Archief - logje ( vundo prolly)

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

zarathustra

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:36, on 2/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\PC COE\Ida.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\CMMON32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\windey\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://athp.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3a0f3c3b-7cf1-42d4-a594-21214613a9ec} - C:\Windows\system32\huvehibi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
O4 - HKLM\..\Run: [IDA] "c:\Program Files\Hewlett-Packard\PC COE\IDA.EXE"
O4 - HKLM\..\Run: [COEMsgDisplay] "c:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SystemUserCheck] "C:\Program Files\Hewlett-Packard\ProfileCheck\systemusercheck.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [GetIT] "C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [rogeraropi] Rundll32.exe "C:\Windows\system32\zeladugu.dll",s
O4 - HKLM\..\Run: [fa806f0f] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\dofoferu.dll",b
O4 - HKLM\..\Run: [CPMf9b35c93] "C:\Windows\system32\Rundll32.exe" "c:\windows\system32\jiwirido.dll",a
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [rogeraropi] Rundll32.exe "C:\Windows\system32\zeladugu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: create_shortcut.lnk = C:\Users\davenutt\create_shortcut.vbs (User 'Default user')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: http://*.compaq.com.ar
O15 - Trusted Zone: http://*.compaq.com.br
O15 - Trusted Zone: http://*.compaq.com.co
O15 - Trusted Zone: http://*.compaq.com.mx
O15 - Trusted Zone: http://*.compaq.com.sg
O15 - Trusted Zone: http://*.compaq.com.ve
O15 - Trusted Zone: http://*.cpqcorp.net
O15 - Trusted Zone: http://*.dcu.org
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.hpqcorp.net
O16 - DPF: iLO Remote Console Applet - https://16.56.205.200/dvc.CAB
O16 - DPF: {5A734A13-B486-4199-AB2F-9548416187B0} (hpcertenroll Control) - https://digitalbadge.external.hp.com/hp/hpcertenroll.cab
O16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - https://digitalbadge.external.hp.com/hp/HPPKI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E070B3-3344-4150-8BE7-33D7A8EDF0FA}: NameServer = 16.110.135.51 16.110.135.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O20 - AppInit_DLLs: C:\Windows\system32\tiyupotu.dll c:\windows\system32\jiwirido.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jiwirido.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jiwirido.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DriverManager - UUNET Technologies, Inc. - C:\Program Files\PAL\DriverManager.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: PictureTaker - LANovation - C:\Windows\system32\PCTKRNT.SYS
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Antivirus and Antispyware Security) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13713 bytes


is een HP werk laptop, vandaar de massa's runnende processen -_-

Juisterr

Legacy Member
compaq ( doe de groeten maar aan albert )

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Jawwi.nl - MBAM installeren
Plaats dit logje



Download Combofix naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post ook dit logje in je volgende antwoord, samen met een nieuw gemaakt HJT logje.

zarathustra

Legacy Member
log 1

Malwarebytes' Anti-Malware 1.30
Database version: 1445
Windows 6.0.6000

2/12/2008 13:11:21
mbam-log-2008-12-02 (13-11-21).txt

Scan type: Quick Scan
Objects scanned: 54857
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\radujuzo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\Windows\System32\tadebava.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fa806f0f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf9b35c93 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rogeraropi (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\tadebava.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\tadebava.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\dofoferu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\urefofod.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\radujuzo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ozujudar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\Windows\System32\tadebava.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\huvehibi.dll.tmp (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\tiyupotu.dll.tmp (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\zeladugu.dll.tmp (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\foponiga.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\gofizesa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

