Vraag & Antwoord

Beveiliging & privacy

Spybot-scan blijft hangen op Win32.Agent.pz

Anoniem
pimvandenderen
8 antwoorden
 • Spybot Search & Destroy 1.51.15 (up-to-date) blijft tijdens het scannen hangen op bot-check 30383/99983: Win32.Agent.pz

  Het scannen blijft dus op op een-derde hangen en kan niet voltooid worden.

  Ik heb al naar de symptomen van deze Win32.Agent.pz gekeken maar daarop afgaand lijk de computer er niet mee besmet. Verder kom ik wel tegen dat Spybot deze bot tegenkomt maar niet kan verwijderen. Zover kom ik dus niet omdat de scan blijft hangen.

  Met Ad-Aware vind ik niet maar volgens andere forums wordt deze bot ook niet door Ad-Aware gezien.

  Is mijn computer besmet? En hoe zorg ik ervoor dat Spybot niet meer blijft hangen?
 • Waarschijnlijk ben je besmet idd :(

  Download Hijackthis-setup naar je [u:22df3b285c]Bureaublad[/u:22df3b285c].

  Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
  Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
  Kies nu voor [b:22df3b285c]'Do a system scan and save a logfile'[/b:22df3b285c].
  Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:22df3b285c]ctrl-A[/b:22df3b285c]), kopieer ([b:22df3b285c]ctrl C[/b:22df3b285c]) en plak deze tekst in je volgende bericht.

  Succes! 8)

  Pim
 • Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:37:45, on 18-11-2007
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16546)
  Boot mode: Normal

  Running processes:
  C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
  C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
  C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
  C:\Program Files\Nero\Nero8\InCD\InCD.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
  C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
  C:\Program Files\VMware\VMware Workstation\hqtray.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
  C:\Program Files\Maxtor\ManagerApp\msssort.exe
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\Spamihilator\spamihilator.exe
  C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
  C:\Program Files\FlashGet\flashget.exe
  C:\Program Files\Windows Live\Family Safety\fssui.exe
  C:\Program Files\Eset\ESET Smart Security\egui.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\GPSoftware\Directory Opus\dopus.exe
  C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
  C:\Program Files\SecCopy\SecCopy.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
  C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
  C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
  C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
  C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
  C:\Program Files\FTDv3.8\FTDv3.exe
  C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeePro2.exe
  C:\Program Files\NewsBin\nbpro.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverDes.exe
  C:\Program Files\QuickPar\QuickPar.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
  O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
  O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
  O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
  O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
  O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
  O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
  O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
  O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
  O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
  O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
  O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
  O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
  O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
  O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
  O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
  O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
  O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe" /InitialWait=3
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\RunOnce: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
  O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
  O4 - Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
  O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
  O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
  O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
  O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
  O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O13 - Gopher Prefix:
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195245222720
  O17 - HKLM\System\CCS\Services\Tcpip\..\{9F1C81E0-1B60-463D-A741-6DADDDB9938D}: NameServer = 192.168.1.1
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
  O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
  O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
  O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
  O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
  O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
  O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
  O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
  O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
  O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
  O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
  O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
  O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe


  End of file - 14596 bytes
 • Download Combofix naar je Bureaublad.
  [list:a9ab8ce10a]
  Dubbelklik [b:a9ab8ce10a]Combofix.exe[/b:a9ab8ce10a]
  Volg de instructies, aanvaard de disclaimer door "[b:a9ab8ce10a]1[/b:a9ab8ce10a]" te typen en te bevestigen via "[b:a9ab8ce10a]Enter[/b:a9ab8ce10a]".
  Tijdens het runnen van de fix, [b:a9ab8ce10a]NIET[/b:a9ab8ce10a] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:a9ab8ce10a]

  Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
  [i:a9ab8ce10a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:a9ab8ce10a]

  [b:a9ab8ce10a]Note:[/b:a9ab8ce10a] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

  Pim
 • Ik krijg enkel in een tweede cmd-venster de mededeling "Please wait. ComboFix is preparing to run." te zien en daarna gebeurt er niets.
  Ik krijg dus geen disclaimer te zien.

