Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Spybot-scan blijft hangen op Win32.Agent.pz

pimvandenderen
8 antwoorden
  • Spybot Search & Destroy 1.51.15 (up-to-date) blijft tijdens het scannen hangen op bot-check 30383/99983: Win32.Agent.pz

    Het scannen blijft dus op op een-derde hangen en kan niet voltooid worden.

    Ik heb al naar de symptomen van deze Win32.Agent.pz gekeken maar daarop afgaand lijk de computer er niet mee besmet. Verder kom ik wel tegen dat Spybot deze bot tegenkomt maar niet kan verwijderen. Zover kom ik dus niet omdat de scan blijft hangen.

    Met Ad-Aware vind ik niet maar volgens andere forums wordt deze bot ook niet door Ad-Aware gezien.

    Is mijn computer besmet? En hoe zorg ik ervoor dat Spybot niet meer blijft hangen?
  • Waarschijnlijk ben je besmet idd :(

    Download Hijackthis-setup naar je [u:22df3b285c]Bureaublad[/u:22df3b285c].

    Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
    Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
    Kies nu voor [b:22df3b285c]'Do a system scan and save a logfile'[/b:22df3b285c].
    Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:22df3b285c]ctrl-A[/b:22df3b285c]), kopieer ([b:22df3b285c]ctrl C[/b:22df3b285c]) en plak deze tekst in je volgende bericht.

    Succes! 8)

    Pim
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:37:45, on 18-11-2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero8\InCD\InCD.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\VMware\VMware Workstation\hqtray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files\Maxtor\ManagerApp\msssort.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Program Files\Windows Live\Family Safety\fssui.exe
    C:\Program Files\Eset\ESET Smart Security\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\GPSoftware\Directory Opus\dopus.exe
    C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
    C:\Program Files\SecCopy\SecCopy.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\FTDv3.8\FTDv3.exe
    C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeePro2.exe
    C:\Program Files\NewsBin
    bpro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverDes.exe
    C:\Program Files\QuickPar\QuickPar.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
    O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
    O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe" /InitialWait=3
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    O4 - Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195245222720
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F1C81E0-1B60-463D-A741-6DADDDB9938D}: NameServer = 192.168.1.1
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe


    End of file - 14596 bytes

  • Download Combofix naar je Bureaublad.
    [list:a9ab8ce10a]
    Dubbelklik [b:a9ab8ce10a]Combofix.exe[/b:a9ab8ce10a]
    Volg de instructies, aanvaard de disclaimer door "[b:a9ab8ce10a]1[/b:a9ab8ce10a]" te typen en te bevestigen via "[b:a9ab8ce10a]Enter[/b:a9ab8ce10a]".
    Tijdens het runnen van de fix, [b:a9ab8ce10a]NIET[/b:a9ab8ce10a] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:a9ab8ce10a]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:a9ab8ce10a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:a9ab8ce10a]

    [b:a9ab8ce10a]Note:[/b:a9ab8ce10a] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Pim
  • Ik krijg enkel in een tweede cmd-venster de mededeling "Please wait. ComboFix is preparing to run." te zien en daarna gebeurt er niets.
    Ik krijg dus geen disclaimer te zien.

    Wel zie ik dat het process swreg.cf.exe 50% van het processorgebruik in beslag neemt.

    Hoe nu verder?

    PS: Vundo heb ik al wel voor mijn eerste bericht hier gedraaid. Daar kwam niets uit naar voren.
  • In de Safe mode werkte het wel dus hier het ComboFix log. In het volgende bericht het nieuwe HijackThis log.


    ComboFix 07-11-08.3 - Richard 2007-11-19 23:50:19.1 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2802 [GMT 1:00]
    Running from: C:\Users\Richard\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
    .