----------

en hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54, on 2008-12-02
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\PC COE\Ida.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\CMMON32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\windey\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
O4 - HKLM\..\Run: [IDA] "c:\Program Files\Hewlett-Packard\PC COE\IDA.EXE"
O4 - HKLM\..\Run: [COEMsgDisplay] "c:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SystemUserCheck] "C:\Program Files\Hewlett-Packard\ProfileCheck\systemusercheck.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [GetIT] "C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - .DEFAULT User Startup: create_shortcut.lnk = C:\Users\davenutt\create_shortcut.vbs (User 'Default user')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: http://*.compaq.com.ar
O15 - Trusted Zone: http://*.compaq.com.br
O15 - Trusted Zone: http://*.compaq.com.co
O15 - Trusted Zone: http://*.compaq.com.mx
O15 - Trusted Zone: http://*.compaq.com.sg
O15 - Trusted Zone: http://*.compaq.com.ve
O15 - Trusted Zone: http://*.cpqcorp.net
O15 - Trusted Zone: http://*.dcu.org
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.hpqcorp.net
O16 - DPF: iLO Remote Console Applet - https://16.56.205.200/dvc.CAB
O16 - DPF: {5A734A13-B486-4199-AB2F-9548416187B0} (hpcertenroll Control) - https://digitalbadge.external.hp.com/hp/hpcertenroll.cab
O16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - https://digitalbadge.external.hp.com/hp/HPPKI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E070B3-3344-4150-8BE7-33D7A8EDF0FA}: NameServer = 16.110.135.51 16.110.135.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DriverManager - UUNET Technologies, Inc. - C:\Program Files\PAL\DriverManager.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: PictureTaker - LANovation - C:\Windows\system32\PCTKRNT.SYS
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Antivirus and Antispyware Security) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11752 bytes

