIR> d-------- c:\users\All Users\McAfee

2009-03-27 05:19 . 2009-04-02 16:47 <DIR> d-------- c:\programdata\McAfee

2009-03-27 05:18 . 2009-03-27 05:51 <DIR> d-------- c:\program files\Common Files\ArcSoft

2009-03-27 05:18 . 2009-03-27 05:51 <DIR> d-------- c:\program files\ArcSoft

2009-03-27 05:18 . 2005-04-28 01:36 245,408 --a------ c:\windows\System32\unicows.dll

2009-03-27 05:18 . 1995-07-31 22:44 212,480 --a------ c:\windows\System32\PCDLIB32.DLL

2009-03-27 05:18 . 2008-09-05 02:06 55,808 --a------ c:\windows\System32\ArcSoftKsUFilter.dll

2009-03-27 05:18 . 2008-04-24 23:06 17,920 --a------ c:\windows\System32\drivers\ArcSoftKsUFilter.sys

2009-03-27 05:17 . 2009-03-27 05:17 <DIR> d-------- c:\windows\System32\Macromed

2009-03-27 05:12 . 2009-03-27 05:42 <DIR> d-------- c:\program files\Common Files\PX Storage Engine

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\windows\Sonysys

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\program files\Picasa2

2009-03-27 05:11 . 2009-03-27 05:11 <DIR> d-------- c:\program files\Big Fish Games Game Suite

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 22:05 --------- d-----w c:\program files\MSBuild

2009-03-28 09:53 --------- d-----w c:\programdata\Sony Corporation

2009-03-28 06:40 --------- d-----w c:\program files\Google

2009-03-28 00:43 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-27 03:55 --------- d-----w c:\program files\sony

2009-03-27 03:46 --------- d-----w c:\program files\Common Files\Sony Shared

2009-03-27 03:18 --------- d-----w c:\program files\Common Files\InstallShield

2009-03-26 22:22 --------- d-----w c:\program files\Windows Mail

2009-02-19 11:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys

2009-02-19 11:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat

2009-02-19 11:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys

2009-02-19 11:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys

2009-02-19 11:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys

2009-02-19 11:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys

2009-02-19 11:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys

2009-02-19 11:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys

2009-02-19 11:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2006-07-21 11:44 244,224 --sha-r c:\users\le0zi\AppData\Roaming\plugin.dat

2005-05-21 20:09 0 --sh--r c:\users\le0zi\AppData\Roaming\logs.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-04-06_ 1.16.49.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-04-05 23:07:45 1,751,960 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-04-05 23:58:11 222,560 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-04-05 23:08:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-04-06 05:18:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-04-05 23:08:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-04-06 05:18:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-04-05 23:10:21 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-04-06 05:19:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-04-06 05:19:24 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-04-05 23:16:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-04-06 05:20:01 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-04-06 05:20:01 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-04-05 23:08:47 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-04-06 11:26:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-05 23:08:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-06 11:26:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-05 23:08:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-04-06 11:26:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-05 22:52:06 123,374 ----a-w c:\windows\System32\perfc009.dat

+ 2009-04-06 05:26:13 123,374 ----a-w c:\windows\System32\perfc009.dat

- 2009-04-05 22:52:06 647,086 ----a-w c:\windows\System32\perfh009.dat

+ 2009-04-06 05:26:13 647,086 ----a-w c:\windows\System32\perfh009.dat

- 2009-04-05 23:10:41 8,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3337915833-3909974501-4074879784-1003_UserData.bin

+ 2009-04-06 05:20:55 8,284 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3337915833-3909974501-4074879784-1003_UserData.bin

- 2009-04-05 23:10:41 77,420 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-04-06 05:20:55 77,722 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-04-05 23:10:40 42,200 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-04-06 05:20:54 42,200 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-22 30192]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-11-06 03:32 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1C1BB25C-926A-4DD7-82B0-7F2373A5F7AC}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{A7D48CF0-1E56-4201-8F2D-FEC30F16F526}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{F41E5DCD-4A80-4E31-91E9-E9E08D2D9F22}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{A24B4733-BA29-42E9-9E41-BC470169230C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{446A1642-40FE-49F9-966E-7A071E38CB72}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{72D68F33-D58C-464B-A2D4-C473A3A740C0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{40E6F7DE-A303-454E-B025-8FE57821F1D1}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F84D401C-7E0A-43DE-AD08-5895C0220C87}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{52FF4FC1-9204-4D70-B191-C7E67739CAFA}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{8084222D-7CDE-4743-B371-E8E2D96BB458}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module

"UDP Query User{C3E2AAFD-EB18-46CE-BDB7-FD1675774657}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module

"TCP Query User{B60CB346-222E-4B5E-8BBA-B6B3A8F25056}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord

"UDP Query User{74E91D6A-C746-4176-934E-AF24EF4207D5}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090331.004\IDSvix86.sys [2009-04-03 272432]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [2009-03-29 941784]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]

R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2009-03-27 303104]

R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]

R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-22 104992]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-28 603904]

R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-27 104960]

R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\VAIO Power Management\SPMService.exe [2008-10-22 411488]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-12 446464]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-03-27 337184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [2009-03-27 17920]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-03 101936]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2008-10-22 9344]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]

S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-13 23888]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-22 30192]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\VAIO Media plus\SOHCImp.exe [2009-03-27 103712]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\VAIO Media plus\SOHDms.exe [2009-03-27 353568]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\VAIO Media plus\SOHDs.exe [2009-03-27 62752]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-03-27 83232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 17:28]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.nl/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 13:33:08

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2009-04-06 13:35:41

ComboFix-quarantined-files.txt 2009-04-06 11:35:35

ComboFix2.txt 2009-04-06 09:39:15

ComboFix3.txt 2009-04-06 09:30:29

ComboFix4.txt 2009-04-05 23:18:05

Pre-Run: 176,241,496,064 bytes free

Post-Run: 176,210,624,512 bytes free

295 --- E O F --- 2009-04-02 10:11:08

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.