    2007-11-19 23:49 51,200 –a—— C:\Windows\NirCmd.exe
    2007-11-19 13:38 <DIR> d——– C:\Windows\Sun
    2007-11-19 13:38 <DIR> d——– C:\Users\Richard\.housecall6.6
    2007-11-19 13:08 <DIR> d——– C:\Program Files\Easy Photo Recovery
    2007-11-16 22:29 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-16 20:19 <DIR> d——– C:\Users\All Users\Lavasoft
    2007-11-16 20:19 <DIR> d——– C:\ProgramData\Lavasoft
    2007-11-16 20:19 <DIR> d——– C:\Program Files\Lavasoft
    2007-11-16 13:24 <DIR> d——– C:\Program Files\OfflineList 0.7.2
    2007-11-15 13:48 <DIR> d——– C:\Program Files\Yamicsoft
    2007-11-15 13:11 <DIR> d——– C:\Program Files\Softros Systems
    2007-11-13 22:01 224,768 –a—— C:\Windows\System32\drivers\usbport.sys
    2007-11-13 22:01 192,000 –a—— C:\Windows\System32\drivers\usbhub.sys
    2007-11-13 22:01 73,216 –a—— C:\Windows\System32\drivers\usbccgp.sys
    2007-11-13 22:01 38,400 –a—— C:\Windows\System32\drivers\usbehci.sys
    2007-11-13 22:01 23,040 –a—— C:\Windows\System32\drivers\usbuhci.sys
    2007-11-13 22:01 8,704 –a—— C:\Windows\System32\hcrstco.dll
    2007-11-13 22:01 8,704 –a—— C:\Windows\System32\hccoin.dll
    2007-11-13 22:01 5,888 –a—— C:\Windows\System32\drivers\usbd.sys
    2007-11-12 13:09 368,544 –a—— C:\Windows\System32\drivers\tdrpman.sys
    2007-11-12 13:09 129,248 –a—— C:\Windows\System32\drivers\snapman.sys
    2007-11-12 00:57 <DIR> d-a—— C:\Users\All Users\TEMP
    2007-11-12 00:57 <DIR> d-a—— C:\ProgramData\TEMP
    2007-11-12 00:57 <DIR> d——– C:\Program Files\Classic Menu for Office
    2007-11-11 13:17 <DIR> d——– C:\Users\Richard\AppData\Roaming\Printer Info Cache
    2007-11-11 13:17 <DIR> d——– C:\Users\Richard\AppData\Roaming\Image Zone Express
    2007-11-11 13:01 <DIR> d——– C:\Users\All Users\WEBREG
    2007-11-11 13:01 <DIR> d——– C:\ProgramData\WEBREG
    2007-11-11 12:58 <DIR> d——– C:\Users\Richard\AppData\Roaming\HP
    2007-11-11 00:36 <DIR> d——– C:\Users\All Users\HPSSUPPLY
    2007-11-11 00:36 <DIR> d——– C:\ProgramData\HPSSUPPLY
    2007-11-11 00:33 <DIR> d——– C:\Program Files\Hewlett-Packard
    2007-11-11 00:33 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
    2007-11-11 00:32 <DIR> d——– C:\Program Files\Common Files\HP
    2007-11-11 00:29 <DIR> d——– C:\Program Files\HP
    2007-11-11 00:28 148,995 –a—— C:\Windows\hpoins19.dat
    2007-11-11 00:27 <DIR> d——– C:\Users\All Users\HP
    2007-11-11 00:27 <DIR> d——– C:\ProgramData\HP
    2007-11-11 00:27 26,952 –a—— C:\Windows\hpomdl19.dat
    2007-11-11 00:21 <DIR> d—-c— C:\Windows\System32\DRVSTORE
    2007-11-11 00:21 43,816 –a—— C:\Windows\System32\drivers\fssfltr.sys
    2007-11-11 00:20 3,426,072 –a—— C:\Windows\System32\d3dx9_32.dll
    2007-11-11 00:19 <DIR> d——– C:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-11 00:18 <DIR> d——– C:\Program Files\Windows Live Toolbar
    2007-11-11 00:18 <DIR> d——– C:\Program Files\Windows Live Favorites
    2007-11-11 00:06 <DIR> d——– C:\Users\All Users\WLInstaller
    2007-11-11 00:06 <DIR> d——– C:\ProgramData\WLInstaller
    2007-11-11 00:06 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-08 16:17 53,768 –a—— C:\Windows\System32\drivers\epfwtdi.sys