zarathustra

Legacy Member
combofix

ComboFix 08-12-01.01 - windey 2008-12-02 13:30:21.1 - NTFSx86
Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.1.1033.18.1037 [GMT 1:00]
Running from: c:\users\windey\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ninobuku.dll
c:\windows\system32\tahisepi.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-02 13:02 . 2008-12-02 13:02 <DIR> d-------- c:\users\windey\AppData\Roaming\Malwarebytes
2008-12-02 13:02 . 2008-12-02 13:02 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-02 13:02 . 2008-12-02 13:02 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-02 13:02 . 2008-12-02 13:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 13:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-02 13:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-02 11:21 . 2008-12-02 11:21 <DIR> d-------- C:\VundoFix Backups
2008-12-01 12:32 . 2008-12-01 12:49 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-01 12:32 . 2008-12-01 12:49 <DIR> d-------- c:\programdata\Lavasoft
2008-12-01 11:39 . 2008-12-01 11:39 <DIR> d-------- c:\users\windey\AppData\Roaming\Webroot
2008-12-01 11:39 . 2008-12-01 11:39 <DIR> d-------- c:\users\All Users\Webroot
2008-12-01 11:39 . 2008-12-01 11:39 <DIR> d-------- c:\programdata\Webroot
2008-12-01 11:39 . 2008-12-01 11:39 <DIR> d-------- c:\program files\Webroot
2008-12-01 11:39 . 2008-08-09 16:04 1,538,928 --a------ c:\windows\WRSetup.dll
2008-12-01 11:36 . 2008-12-01 11:36 164 --a------ C:\install.dat
2008-11-27 13:01 . 2008-11-27 13:01 <DIR> d-------- c:\users\windey\AppData\Roaming\OpenArena
2008-11-27 13:00 . 2008-11-27 13:00 <DIR> d-------- c:\program files\Openarena
2008-11-26 13:28 . 2008-11-26 13:28 2,027,520 --a------ c:\windows\System32\win32k.sys
2008-11-26 13:28 . 2008-11-26 13:28 211,968 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-26 13:27 . 2008-11-26 13:27 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-26 13:27 . 2008-11-26 13:27 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-26 13:26 . 2008-11-26 13:26 290,304 --a------ c:\windows\System32\drivers\srv.sys
2008-11-26 13:25 . 2008-11-26 13:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-26 13:25 . 2008-11-26 13:25 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-19 20:42 . 2008-11-19 20:42 <DIR> d-------- c:\users\windey\AppData\Roaming\InterVideo
2008-11-18 17:10 . 2008-11-18 17:29 <DIR> d-------- c:\users\windey\AppData\Roaming\NewsLeecher
2008-11-15 20:43 . 2008-11-15 23:21 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-15 20:42 . 2008-11-15 20:42 <DIR> d-------- c:\users\All Users\Blizzard
2008-11-15 20:42 . 2008-11-15 20:42 <DIR> d-------- c:\programdata\Blizzard
2008-11-14 09:02 . 2008-11-14 09:02 <DIR> d-------- C:\Program
2008-11-14 08:59 . 2008-11-14 08:59 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-14 08:58 . 2008-11-14 08:59 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-14 08:54 . 2008-11-14 08:54 <DIR> d-------- c:\users\windey\AppData\Roaming\DAEMON Tools
2008-11-14 08:54 . 2008-11-14 08:54 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-11-05 13:25 . 2008-11-05 14:31 <DIR> d-------- c:\program files\Visual CertExam Suite
2008-11-02 13:40 . 2008-09-25 14:20 483,328 --a------ c:\windows\System32\actskn45.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 12:16 --------- d-----w c:\programdata\VMware
2008-12-01 11:55 --------- d-----w c:\program files\PHP
2008-12-01 11:54 --------- d-----w c:\program files\Griffith
2008-11-28 11:34 --------- d-----w c:\program files\Trillian
2008-11-27 11:46 --------- d-----w c:\users\windey\AppData\Roaming\VMware
2008-11-26 12:27 --------- d-----w c:\programdata\Microsoft Help
2008-11-23 02:17 --------- d-----w c:\users\windey\AppData\Roaming\uTorrent