  Wel zie ik dat het process swreg.cf.exe 50% van het processorgebruik in beslag neemt.

  Hoe nu verder?

  PS: Vundo heb ik al wel voor mijn eerste bericht hier gedraaid. Daar kwam niets uit naar voren.
 • In de Safe mode werkte het wel dus hier het ComboFix log. In het volgende bericht het nieuwe HijackThis log.


  ComboFix 07-11-08.3 - Richard 2007-11-19 23:50:19.1 - NTFSx86 MINIMAL
  Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2802 [GMT 1:00]
  Running from: C:\Users\Richard\Desktop\ComboFix.exe
  .

  ((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
  .

  2007-11-19 23:49 51,200 –a—— C:\Windows\NirCmd.exe
  2007-11-19 13:38 <DIR> d——– C:\Windows\Sun
  2007-11-19 13:38 <DIR> d——– C:\Users\Richard\.housecall6.6
  2007-11-19 13:08 <DIR> d——– C:\Program Files\Easy Photo Recovery
  2007-11-16 22:29 <DIR> d——– C:\Program Files\Trend Micro
  2007-11-16 20:19 <DIR> d——– C:\Users\All Users\Lavasoft
  2007-11-16 20:19 <DIR> d——– C:\ProgramData\Lavasoft
  2007-11-16 20:19 <DIR> d——– C:\Program Files\Lavasoft
  2007-11-16 13:24 <DIR> d——– C:\Program Files\OfflineList 0.7.2
  2007-11-15 13:48 <DIR> d——– C:\Program Files\Yamicsoft
  2007-11-15 13:11 <DIR> d——– C:\Program Files\Softros Systems
  2007-11-13 22:01 224,768 –a—— C:\Windows\System32\drivers\usbport.sys
  2007-11-13 22:01 192,000 –a—— C:\Windows\System32\drivers\usbhub.sys
  2007-11-13 22:01 73,216 –a—— C:\Windows\System32\drivers\usbccgp.sys
  2007-11-13 22:01 38,400 –a—— C:\Windows\System32\drivers\usbehci.sys
  2007-11-13 22:01 23,040 –a—— C:\Windows\System32\drivers\usbuhci.sys
  2007-11-13 22:01 8,704 –a—— C:\Windows\System32\hcrstco.dll
  2007-11-13 22:01 8,704 –a—— C:\Windows\System32\hccoin.dll
  2007-11-13 22:01 5,888 –a—— C:\Windows\System32\drivers\usbd.sys
  2007-11-12 13:09 368,544 –a—— C:\Windows\System32\drivers\tdrpman.sys
  2007-11-12 13:09 129,248 –a—— C:\Windows\System32\drivers\snapman.sys
  2007-11-12 00:57 <DIR> d-a—— C:\Users\All Users\TEMP
  2007-11-12 00:57 <DIR> d-a—— C:\ProgramData\TEMP
  2007-11-12 00:57 <DIR> d——– C:\Program Files\Classic Menu for Office
  2007-11-11 13:17 <DIR> d——– C:\Users\Richard\AppData\Roaming\Printer Info Cache
  2007-11-11 13:17 <DIR> d——– C:\Users\Richard\AppData\Roaming\Image Zone Express
  2007-11-11 13:01 <DIR> d——– C:\Users\All Users\WEBREG
  2007-11-11 13:01 <DIR> d——– C:\ProgramData\WEBREG
  2007-11-11 12:58 <DIR> d——– C:\Users\Richard\AppData\Roaming\HP
  2007-11-11 00:36 <DIR> d——– C:\Users\All Users\HPSSUPPLY
  2007-11-11 00:36 <DIR> d——– C:\ProgramData\HPSSUPPLY
  2007-11-11 00:33 <DIR> d——– C:\Program Files\Hewlett-Packard
  2007-11-11 00:33 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
  2007-11-11 00:32 <DIR> d——– C:\Program Files\Common Files\HP
  2007-11-11 00:29 <DIR> d——– C:\Program Files\HP
  2007-11-11 00:28 148,995 –a—— C:\Windows\hpoins19.dat
  2007-11-11 00:27 <DIR> d——– C:\Users\All Users\HP
  2007-11-11 00:27 <DIR> d——– C:\ProgramData\HP
  2007-11-11 00:27 26,952 –a—— C:\Windows\hpomdl19.dat
  2007-11-11 00:21 <DIR> d—-c— C:\Windows\System32\DRVSTORE
  2007-11-11 00:21 43,816 –a—— C:\Windows\System32\drivers\fssfltr.sys
  2007-11-11 00:20 3,426,072 –a—— C:\Windows\System32\d3dx9_32.dll
  2007-11-11 00:19 <DIR> d——– C:\Program Files\Microsoft SQL Server Compact Edition
  2007-11-11 00:18 <DIR> d——– C:\Program Files\Windows Live Toolbar
  2007-11-11 00:18 <DIR> d——– C:\Program Files\Windows Live Favorites