    2007-11-08 16:17 50,696 –a—— C:\Windows\System32\drivers\epfw.sys
    2007-11-08 16:17 30,728 –a—— C:\Windows\System32\drivers\epfwndis.sys
    2007-11-08 16:10 27,656 –a—— C:\Windows\System32\drivers\easdrv.sys
    2007-11-08 16:09 33,800 –a—— C:\Windows\System32\drivers\eamon.sys
    2007-11-07 15:40 <DIR> d——– C:\Program Files\Microsoft Silverlight
    2007-11-06 18:45 <DIR> d——– C:\Users\All Users\CenerTCPMessenger
    2007-11-06 18:45 <DIR> d——– C:\ProgramData\CenerTCPMessenger
    2007-11-06 14:11 <DIR> d——– C:\Program Files\OO Software
    2007-11-06 00:41 <DIR> d——– C:\Program Files\NextUp-Acapela
    2007-11-06 00:31 <DIR> d——– C:\Program Files\NeoSpeech
    2007-11-06 00:23 <DIR> d——– C:\Users\All Users\NextUp
    2007-11-06 00:23 <DIR> d——– C:\ProgramData\NextUp
    2007-11-06 00:13 <DIR> d——– C:\Program Files\NextUp-ScanSoft
    2007-11-06 00:07 <DIR> d——– C:\Program Files\TextAloud
    2007-11-05 22:46 <DIR> d——– C:\Users\All Users\Apple Computer
    2007-11-05 22:46 <DIR> d——– C:\ProgramData\Apple Computer
    2007-11-05 22:46 <DIR> d——– C:\Program Files\QuickTime
    2007-11-04 22:07 <DIR> d——– C:\Users\Richard\AppData\Roaming\gtopala
    2007-11-04 21:15 <DIR> d——– C:\Users\All Users\Real
    2007-11-04 21:15 <DIR> d——– C:\Program Files\Real Alternative
    2007-11-04 21:15 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-11-04 21:15 164,352 –a—— C:\Windows\System32\unrar.dll
    2007-11-04 21:15 7,680 –a—— C:\Windows\System32\ff_vfw.dll
    2007-11-04 20:32 796,672 –a—— C:\Windows\GPInstall.exe
    2007-11-04 20:28 <DIR> d——– C:\Users\Richard\AppData\Roaming\FlashGet
    2007-11-04 20:28 <DIR> d——– C:\Program Files\FlashGet
    2007-11-04 20:24 <DIR> d——– C:\Program Files\Custom Technology
    2007-11-04 19:41 86,016 –a—— C:\Windows\unvise32.exe
    2007-11-04 19:38 <DIR> d——– C:\Program Files\DivX
    2007-11-04 02:12 <DIR> d——– C:\Windows\ActiveX Components
    2007-11-01 21:49 <DIR> d——– C:\Program Files\Seagate
    2007-11-01 15:26 <DIR> d——– C:\Windows\System32\ShellExt
    2007-11-01 11:31 <DIR> d——– C:\Program Files\Sysinternals
    2007-11-01 00:23 <DIR> d——– C:\Users\All Users\FLEXnet
    2007-11-01 00:23 <DIR> d——– C:\ProgramData\FLEXnet
    2007-11-01 00:00 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
    2007-10-31 23:56 <DIR> d——– C:\Users\All Users\Adobe
    2007-10-31 23:56 <DIR> d——– C:\Program Files\Common Files\Adobe
    2007-10-31 23:56 118,520 ——— C:\Windows\System32\pxinsi64.exe
    2007-10-31 23:56 116,472 ——— C:\Windows\System32\pxcpyi64.exe
    2007-10-31 23:56 43,528 ——— C:\Windows\System32\drivers\PxHelp20.sys
    2007-10-31 21:47 <DIR> d——– C:\Users\Richard\AppData\Roaming\ESET
    2007-10-31 21:46 <DIR> d——– C:\Users\All Users\ESET
    2007-10-31 21:46 <DIR> d——– C:\ProgramData\ESET
    2007-10-31 12:10 <DIR> d——– C:\Users\All Users\Apple
    2007-10-31 12:10 <DIR> d——– C:\ProgramData\Apple
    2007-10-31 12:10 <DIR> d——– C:\Program Files\Apple Software Update
    2007-10-30 21:33 <DIR> d——– C:\Users\All Users\DVD Shrink
    2007-10-30 21:33 <DIR> d——– C:\ProgramData\DVD Shrink
    2007-10-30 21:33 <DIR> d——– C:\Program Files\DVD Shrink
    2007-10-30 16:37 <DIR> d——– C:\Users\All Users\eMule