2008-11-19 12:24 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-19 08:26 --------- d-----w c:\users\windey\AppData\Roaming\mIRC
2008-11-17 20:03 --------- d-----w c:\program files\mIRC
2008-11-01 22:29 --------- d-----w c:\program files\eXtreme Movie Manager
2008-11-01 22:19 --------- d-----w c:\users\windey\AppData\Roaming\griffith
2008-11-01 20:49 --------- d-----w c:\program files\MovieTrack
2008-11-01 20:34 --------- d-----w c:\programdata\Office Genuine Advantage
2008-11-01 19:54 --------- d-----w c:\program files\Network Stumbler
2008-11-01 19:41 --------- d-----w c:\users\windey\AppData\Roaming\Wireshark
2008-11-01 19:30 --------- d-----w c:\program files\Wireshark
2008-11-01 19:29 --------- d-----w c:\program files\WinPcap
2008-10-31 13:05 --------- d-----w c:\program files\Apache Group
2008-10-31 12:42 --------- d-----w c:\program files\Apache Software Foundation
2008-10-29 17:08 --------- d-----w c:\program files\Create-Ringtone
2008-10-24 07:53 --------- d-----w c:\program files\VMware
2008-10-23 16:04 --------- d-----w c:\users\windey\AppData\Roaming\DivX
2008-10-17 14:43 --------- d-----w c:\programdata\Messenger Plus!
2008-10-16 18:03 --------- d-----w c:\users\windey\AppData\Roaming\Winamp
2008-10-16 18:03 --------- d-----w c:\programdata\Last.fm
2008-10-16 18:01 --------- d-----w c:\program files\Winamp
2008-10-16 17:59 --------- d-----w c:\program files\Last.fm
2008-10-15 16:21 --------- d-----w c:\program files\Windows Live
2008-10-15 16:21 --------- d-----w c:\program files\MSN Messenger
2008-10-15 16:21 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-14 21:50 --------- d-----w c:\programdata\WLInstaller
2008-10-11 13:38 --------- d-----w c:\program files\DivX
2008-10-11 13:38 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-10-11 12:28 --------- d-----w c:\program files\uTorrent
2008-10-09 08:39 --------- d-----w c:\programdata\Attachmate
2008-10-09 08:35 --------- d-----w c:\program files\Attachmate
2008-09-08 13:16 174 --sha-w c:\program files\desktop.ini
2008-01-09 18:55 1,561 ----a-w c:\users\Default\create_shortcut.vbs
2008-01-09 18:55 1,561 ----a-w c:\users\Administrator\create_shortcut.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2008-08-12 176128]
"COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-12 26624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-12-08 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-08-05 135568]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-09-10 294440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-02 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-02 129560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-18 1097728]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"SystemUserCheck"="c:\program files\Hewlett-Packard\ProfileCheck\systemusercheck.exe" [2008-04-08 70144]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-09-08 5720072]
"GetIT"="c:\program files\Hewlett-Packard\GetIT\GetIT.exe" [2008-09-19 286720]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-09-10 130864]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-01-09 184320]
WinZip Quick Pick.lnk - c:\windows\Installer\{9FDF923E-DB53-41E4-8CE6-8DEB8301C12E}\Icon_WZQKPICK.EXE [2008-09-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"disablecad"= 0 (0x0)
"DisableNT4Policy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2071926840-940806021-1843147173-500]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A57E75E2-2D4B-4888-B515-EB70F1F193AE}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{595E626B-CEEC-4D60-B0B5-BA2CDDCBB613}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{729180D8-09B1-458F-AD8C-26AD4C462679}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{FB2BB8FD-3FAE-40F8-A244-2FA635E73ACE}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{626A787E-F348-4397-89D7-1871AA29EA7A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{10B9F8B2-CCF1-496E-8439-A2064EF27D72}"= UDP:c:\program files\Microsoft Office Communicator\communicator.exe:Office Communicator