  2007-11-11 00:06 <DIR> d——– C:\Users\All Users\WLInstaller
  2007-11-11 00:06 <DIR> d——– C:\ProgramData\WLInstaller
  2007-11-11 00:06 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
  2007-11-08 16:17 53,768 –a—— C:\Windows\System32\drivers\epfwtdi.sys
  2007-11-08 16:17 50,696 –a—— C:\Windows\System32\drivers\epfw.sys
  2007-11-08 16:17 30,728 –a—— C:\Windows\System32\drivers\epfwndis.sys
  2007-11-08 16:10 27,656 –a—— C:\Windows\System32\drivers\easdrv.sys
  2007-11-08 16:09 33,800 –a—— C:\Windows\System32\drivers\eamon.sys
  2007-11-07 15:40 <DIR> d——– C:\Program Files\Microsoft Silverlight
  2007-11-06 18:45 <DIR> d——– C:\Users\All Users\CenerTCPMessenger
  2007-11-06 18:45 <DIR> d——– C:\ProgramData\CenerTCPMessenger
  2007-11-06 14:11 <DIR> d——– C:\Program Files\OO Software
  2007-11-06 00:41 <DIR> d——– C:\Program Files\NextUp-Acapela
  2007-11-06 00:31 <DIR> d——– C:\Program Files\NeoSpeech
  2007-11-06 00:23 <DIR> d——– C:\Users\All Users\NextUp
  2007-11-06 00:23 <DIR> d——– C:\ProgramData\NextUp
  2007-11-06 00:13 <DIR> d——– C:\Program Files\NextUp-ScanSoft
  2007-11-06 00:07 <DIR> d——– C:\Program Files\TextAloud
  2007-11-05 22:46 <DIR> d——– C:\Users\All Users\Apple Computer
  2007-11-05 22:46 <DIR> d——– C:\ProgramData\Apple Computer
  2007-11-05 22:46 <DIR> d——– C:\Program Files\QuickTime
  2007-11-04 22:07 <DIR> d——– C:\Users\Richard\AppData\Roaming\gtopala
  2007-11-04 21:15 <DIR> d——– C:\Users\All Users\Real
  2007-11-04 21:15 <DIR> d——– C:\Program Files\Real Alternative
  2007-11-04 21:15 <DIR> d——– C:\Program Files\K-Lite Codec Pack
  2007-11-04 21:15 164,352 –a—— C:\Windows\System32\unrar.dll
  2007-11-04 21:15 7,680 –a—— C:\Windows\System32\ff_vfw.dll
  2007-11-04 20:32 796,672 –a—— C:\Windows\GPInstall.exe
  2007-11-04 20:28 <DIR> d——– C:\Users\Richard\AppData\Roaming\FlashGet
  2007-11-04 20:28 <DIR> d——– C:\Program Files\FlashGet
  2007-11-04 20:24 <DIR> d——– C:\Program Files\Custom Technology
  2007-11-04 19:41 86,016 –a—— C:\Windows\unvise32.exe
  2007-11-04 19:38 <DIR> d——– C:\Program Files\DivX
  2007-11-04 02:12 <DIR> d——– C:\Windows\ActiveX Components
  2007-11-01 21:49 <DIR> d——– C:\Program Files\Seagate
  2007-11-01 15:26 <DIR> d——– C:\Windows\System32\ShellExt
  2007-11-01 11:31 <DIR> d——– C:\Program Files\Sysinternals
  2007-11-01 00:23 <DIR> d——– C:\Users\All Users\FLEXnet
  2007-11-01 00:23 <DIR> d——– C:\ProgramData\FLEXnet
  2007-11-01 00:00 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
  2007-10-31 23:56 <DIR> d——– C:\Users\All Users\Adobe
  2007-10-31 23:56 <DIR> d——– C:\Program Files\Common Files\Adobe
  2007-10-31 23:56 118,520 ——— C:\Windows\System32\pxinsi64.exe
  2007-10-31 23:56 116,472 ——— C:\Windows\System32\pxcpyi64.exe
  2007-10-31 23:56 43,528 ——— C:\Windows\System32\drivers\PxHelp20.sys
  2007-10-31 21:47 <DIR> d——– C:\Users\Richard\AppData\Roaming\ESET
  2007-10-31 21:46 <DIR> d——– C:\Users\All Users\ESET
  2007-10-31 21:46 <DIR> d——– C:\ProgramData\ESET
  2007-10-31 12:10 <DIR> d——– C:\Users\All Users\Apple
  2007-10-31 12:10 <DIR> d——– C:\ProgramData\Apple
  2007-10-31 12:10 <DIR> d——– C:\Program Files\Apple Software Update
  2007-10-30 21:33 <DIR> d——– C:\Users\All Users\DVD Shrink
  2007-10-30 21:33 <DIR> d——– C:\ProgramData\DVD Shrink
  2007-10-30 21:33 <DIR> d——– C:\Program Files\DVD Shrink
  2007-10-30 16:37 <DIR> d——– C:\Users\All Users\eMule