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-15 13:01 802,816 —-a-w C:\Windows\system32\drivers\tcpip.sys
    2007-11-13 21:03 704,000 —-a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-11-13 21:03 67,584 —-a-w C:\Windows\System32\wlanhlp.dll
    2007-11-13 21:03 542,720 —-a-w C:\Windows\System32\sysmain.dll
    2007-11-13 21:03 502,784 —-a-w C:\Windows\System32\wlansvc.dll
    2007-11-13 21:03 47,104 —-a-w C:\Windows\System32\wlanapi.dll
    2007-11-13 21:03 3,504,824 —-a-w C:\Windows\System32
    tkrnlpa.exe
    2007-11-13 21:03 3,471,032 —-a-w C:\Windows\System32
    toskrnl.exe
    2007-11-13 21:03 297,984 —-a-w C:\Windows\System32\wlansec.dll
    2007-11-13 21:03 290,816 —-a-w C:\Windows\System32\wlanmsm.dll
    2007-11-13 21:03 258,232 —-a-w C:\Windows\system32\drivers\acpi.sys
    2007-11-13 21:03 24,064 —-a-w C:\Windows\System32\wtsapi32.dll
    2007-11-13 21:03 2,923,520 —-a-w C:\Windows\explorer.exe
    2007-11-13 21:03 2,027,008 —-a-w C:\Windows\System32\win32k.sys
    2007-11-13 21:00 ——— d—–w C:\Program Files\Windows Mail
    2007-10-27 22:31 174 –sha-w C:\Program Files\desktop.ini
    2007-10-27 22:27 ——— d—–w C:\Program Files\Windows Defender
    2007-10-27 22:27 ——— d—–w C:\Program Files\Windows Calendar
    2007-10-27 22:13 8,192 —-a-w C:\Windows\System32\riched32.dll
    2007-10-27 22:13 77,824 —-a-w C:\Windows\System32\rascfg.dll
    2007-10-27 22:13 70,144 —-a-w C:\Windows\system32\drivers\pacer.sys
    2007-10-27 22:13 694,784 —-a-w C:\Windows\System32\localspl.dll
    2007-10-27 22:13 619,008 —-a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2007-10-27 22:13 61,952 —-a-w C:\Windows\system32\drivers\wanarp.sys
    2007-10-27 22:13 52,736 —-a-w C:\Windows\System32\rasdiag.dll
    2007-10-27 22:13 48,640 —-a-w C:\Windows\system32\drivers
    dproxy.sys
    2007-10-27 22:13 384,000 —-a-w C:\Windows\System32
    etcfgx.dll
    2007-10-27 22:13 36,864 —-a-w C:\Windows\System32\cdd.dll
    2007-10-27 22:13 33,280 —-a-w C:\Windows\System32\traffic.dll
    2007-10-27 22:13 32,768 —-a-w C:\Windows\System32\rasmxs.dll
    2007-10-27 22:13 286,208 —-a-w C:\Windows\System32\ipnathlp.dll
    2007-10-27 22:13 22,016 —-a-w C:\Windows\System32\rasser.dll
    2007-10-27 22:13 20,480 —-a-w C:\Windows\system32\drivers
    distapi.sys
    2007-10-27 22:13 15,360 —-a-w C:\Windows\System32\pacerprf.dll
    2007-10-27 22:13 134,656 —-a-w C:\Windows\System32\dps.dll
    2007-10-27 22:13 13,824 —-a-w C:\Windows\System32\wshqos.dll
    2007-10-27 22:13 13,824 —-a-w C:\Windows\System32\icsunattend.exe
    2007-10-27 22:07 160,872 —-a-w C:\Windows\System32\halmacpi.dll
    2007-10-27 22:07 134,760 —-a-w C:\Windows\System32\halacpi.dll
    2007-10-27 22:02 86,016 —-a-w C:\Windows\System32\icfupgd.dll
    2007-10-27 22:02 8,147,968 —-a-w C:\Windows\System32\wmploc.DLL
    2007-10-27 22:02 7,680 —-a-w C:\Windows\System32\spwmp.dll
    2007-10-27 22:02 63,488 —-a-w C:\Windows\system32\drivers\mpsdrv.sys
    2007-10-27 22:02 61,952 —-a-w C:\Windows\System32\cmifw.dll
    2007-10-27 22:02 4,096 —-a-w C:\Windows\System32\dxmasf.dll
    2007-10-27 22:02 396,800 —-a-w C:\Windows\System32\MPSSVC.dll
    2007-10-27 22:02 392,192 —-a-w C:\Windows\System32\FirewallAPI.dll
    2007-10-27 22:02 356,864 —-a-w C:\Windows\System32\MediaMetadataHandler.dll
    2007-10-27 22:02 23,040 —-a-w C:\Windows\system32\drivers\tunnel.sys
    2007-10-27 22:02 178,688 —-a-w C:\Windows\System32\iphlpsvc.dll
    2007-10-27 22:02 16,896 —-a-w C:\Windows\System32\wfapigp.dll
    2007-10-27 22:02 15,360 —-a-w C:\Windows\system32\drivers\TUNMP.SYS
    2007-10-27 21:59 537,600 —-a-w C:\Windows\AppPatch\AcLayers.dll
    2007-10-27 21:59 449,536 —-a-w C:\Windows\AppPatch\AcSpecfc.dll
    2007-10-27 21:59 2,144,256 —-a-w C:\Windows\AppPatch\AcGenral.dll
    2007-10-27 21:59 173,056 —-a-w C:\Windows\AppPatch\AcXtrnal.dll
    2007-10-27 21:57 56,320 —-a-w C:\Windows\System32\iesetup.dll
    2007-10-27 21:57 52,736 —-a-w C:\Windows\AppPatch\iebrshim.dll
    2007-10-27 21:57 26,624 —-a-w C:\Windows\System32\ieUnatt.exe
    2007-10-27 21:55 88,576 —-a-w C:\Windows\System32\avifil32.dll
    2007-10-27 21:55 82,944 —-a-w C:\Windows\System32\mciavi32.dll
    2007-10-27 21:55 712,192 —-a-w C:\Windows\System32\WindowsCodecs.dll
    2007-10-27 21:55 65,024 —-a-w C:\Windows\System32\avicap32.dll
    2007-10-27 21:55 61,440 —-a-w C:\Windows\System32
    tprint.exe
    2007-10-27 21:55 320,000 —-a-w C:\Windows\system32\drivers\csc.sys
    2007-10-27 21:55 31,232 —-a-w C:\Windows\System32\msvidc32.dll
    2007-10-27 21:55 269,824 —-a-w C:\Windows\System32\schannel.dll
    2007-10-27 21:55 220,160 —-a-w C:\Windows\System32
    tprint.dll
    2007-10-27 21:55 123,904 —-a-w C:\Windows\System32\msvfw32.dll