"{917FBEE4-15F3-4F34-B086-CD50E88DC5EF}"= TCP:c:\program files\Microsoft Office Communicator\communicator.exe:Office Communicator
"{79273111-90E6-4635-9638-2878C23073F9}"= UDP:c:\program files\Microsoft Office Communicator\communicator.exe:Communicator
"{EA6CD3D2-3A80-4FA8-892D-299A4A884752}"= TCP:c:\program files\Microsoft Office Communicator\communicator.exe:Communicator
"TCP Query User{C0A328F2-AE70-49BE-9D5B-19D4A7964174}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{8EB6E7C0-5BD0-4015-9DE9-C985D7D9225A}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{33A2ED78-B569-4590-9205-F5944F57F01F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{F5FBFF66-CCE7-4605-AB48-7D70EC115D2B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8BB2763B-7F0B-4455-879E-5F0FF3AADDE9}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{A47FC9B0-60C3-4BDF-8904-FC76FE5A900F}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8D378F56-F5DF-4FBC-8D0F-2F3E9DB24873}c:\\program files\\attachmate\\reflection\\rx.exe"= UDP:c:\program files\attachmate\reflection\rx.exe:Reflection X
"UDP Query User{5C9EB1D2-5884-475B-862F-24FD0E6DB6E4}c:\\program files\\attachmate\\reflection\\rx.exe"= TCP:c:\program files\attachmate\reflection\rx.exe:Reflection X
"{4C9ED824-9656-4BB6-8452-B3BCF7F606AF}"= UDP:c:\program files\VMware\VMware Workstation\vmware-authd.exe:VMware Authd
"{78D247D1-44F9-44BA-A198-E9133F1E6A97}"= TCP:c:\program files\VMware\VMware Workstation\vmware-authd.exe:VMware Authd
"{BD322A80-F154-456C-8E88-8EC92F92B0EF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DC1DDBA5-DF0B-41E4-9AD9-4F0BEABCC38F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{F161053D-FDD4-4CD5-8F79-CB4F5F7E2746}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{760A37EC-67D1-491A-8361-A4BA41E36633}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{87891BEB-ADB1-4218-BACA-80B9F47C8F7A}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{733F9B6D-CB2A-416A-8F32-781117722BFA}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"TCP Query User{0086C9EA-29C4-4496-8DB3-82B63C3D6F0E}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{34413924-1525-4957-A85F-289ED65711B9}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{E24BDD30-B1FA-47D6-A476-F83B6CB0A3DE}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{498A6D61-FC72-4DF9-ADB1-6C4AAD8963BD}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"TCP Query User{568D269F-35E4-4B32-9497-2B5AA4832E33}c:\\world of warcraft\\repair.exe"= UDP:c:\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{4B66B171-38FE-4A79-ADB8-AF6C7DD1D788}c:\\world of warcraft\\repair.exe"= TCP:c:\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{B2326BCE-B06A-4F9F-89B6-5D83F97F4B31}c:\\program files\\openarena\\openarena-0.8.1\\openarena.exe"= UDP:c:\program files\openarena\openarena-0.8.1\openarena.exe:openarena
"UDP Query User{55D2DC98-CA8A-495A-97EA-BB9187F4FEEF}c:\\program files\\openarena\\openarena-0.8.1\\openarena.exe"= TCP:c:\program files\openarena\openarena-0.8.1\openarena.exe:openarena
"{278C3423-1629-46DE-8A7E-77A458A29C5A}"= UDP:c:\windows\explorer.exe:Explorer
"{EF6671C7-5B35-43BD-BD1D-3F6266B21399}"= TCP:c:\windows\explorer.exe:Explorer
"{C34C6A95-7DBC-4FD1-B003-F93B1C4B7F6F}"= UDP:c:\program files\Hewlett-Packard\PC COE\Ida.exe:Ida
"{41EBE98B-B573-4000-84E6-FAC729A0D184}"= UDP:c:\program files\Hewlett-Packard\PC COE\Ida.exe:Ida
"{9B158A38-7297-4CFB-8F82-6461C0018148}"= TCP:c:\program files\Hewlett-Packard\PC COE\Ida.exe:Ida
"{51A0BA87-9EB9-484E-BD96-BFA09DA06DDC}"= TCP:c:\program files\Hewlett-Packard\PC COE\Ida.exe:Ida