  .
  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-11-15 13:01 802,816 —-a-w C:\Windows\system32\drivers\tcpip.sys
  2007-11-13 21:03 704,000 —-a-w C:\Windows\System32\PhotoScreensaver.scr
  2007-11-13 21:03 67,584 —-a-w C:\Windows\System32\wlanhlp.dll
  2007-11-13 21:03 542,720 —-a-w C:\Windows\System32\sysmain.dll
  2007-11-13 21:03 502,784 —-a-w C:\Windows\System32\wlansvc.dll
  2007-11-13 21:03 47,104 —-a-w C:\Windows\System32\wlanapi.dll
  2007-11-13 21:03 3,504,824 —-a-w C:\Windows\System32\ntkrnlpa.exe
  2007-11-13 21:03 3,471,032 —-a-w C:\Windows\System32\ntoskrnl.exe
  2007-11-13 21:03 297,984 —-a-w C:\Windows\System32\wlansec.dll
  2007-11-13 21:03 290,816 —-a-w C:\Windows\System32\wlanmsm.dll
  2007-11-13 21:03 258,232 —-a-w C:\Windows\system32\drivers\acpi.sys
  2007-11-13 21:03 24,064 —-a-w C:\Windows\System32\wtsapi32.dll
  2007-11-13 21:03 2,923,520 —-a-w C:\Windows\explorer.exe
  2007-11-13 21:03 2,027,008 —-a-w C:\Windows\System32\win32k.sys
  2007-11-13 21:00 ——— d—–w C:\Program Files\Windows Mail
  2007-10-27 22:31 174 –sha-w C:\Program Files\desktop.ini
  2007-10-27 22:27 ——— d—–w C:\Program Files\Windows Defender
  2007-10-27 22:27 ——— d—–w C:\Program Files\Windows Calendar
  2007-10-27 22:13 8,192 —-a-w C:\Windows\System32\riched32.dll
  2007-10-27 22:13 77,824 —-a-w C:\Windows\System32\rascfg.dll
  2007-10-27 22:13 70,144 —-a-w C:\Windows\system32\drivers\pacer.sys
  2007-10-27 22:13 694,784 —-a-w C:\Windows\System32\localspl.dll
  2007-10-27 22:13 619,008 —-a-w C:\Windows\system32\drivers\dxgkrnl.sys
  2007-10-27 22:13 61,952 —-a-w C:\Windows\system32\drivers\wanarp.sys
  2007-10-27 22:13 52,736 —-a-w C:\Windows\System32\rasdiag.dll
  2007-10-27 22:13 48,640 —-a-w C:\Windows\system32\drivers\ndproxy.sys
  2007-10-27 22:13 384,000 —-a-w C:\Windows\System32\netcfgx.dll
  2007-10-27 22:13 36,864 —-a-w C:\Windows\System32\cdd.dll
  2007-10-27 22:13 33,280 —-a-w C:\Windows\System32\traffic.dll
  2007-10-27 22:13 32,768 —-a-w C:\Windows\System32\rasmxs.dll
  2007-10-27 22:13 286,208 —-a-w C:\Windows\System32\ipnathlp.dll
  2007-10-27 22:13 22,016 —-a-w C:\Windows\System32\rasser.dll
  2007-10-27 22:13 20,480 —-a-w C:\Windows\system32\drivers\ndistapi.sys
  2007-10-27 22:13 15,360 —-a-w C:\Windows\System32\pacerprf.dll
  2007-10-27 22:13 134,656 —-a-w C:\Windows\System32\dps.dll
  2007-10-27 22:13 13,824 —-a-w C:\Windows\System32\wshqos.dll
  2007-10-27 22:13 13,824 —-a-w C:\Windows\System32\icsunattend.exe
  2007-10-27 22:07 160,872 —-a-w C:\Windows\System32\halmacpi.dll
  2007-10-27 22:07 134,760 —-a-w C:\Windows\System32\halacpi.dll
  2007-10-27 22:02 86,016 —-a-w C:\Windows\System32\icfupgd.dll
  2007-10-27 22:02 8,147,968 —-a-w C:\Windows\System32\wmploc.DLL
  2007-10-27 22:02 7,680 —-a-w C:\Windows\System32\spwmp.dll
  2007-10-27 22:02 63,488 —-a-w C:\Windows\system32\drivers\mpsdrv.sys
  2007-10-27 22:02 61,952 —-a-w C:\Windows\System32\cmifw.dll
  2007-10-27 22:02 4,096 —-a-w C:\Windows\System32\dxmasf.dll