    2007-10-27 21:55 120,320 —-a-w C:\Windows\System32\dhcpcsvc6.dll
    2007-10-27 21:55 12,800 —-a-w C:\Windows\System32\msrle32.dll
    2007-10-27 21:55 105,984 —-a-w C:\Windows\System32\CscMig.dll
    2007-10-27 21:55 10,240 —-a-w C:\Windows\System32\dhcpcmonitor.dll
    2007-10-27 21:55 1,984,512 —-a-w C:\Windows\System32\authui.dll
    2007-10-27 21:55 1,335,296 —-a-w C:\Windows\System32\msxml6.dll
    2007-10-18 10:31 51,224 —-a-w C:\Windows\System32\sirenacm.dll
    2007-10-08 08:27 924,976 —-a-w C:\Windows\system32\drivers\vmx86.sys
    2007-10-08 08:27 34,864 —-a-w C:\Windows\system32\drivers\hcmon.sys
    2007-10-08 08:27 15,920 —-a-w C:\Windows\system32\drivers\vmparport.sys
    2007-10-08 07:07 219,696 —-a-w C:\Windows\System32\vmnc.dll
    2007-10-04 16:14 86,016 —-a-w C:\Windows\System32
    vsvc.dll
    2007-10-04 16:14 81,920 —-a-w C:\Windows\System32
    vmctray.dll
    2007-10-04 16:14 8,497,696 —-a-w C:\Windows\System32
    vcpl.dll
    2007-10-04 16:14 753,664 —-a-w C:\Windows\System32
    vcplui.exe
    2007-10-04 16:14 7,625,088 —-a-w C:\Windows\system32\drivers
    vlddmkm.sys
    2007-10-04 16:14 6,942,720 —-a-w C:\Windows\System32
    voglv32.dll
    2007-10-04 16:14 6,344,704 —-a-w C:\Windows\System32
    vdisps.dll
    2007-10-04 16:14 45,056 —-a-w C:\Windows\System32
    vmccsrs.dll
    2007-10-04 16:14 4,993,024 —-a-w C:\Windows\System32
    vd3dum.dll
    2007-10-04 16:14 364,544 —-a-w C:\Windows\System32
    vapi.dll
    2007-10-04 16:14 36,864 —-a-w C:\Windows\System32
    vcod100.dll
    2007-10-04 16:14 36,864 —-a-w C:\Windows\System32
    vcod.dll
    2007-10-04 16:14 356,352 —-a-w C:\Windows\System32
    vuninst.exe
    2007-10-04 16:14 356,352 —-a-w C:\Windows\System32
    vudisp.exe
    2007-10-04 16:14 307,200 —-a-w C:\Windows\System32
    vexpbar.dll
    2007-10-04 16:14 3,551,232 —-a-w C:\Windows\System32
    vvitvs.dll
    2007-10-04 16:14 3,334,144 —-a-w C:\Windows\System32
    vgames.dll
    2007-10-04 16:14 229,376 —-a-w C:\Windows\System32
    vmccs.dll
    2007-10-04 16:14 2,371,584 —-a-w C:\Windows\System32
    vwss.dll
    2007-10-04 16:14 188,416 —-a-w C:\Windows\System32
    vmccss.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    2007-10-17 13:53 57384 –a—— C:\Program Files\Windows Live\Family Safety\fssbho.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 23:10]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12]
    "LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 16:43]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
    "SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 09:36]
    "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2007-09-20 09:35]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
    "Cmaudio"="cmicnfg.cpl" []
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06]
    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11]
    "vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 09:27]
    "VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 09:26]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-06-05 13:00]
    "mssSort"="C:\Program Files\Maxtor\ManagerApp\msssort.exe" [2006-05-25 13:41]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 16:24]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43]
    "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 09:10]
    "fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-10-17 13:53]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-08 16:13]
    "NvSvc"="C:\Windows\system32
    vsvc.dll" [2007-10-04 17:14]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 17:14]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 17:14]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
    "DOpus"="C:\Program Files\GPSoftware\Directory Opus\dopus.exe" [2007-09-13 14:16]
    "Directory Opus Desktop Dblclk"="C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" [2007-09-13 13:41]
    "Second Copy"="C:\Program Files\SecCopy\SecCopy.exe" [2007-10-17 08:42]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-12 01:35]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "EVEREST AutoStart"=C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2007-05-25 20:09:50]
    SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 18:40:52]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2007-09-13 13:41 693760]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ACDSee"=C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeePro2.exe /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "MaxBackSchedule"="C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe"
    "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    "OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

    R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys
    R0 snapman;Acronis Snapshots Manager;C:\Windows\system32\DRIVERS\snapman.sys
    R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\Windows\system32\DRIVERS\timntr.sys
    R3 vmkbd;VMware kbd;\??\C:\Windows\system32\drivers\VMkbd.sys
    S1 easdrv;easdrv;C:\Windows\system32\DRIVERS\easdrv.sys
    S1 epfwtdi;epfwtdi;C:\Windows\system32\DRIVERS\epfwtdi.sys
    S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe
    S2 eamon;EAMON;C:\Windows\system32\DRIVERS\eamon.sys
    S2 ekrn;Eset Service;"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
    S2 epfw;epfw;C:\Windows\system32\DRIVERS\epfw.sys
    S2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys
    S2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
    S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    S2 tifsfilter;Acronis True Image FS Filter;C:\Windows\system32\DRIVERS\tifsfilt.sys
    S2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"
    S2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;\??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
    S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys
    S3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys
    S3 cmudax;C-Media High Definition Audio Interface;C:\Windows\system32\drivers\cmudax.sys
    S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"
    S3 Epfwndis;Eset Personal Firewall;C:\Windows\system32\DRIVERS\Epfwndis.sys
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
    S3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS
    vlddmkm.sys
    S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml
    S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
    LocalServiceNoNetwork PLA DPS BFE mpssvc
    LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
    HPZ12 Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt hpqcxs08 hpqddsvc

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-19 22:34:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-19 23:53:54
    Windows 6.0.6000 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-19 23:54:22
    .
    — E O F —




























  • Ook hier is niks geks te zien. Het process swreg.cf.exe kan ik verder niks over vinden, ook niet op Google o.i.d. Weet jij toevallig waar dit van is?

    Zoek met de windows zoekfunctie eens op: swreg.cf.exe.
    Ga vervolgens naar www.virustotal.com en upload deze file.
    Plaats de uitslag daarvan hier.

    Probeer verder eens Spybot te runnen in veilige modus, grote kans dat hij hier niet blijft hangen op die file.
  • swreg.cf.exe is volgens de omschrijving in Taakbeheer een freeware registry editor. Het is onderdeel van Combofix.
    Op VirusTotal geeft alleen eSafe 7.0.15 aan dat het bestand verdacht is en een Trojan/Worm bevat. De overige scanners zijn negatief.

    Het probleem dat ik in aan het begin van dit draadje noemde is inmiddels verdwenen al moet ik zeggen dat ik niet weet wát er nu aan spy/malware verwijderd is.
    Hoe dan ook werkt de Spybot scanner weer naar behoren.

    PS: :oops:
    Het nieuwe HijackThis log heb ik per ongeluk in een nieuw draadje geplaatst: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1254458#1254458

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.