"{BDCEAAF6-512E-4AC5-959B-CB6B08EB1140}"= UDP:c:\windows\System32\wininit.exe:wininit
"{00346406-0122-4CC8-B625-DE3DE4D897B7}"= TCP:c:\windows\System32\wininit.exe:wininit
"{3FF89B83-A601-4060-AFE8-5ACEFC6CF1D1}"= UDP:c:\windows\System32\rundll32.exe:rundll32
"{0CB33A9F-93A3-40F5-A6EB-EF723660F49C}"= TCP:c:\windows\System32\rundll32.exe:rundll32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R2 accoca;ActivClient Middleware Service;"c:\program files\ActivIdentity\ActivClient\accoca.exe" [2007-05-16 182576]
R2 CPMDrvr;CPMDrvr;c:\windows\system32\CPMDrvr.sys [2008-01-09 43232]
R2 DriverManager;DriverManager;c:\program files\PAL\DriverManager.exe [2008-01-09 77824]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-28 18944]
R2 msralinkmonitor;MSRA Link Monitor;"c:\program files\Remote tools\msraLinkMonitor.exe" [2007-11-29 151552]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R2 radexecd;HP OVCM Notify Daemon;"c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe" [2007-02-20 270510]
R2 radsched;HP OVCM Scheduler Daemon;"c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe" [2007-03-23 172205]
R2 Radstgms;HP OVCM MSI Redirector;"c:\program files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe" [2008-07-03 315570]
R2 vmci;VMware vmci;\??\c:\windows\system32\Drivers\vmci.sys [2008-09-18 54960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 179200]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\DRIVERS\radiamsi.sys [2007-08-03 23424]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-24 17280]
S4 GtFUsb;GlobeTrotter 3G+ Fuji Filter Service;c:\windows\system32\drivers\gtfusb.sys [2008-03-28 5120]
S4 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2008-03-28 8064]
S4 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2008-03-28 34560]
S4 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-03-28 92160]
S4 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\suscom.sys [2008-03-28 40448]
S4 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2008-03-28 20352]
S4 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [2008-03-28 71168]
S4 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);c:\windows\system32\drivers\swumx00.sys [2008-03-28 70912]
S4 SWUMX02;HP hs2300 USB MUX Driver (#02);c:\windows\system32\drivers\swumx02.sys [2008-03-28 70656]
S4 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [2008-03-28 70912]
S4 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32);c:\windows\system32\drivers\swumx32.sys [2008-03-28 70912]
S4 SWUMX33;Sierra Wireless USB MUX Driver (UMTS33);c:\windows\system32\drivers\swumx33.sys [2008-03-28 70912]
S4 SWUMX3A;Sierra Wireless USB MUX Driver (UMTS3A);c:\windows\system32\drivers\swumx3a.sys [2008-03-28 70912]
S4 SWUMX50;Sierra Wireless USB MUX Driver (UMTS50);c:\windows\system32\drivers\swumx50.sys [2008-03-28 70912]
S4 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2008-03-28 70912]
S4 SWUMX53;Sierra Wireless USB MUX Driver (UMTS53);c:\windows\system32\drivers\swumx53.sys [2008-03-28 70912]
S4 SWUMX70;Sierra Wireless USB MUX Driver (UMTS70);c:\windows\system32\drivers\swumx70.sys [2008-03-28 70912]
S4 SWUMX71;Sierra Wireless USB MUX Driver (UMTS71);c:\windows\system32\drivers\swumx71.sys [2008-03-28 70912]
S4 SWUMX72;Sierra Wireless USB MUX Driver (UMTS72);c:\windows\system32\drivers\swumx72.sys [2008-03-28 70912]
S4 SWUMX73;Sierra Wireless USB MUX Driver (UMTS73);c:\windows\system32\drivers\swumx73.sys [2008-03-28 70912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8adec81-b221-11dd-b13e-001e37e7cda4}]
\shell\AutoRun\command - F:\CDautorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C99D666B-62E4-461B-A346-9375D55AB9BC}]
"c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]