  2007-10-27 22:02 396,800 —-a-w C:\Windows\System32\MPSSVC.dll
  2007-10-27 22:02 392,192 —-a-w C:\Windows\System32\FirewallAPI.dll
  2007-10-27 22:02 356,864 —-a-w C:\Windows\System32\MediaMetadataHandler.dll
  2007-10-27 22:02 23,040 —-a-w C:\Windows\system32\drivers\tunnel.sys
  2007-10-27 22:02 178,688 —-a-w C:\Windows\System32\iphlpsvc.dll
  2007-10-27 22:02 16,896 —-a-w C:\Windows\System32\wfapigp.dll
  2007-10-27 22:02 15,360 —-a-w C:\Windows\system32\drivers\TUNMP.SYS
  2007-10-27 21:59 537,600 —-a-w C:\Windows\AppPatch\AcLayers.dll
  2007-10-27 21:59 449,536 —-a-w C:\Windows\AppPatch\AcSpecfc.dll
  2007-10-27 21:59 2,144,256 —-a-w C:\Windows\AppPatch\AcGenral.dll
  2007-10-27 21:59 173,056 —-a-w C:\Windows\AppPatch\AcXtrnal.dll
  2007-10-27 21:57 56,320 —-a-w C:\Windows\System32\iesetup.dll
  2007-10-27 21:57 52,736 —-a-w C:\Windows\AppPatch\iebrshim.dll
  2007-10-27 21:57 26,624 —-a-w C:\Windows\System32\ieUnatt.exe
  2007-10-27 21:55 88,576 —-a-w C:\Windows\System32\avifil32.dll
  2007-10-27 21:55 82,944 —-a-w C:\Windows\System32\mciavi32.dll
  2007-10-27 21:55 712,192 —-a-w C:\Windows\System32\WindowsCodecs.dll
  2007-10-27 21:55 65,024 —-a-w C:\Windows\System32\avicap32.dll
  2007-10-27 21:55 61,440 —-a-w C:\Windows\System32\ntprint.exe
  2007-10-27 21:55 320,000 —-a-w C:\Windows\system32\drivers\csc.sys
  2007-10-27 21:55 31,232 —-a-w C:\Windows\System32\msvidc32.dll
  2007-10-27 21:55 269,824 —-a-w C:\Windows\System32\schannel.dll
  2007-10-27 21:55 220,160 —-a-w C:\Windows\System32\ntprint.dll
  2007-10-27 21:55 123,904 —-a-w C:\Windows\System32\msvfw32.dll
  2007-10-27 21:55 120,320 —-a-w C:\Windows\System32\dhcpcsvc6.dll
  2007-10-27 21:55 12,800 —-a-w C:\Windows\System32\msrle32.dll
  2007-10-27 21:55 105,984 —-a-w C:\Windows\System32\CscMig.dll
  2007-10-27 21:55 10,240 —-a-w C:\Windows\System32\dhcpcmonitor.dll
  2007-10-27 21:55 1,984,512 —-a-w C:\Windows\System32\authui.dll
  2007-10-27 21:55 1,335,296 —-a-w C:\Windows\System32\msxml6.dll
  2007-10-18 10:31 51,224 —-a-w C:\Windows\System32\sirenacm.dll
  2007-10-08 08:27 924,976 —-a-w C:\Windows\system32\drivers\vmx86.sys
  2007-10-08 08:27 34,864 —-a-w C:\Windows\system32\drivers\hcmon.sys
  2007-10-08 08:27 15,920 —-a-w C:\Windows\system32\drivers\vmparport.sys
  2007-10-08 07:07 219,696 —-a-w C:\Windows\System32\vmnc.dll
  2007-10-04 16:14 86,016 —-a-w C:\Windows\System32\nvsvc.dll
  2007-10-04 16:14 81,920 —-a-w C:\Windows\System32\nvmctray.dll
  2007-10-04 16:14 8,497,696 —-a-w C:\Windows\System32\nvcpl.dll
  2007-10-04 16:14 753,664 —-a-w C:\Windows\System32\nvcplui.exe
  2007-10-04 16:14 7,625,088 —-a-w C:\Windows\system32\drivers\nvlddmkm.sys
  2007-10-04 16:14 6,942,720 —-a-w C:\Windows\System32\nvoglv32.dll
  2007-10-04 16:14 6,344,704 —-a-w C:\Windows\System32\nvdisps.dll
  2007-10-04 16:14 45,056 —-a-w C:\Windows\System32\nvmccsrs.dll
  2007-10-04 16:14 4,993,024 —-a-w C:\Windows\System32\nvd3dum.dll
  2007-10-04 16:14 364,544 —-a-w C:\Windows\System32\nvapi.dll
  2007-10-04 16:14 36,864 —-a-w C:\Windows\System32\nvcod100.dll
  2007-10-04 16:14 36,864 —-a-w C:\Windows\System32\nvcod.dll
  2007-10-04 16:14 356,352 —-a-w C:\Windows\System32\nvuninst.exe
  2007-10-04 16:14 356,352 —-a-w C:\Windows\System32\nvudisp.exe
  2007-10-04 16:14 307,200 —-a-w C:\Windows\System32\nvexpbar.dll
  2007-10-04 16:14 3,551,232 —-a-w C:\Windows\System32\nvvitvs.dll
  2007-10-04 16:14 3,334,144 —-a-w C:\Windows\System32\nvgames.dll
  2007-10-04 16:14 229,376 —-a-w C:\Windows\System32\nvmccs.dll
  2007-10-04 16:14 2,371,584 —-a-w C:\Windows\System32\nvwss.dll
  2007-10-04 16:14 188,416 —-a-w C:\Windows\System32\nvmccss.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
  2007-10-17 13:53 57384 –a—— C:\Program Files\Windows Live\Family Safety\fssbho.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 23:10]
  "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12]
  "LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 16:43]
  "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13]
  "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
  "SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 09:36]
  "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2007-09-20 09:35]
  "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
  "Cmaudio"="cmicnfg.cpl" []
  "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06]
  "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11]
  "vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 09:27]
  "VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 09:26]
  "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
  "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-06-05 13:00]
  "mssSort"="C:\Program Files\Maxtor\ManagerApp\msssort.exe" [2006-05-25 13:41]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
  "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 16:24]
  "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43]
  "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 09:10]
  "fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-10-17 13:53]
  "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-08 16:13]
  "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 17:14]
  "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 17:14]
  "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 17:14]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
  "DOpus"="C:\Program Files\GPSoftware\Directory Opus\dopus.exe" [2007-09-13 14:16]
  "Directory Opus Desktop Dblclk"="C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" [2007-09-13 13:41]
  "Second Copy"="C:\Program Files\SecCopy\SecCopy.exe" [2007-10-17 08:42]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]
  "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-12 01:35]
  "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
  "EVEREST AutoStart"=C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

  C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2007-05-25 20:09:50]
  SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 18:40:52]

  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
  HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "EnableLUA"=0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
  "EnableShellExecuteHooks"=1 (0x1)

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2007-09-13 13:41 693760]

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"= msv1_0 relog_ap

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "ACDSee"=C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeePro2.exe /tray

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
  "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
  "MaxBackSchedule"="C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe"
  "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
  "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
  "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  "OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

  R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys
  R0 snapman;Acronis Snapshots Manager;C:\Windows\system32\DRIVERS\snapman.sys
  R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys
  R0 timounter;Acronis True Image Backup Archive Explorer;C:\Windows\system32\DRIVERS\timntr.sys
  R3 vmkbd;VMware kbd;\??\C:\Windows\system32\drivers\VMkbd.sys
  S1 easdrv;easdrv;C:\Windows\system32\DRIVERS\easdrv.sys
  S1 epfwtdi;epfwtdi;C:\Windows\system32\DRIVERS\epfwtdi.sys
  S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
  S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe
  S2 eamon;EAMON;C:\Windows\system32\DRIVERS\eamon.sys
  S2 ekrn;Eset Service;"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
  S2 epfw;epfw;C:\Windows\system32\DRIVERS\epfw.sys
  S2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys
  S2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
  S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
  S2 tifsfilter;Acronis True Image FS Filter;C:\Windows\system32\DRIVERS\tifsfilt.sys
  S2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"
  S2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;\??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
  S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys
  S3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys
  S3 cmudax;C-Media High Definition Audio Interface;C:\Windows\system32\drivers\cmudax.sys
  S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"
  S3 Epfwndis;Eset Personal Firewall;C:\Windows\system32\DRIVERS\Epfwndis.sys
  S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
  S3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
  S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml
  S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
  LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
  LocalServiceNoNetwork PLA DPS BFE mpssvc
  LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
  HPZ12 Pml Driver HPZ12 Net Driver HPZ12
  hpdevmgmt hpqcxs08 hpqddsvc

  *Newly Created Service* - CATCHME
  .
  Contents of the 'Scheduled Tasks' folder
  "2007-11-19 22:34:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************

  catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-11-19 23:53:54
  Windows 6.0.6000 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************
  .
  Completion time: 2007-11-19 23:54:22
  .
  — E O F —
 • Ook hier is niks geks te zien. Het process swreg.cf.exe kan ik verder niks over vinden, ook niet op Google o.i.d. Weet jij toevallig waar dit van is?

  Zoek met de windows zoekfunctie eens op: swreg.cf.exe.
  Ga vervolgens naar www.virustotal.com en upload deze file.
  Plaats de uitslag daarvan hier.

  Probeer verder eens Spybot te runnen in veilige modus, grote kans dat hij hier niet blijft hangen op die file.
 • swreg.cf.exe is volgens de omschrijving in Taakbeheer een freeware registry editor. Het is onderdeel van Combofix.
  Op VirusTotal geeft alleen eSafe 7.0.15 aan dat het bestand verdacht is en een Trojan/Worm bevat. De overige scanners zijn negatief.

  Het probleem dat ik in aan het begin van dit draadje noemde is inmiddels verdwenen al moet ik zeggen dat ik niet weet wát er nu aan spy/malware verwijderd is.
  Hoe dan ook werkt de Spybot scanner weer naar behoren.

  PS: :oops:
  Het nieuwe HijackThis log heb ik per ongeluk in een nieuw draadje geplaatst: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1254458#1254458

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.