2008-12-02 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]

2008-12-02 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]

2008-12-02 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
- c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24 09:27]

2008-12-02 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
- c:\windows\system32\rundll32.exe [2006-11-02 10:45]

2008-12-02 c:\windows\Tasks\User_Feed_Synchronization-{C5A0ABCE-548E-4F6A-91A9-393F0EF79DD7}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]

2008-12-02 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2008-12-02 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 16:04]

2008-12-02 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\","d:\","f:\","s:\" []
.
- - - - ORPHANS REMOVED - - - -

BHO-{3a0f3c3b-7cf1-42d4-a594-21214613a9ec} - c:\windows\system32\tahisepi.dll
HKLM-Run-rogeraropi - c:\windows\system32\foponiga.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\windey\AppData\Roaming\Mozilla\Firefox\Profiles\959uu4wd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.bearshare.com/be/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 14:23:41
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3428)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\conime.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\windows\System32\vmnat.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\System32\vmnetdhcp.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\taskmgr.exe
c:\windows\System32\wbem\WmiApSrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-12-02 14:43:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 13:42:45

Pre-Run: 28.376.043.520 bytes free
Post-Run: 26,173,566,976 bytes free

316

Juisterr

Legacy Member
Dat ziet er al beter uit dan verwacht.

Start opnieuw op ( als nog niet gedaan ) en plaats een nieuw HJT logje aub.

zarathustra

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23, on 2008-12-02
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\PC COE\Ida.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Users\windey\Downloads\HiJackThis.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IDA] "c:\Program Files\Hewlett-Packard\PC COE\IDA.EXE"
O4 - HKLM\..\Run: [COEMsgDisplay] "c:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SystemUserCheck] "C:\Program Files\Hewlett-Packard\ProfileCheck\systemusercheck.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [GetIT] "C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - .DEFAULT User Startup: create_shortcut.lnk = C:\Users\davenutt\create_shortcut.vbs (User 'Default user')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: http://*.compaq.com.ar
O15 - Trusted Zone: http://*.compaq.com.br
O15 - Trusted Zone: http://*.compaq.com.co
O15 - Trusted Zone: http://*.compaq.com.mx
O15 - Trusted Zone: http://*.compaq.com.sg
O15 - Trusted Zone: http://*.compaq.com.ve
O15 - Trusted Zone: http://*.cpqcorp.net
O15 - Trusted Zone: http://*.dcu.org
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.hpqcorp.net
O16 - DPF: iLO Remote Console Applet - https://16.56.205.200/dvc.CAB
O16 - DPF: {5A734A13-B486-4199-AB2F-9548416187B0} (hpcertenroll Control) - https://digitalbadge.external.hp.com/hp/hpcertenroll.cab
O16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - https://digitalbadge.external.hp.com/hp/HPPKI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DriverManager - UUNET Technologies, Inc. - C:\Program Files\PAL\DriverManager.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: PictureTaker - LANovation - C:\Windows\system32\PCTKRNT.SYS
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Antivirus and Antispyware Security) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11602 bytes

zarathustra

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23, on 2008-12-02
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\PC COE\Ida.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Users\windey\Downloads\HiJackThis.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IDA] "c:\Program Files\Hewlett-Packard\PC COE\IDA.EXE"
O4 - HKLM\..\Run: [COEMsgDisplay] "c:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SystemUserCheck] "C:\Program Files\Hewlett-Packard\ProfileCheck\systemusercheck.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [GetIT] "C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - .DEFAULT User Startup: create_shortcut.lnk = C:\Users\davenutt\create_shortcut.vbs (User 'Default user')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: http://*.compaq.com.ar
O15 - Trusted Zone: http://*.compaq.com.br
O15 - Trusted Zone: http://*.compaq.com.co
O15 - Trusted Zone: http://*.compaq.com.mx
O15 - Trusted Zone: http://*.compaq.com.sg
O15 - Trusted Zone: http://*.compaq.com.ve
O15 - Trusted Zone: http://*.cpqcorp.net
O15 - Trusted Zone: http://*.dcu.org
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.hpqcorp.net
O16 - DPF: iLO Remote Console Applet - https://16.56.205.200/dvc.CAB
O16 - DPF: {5A734A13-B486-4199-AB2F-9548416187B0} (hpcertenroll Control) - https://digitalbadge.external.hp.com/hp/hpcertenroll.cab
O16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - https://digitalbadge.external.hp.com/hp/HPPKI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DriverManager - UUNET Technologies, Inc. - C:\Program Files\PAL\DriverManager.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: PictureTaker - LANovation - C:\Windows\system32\PCTKRNT.SYS
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Award-winning Antivirus and Antispyware Security) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11602 bytes

zarathustra

Legacy Member
bwah geen pop ups meer, of dubieuze errors, start nu alleen geweldig traag op. Allez inloggen eerder, na het ingeven van password tot ge effectief de desktop ziet dus.

In ieder geval al erg bedankt

Juisterr

Legacy Member
Er start ook nogal wat op ja, en die spelletjes allemaal ( mag dat op een bedrijfs pc ? )

zarathustra

Legacy Member
er staat enkel C&C generals op zenne :p omdat een collega dat wou testen.

maar in theorie mag het wel tho

Juisterr

Legacy Member
eentje maar ? valt nog mee.

Download en installeer CCleaner
Kies de basic versie om geen (ongewenste) toolbars mee te installeren.

Start Ccleaner.
Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
Selecteer nu alleen de volgende items:
Internet Explorer:
- Tijdelijke Internet bestanden
Systeem:
- Prullenbak leegmaken
- Tijdelijke bestanden
klik nu in Ccleaner op opschonen (rechts onderaan).

enige verbetering ?
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan