Aantal trojans weggehaald met spybot/malwarebytes

Serendipity · **Geplaatst:** ma feb 08, 2010 12:01 am

Hey,
Ik heb net een aantal trojans weggehaald via spybot en malwarebytes.
zoals virtumonde en smitfraud...
malwarebytes vind nu niets meer, dus ik vroeg me af of iemand kon kijken of er nog iets is achtergebleven

Hijackthis-Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03, on 2010-02-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wfw.wtb.tue.nl:80;http=proxy.wfw.wtb.tue.nl:80;https=proxy.wfw.wtb.tue.nl:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tue.nl;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-21-2484006159-4141960804-3868605629-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'admin')
O4 - HKUS\S-1-5-21-2484006159-4141960804-3868605629-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe (User 'admin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.tue.nl
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9184576468
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10887 bytes

Alvast bedankt,
Sander

Emphyrio · **Geplaatst:** ma feb 08, 2010 6:12 pm

Hoi Serendipity,

Ik merk dat je Teatimer / SDHelper hebt aanstaan.
Tijdens het oplossen van spyware problemen, zet je die service best uit, omdat deze (ongewild) de uitvoering kan beletten.
Als alles gedaan is en je HJT log is clean, kan je deze service terug aan zetten.
Wanneer Teatimer je achteraf een waarschuwing geeft dat er veranderingen zijn gemaakt,
keur je deze goed in plaats van ze te blokkeren.

Open Spybot, Search & Destroy (SSD) en klik op Mode .
Selecteer: Advanced Mode.
Klik op ja (yes) bij het volgend venster.
Klik op Tools in de linkeronderkant.
Klik op Resident en zet de vinkjes uit bij : Teatimer en SDHelper (als ze geinstalleerd zijn).
Klik op Allow change (verandering toestaan)
Sluit SSD en herstart je PC.
_____________________________________________________________________________________________________

Ga naar het Configuratiescherm - Software - Programma's wijzigen en verwijderen, en deïnstalleer indien aanwezig de volgende programma's:

- Alcohol 120% and 52%
- AstroBurn
- Daemon Tools and Daemon Tools Lite

Download deze tool: http://www.duplexsecure.com/download/SP ... 62-x86.exe
Dubbelklik er op om de tool te starten. In het scherm dat verschijnt klik je op de uninstall knop.
Herstart de computer.
_____________________________________________________________________________________________________

Download TFC en sla deze op je Bureaublad op.

Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

_____________________________________________________________________________________________________

Update MBAM en doe een snelle scan.
Post deze log.
_____________________________________________________________________________________________________

Download RSIT (door random/random)
Sla het op je Bureaublad op.

Dubbelklik op RSIT om het te starten.
Klik op Continue in het disclaimer venster.
Zodra de scan beëindigd is, zullen twee logs openen.
Kopie en plak de inhoud van log.txt (<<zal gemaximaliseerd zijn) en voeg info.txt (<<zal geminimaliseerd zijn) als bijlage in je volgende antwoord.

Beide logjes zijn tevens te vinden in de map C:\rsit

Emphyrio

Serendipity · **Geplaatst:** ma feb 08, 2010 6:23 pm

Ik hem daemon tools zelf geinstalleerd een aantal jaar terug. is het echt nodig deze te de-installeren?
Wanneer ik de volgende stap wil doen kan ik alleen op de knop install klikken, en dus niet op uninstall.
Moet ik gewoon verder met de volgende stap?

Emphyrio · **Geplaatst:** ma feb 08, 2010 6:36 pm

Hoi Serendipity,

Voer het advies uit, aub.

Emphyrio

Serendipity · **Geplaatst:** ma feb 08, 2010 10:24 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by s060625 at 2010-02-08 22:13:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (13%) free of 30 GB
Total RAM: 3070 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13, on 2010-02-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Documents and Settings\s060625\Desktop\RSIT.exe
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\s060625.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wfw.wtb.tue.nl:80;http=proxy.wfw.wtb.tue.nl:80;https=proxy.wfw.wtb.tue.nl:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tue.nl;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.tue.nl
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9184576468
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10662 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Onderhoud.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1895577662-1677200029-1617787245-232390Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1895577662-1677200029-1617787245-232390UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-12-15 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-10-22 67120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\udaterui.exe [2009-08-25 136512]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"QuickTime Task"=D:\Program Files\QuickTime Alternative\qttask.exe [2009-11-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-10-22 124240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe [2007-04-27 312840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sitecom WLAN Client Utility.lnk]
C:\PROGRA~1\Sitecom\SITECO~1\WLANUTL.exe autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WorkPace 3.1.lnk]
C:\PROGRA~1\WORKPA~1.1\workpace.cmd [2006-07-04 336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^s060625^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-04-05 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=0
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Transport Tycoon\OpenTTD\openttd.exe"="D:\Transport Tycoon\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"D:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.3.game"="D:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.3.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"D:\Program Files\Teamspeak2_RC2server\server_windows.exe"="D:\Program Files\Teamspeak2_RC2server\server_windows.exe:*:Enabled:Server"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4"
"D:\Adobe\Adobe Photoshop CS4\Photoshop.exe"="D:\Adobe\Adobe Photoshop CS4\Photoshop.exe:*:Disabled:Adobe Photoshop CS4"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"D:\Program Files\Diablo II\Diablo II.exe"="D:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction"
"D:\Program Files\Diablo II\Game.exe"="D:\Program Files\Diablo II\Game.exe:*:Enabled:Game.exe"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"D:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="D:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"D:\Program Files\Autodesk\Backburner\manager.exe"="D:\Program Files\Autodesk\Backburner\manager.exe:*:Disabled:backburner 2.3 manager"
"D:\Program Files\Autodesk\Backburner\monitor.exe"="D:\Program Files\Autodesk\Backburner\monitor.exe:*:Disabled:backburner 2.3 monitor"
"D:\Program Files\Autodesk\Backburner\server.exe"="D:\Program Files\Autodesk\Backburner\server.exe:*:Disabled:backburner 2.3 server"
"D:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="D:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Disabled:GPGNet - Supreme Commander - Forged Alliance"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"D:\StubInstaller.exe"="D:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe"="C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe:*:Enabled:LabVIEW 8.0 Development System"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\CPN Tools\cpnsim\cpnmld.exe"="C:\Program Files\CPN Tools\cpnsim\cpnmld.exe:*:Enabled:cpnmld"
"C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dcc2bd3-879f-11db-97dc-0016ce8cb856}]
shell\AutoRun\command - F:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2010-02-08 22:13:41 ----D---- C:\rsit
2010-02-08 16:13:29 ----A---- C:\WINDOWS\system32\mfevtps.exe
2010-02-08 16:12:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-02-08 16:05:22 ----D---- C:\Program Files\McAfee
2010-02-08 16:05:22 ----D---- C:\Program Files\Common Files\McAfee
2010-02-08 01:16:35 ----D---- C:\Program Files\Windows Live Safety Center
2010-02-07 23:20:20 ----A---- C:\RootRepeal report 02-07-10 (23-20-20).txt
2010-02-07 20:59:04 ----D---- C:\Program Files\XP Codec Pack
2010-02-06 23:48:28 ----D---- C:\Documents and Settings\s060625\Application Data\Media Center Programs
2010-02-06 23:26:44 ----D---- C:\Documents and Settings\s060625\Application Data\InstallShield Installation Information
2010-02-05 00:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2010-02-05 00:50:22 ----D---- C:\Documents and Settings\s060625\Application Data\Winamp
2010-02-05 00:14:59 ----D---- C:\WINDOWS\ie8updates
2010-02-05 00:10:38 ----HDC---- C:\WINDOWS\ie8
2010-02-04 22:23:19 ----A---- C:\1.txt
2010-02-03 14:17:38 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2010-02-01 13:24:39 ----A---- C:\ATMA_config.ini
2010-01-17 17:28:05 ----D---- C:\Documents and Settings\All Users\Application Data\BioWare
2010-01-17 17:23:42 ----D---- C:\WINDOWS\system32\AGEIA
2010-01-17 17:23:41 ----D---- C:\Program Files\AGEIA Technologies
2010-01-13 10:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 10:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-08 22:13:54 ----D---- C:\WINDOWS\Prefetch
2010-02-08 18:51:43 ----D---- C:\WINDOWS\TEMP
2010-02-08 18:46:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-08 18:45:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-08 18:43:04 ----D---- C:\WINDOWS
2010-02-08 18:40:11 ----HD---- C:\WINDOWS\inf
2010-02-08 18:40:11 ----HD---- C:\Config.Msi
2010-02-08 18:40:10 ----D---- C:\WINDOWS\system32\drivers
2010-02-08 18:40:05 ----SHD---- C:\WINDOWS\Installer
2010-02-08 18:40:05 ----D---- C:\Program Files
2010-02-08 18:28:26 ----D---- C:\WINDOWS\system32
2010-02-08 18:15:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-08 18:09:22 ----D---- C:\quarantine
2010-02-08 16:14:53 ----D---- C:\Program Files\Network Associates
2010-02-08 16:11:51 ----D---- C:\Program Files\Common Files\Network Associates
2010-02-08 16:05:22 ----D---- C:\Program Files\Common Files
2010-02-08 15:27:50 ----D---- C:\Program Files\mIRC
2010-02-08 02:06:20 ----D---- C:\WINDOWS\security
2010-02-08 02:06:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-08 01:16:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-08 00:18:25 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-08 00:09:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-07 23:42:44 ----A---- C:\WINDOWS\WinInit.ini
2010-02-07 21:23:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-07 20:44:46 ----D---- C:\Program Files\DivX
2010-02-07 19:41:57 ----RSD---- C:\WINDOWS\assembly
2010-02-07 19:41:03 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-07 00:26:23 ----D---- C:\Program Files\Online Services
2010-02-07 00:26:20 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-07 00:14:18 ----D---- C:\Documents and Settings\All Users\Application Data\Dillie-O Digital
2010-02-06 23:49:05 ----D---- C:\temp
2010-02-06 23:28:05 ----D---- C:\WINDOWS\system32\DirectX
2010-02-05 22:19:43 ----SD---- C:\WINDOWS\Tasks
2010-02-05 18:14:47 ----A---- C:\WINDOWS\hpbafd.ini
2010-02-05 13:29:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-05 01:20:11 ----D---- C:\Program Files\Common Files\Adobe
2010-02-05 01:20:01 ----D---- C:\WINDOWS\WinSxS
2010-02-05 01:19:55 ----D---- C:\Program Files\Adobe
2010-02-05 01:14:06 ----D---- C:\Program Files\DevalVR
2010-02-05 01:11:44 ----D---- C:\Program Files\Java
2010-02-05 00:52:35 ----D---- C:\Program Files\WinZip
2010-02-05 00:46:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-05 00:45:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-05 00:38:12 ----D---- C:\WINDOWS\Debug
2010-02-05 00:27:04 ----D---- C:\WINDOWS\system32\en-US
2010-02-05 00:27:03 ----D---- C:\WINDOWS\Media
2010-02-05 00:27:03 ----D---- C:\WINDOWS\Help
2010-02-05 00:27:03 ----D---- C:\Program Files\Internet Explorer
2010-02-03 14:03:08 ----D---- C:\Documents and Settings\s060625\Application Data\Vso
2010-01-22 12:31:13 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 17:30:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-17 00:26:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-13 10:13:21 ----D---- C:\WINDOWS\AppPatch
2010-01-11 14:33:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-07-07 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-07-07 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-10-22 63728]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 4736]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-01-17 14848]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-01-17 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-03-23 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-05-15 7168]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-30 21275]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-14 279712]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 7140]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-01 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-01 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-01 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-01 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-01 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-01 87004]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-01 92700]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-07-07 40544]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 gpib420;GPIB Analyzer; C:\WINDOWS\System32\drivers\gpib420.sys [2005-07-18 31334]
R2 GpibPrtK;Gpib Port; C:\WINDOWS\System32\drivers\gpibprtk.sys [2005-07-18 199783]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-14 25888]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 lvalarmk;lvalarmk; C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 nidimk;nidimk; C:\WINDOWS\system32\drivers\nidimk.dll [2005-09-28 141824]
R2 nidmxfk;nidmxfk; C:\WINDOWS\system32\drivers\nidmxfk.dll [2005-10-13 166912]
R2 niemrk;niemrk; C:\WINDOWS\system32\drivers\niemrk.dll [2005-10-06 346624]
R2 nifslk;nifslk; C:\WINDOWS\system32\drivers\nifslk.dll [2005-10-06 35328]
R2 nimxpk;nimxpk; C:\WINDOWS\system32\drivers\nimxpk.dll [2005-10-06 19456]
R2 nipxirmk;nipxirmk; C:\WINDOWS\system32\drivers\nipxirmk.dll [2005-09-21 55296]
R2 niswdk;niswdk; C:\WINDOWS\system32\drivers\niswdk.dll [2005-10-08 476160]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 usb6xxxk;usb6xxxk; C:\WINDOWS\system32\drivers\usb6xxxk.dll [2005-10-06 19968]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-31 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-18 471616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-04-05 1989120]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-20 181760]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys [2005-12-06 936448]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-06 192512]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 21424]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-10-22 75704]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-10-22 91672]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-10-22 43288]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nicdrk;nicdrk; C:\WINDOWS\system32\drivers\nicdrk.dll [2005-10-06 170496]
R3 nimdbgk;nimdbgk; C:\WINDOWS\system32\drivers\nimdbgk.dll [2005-09-28 170496]
R3 nimru2k;nimru2k; C:\WINDOWS\system32\drivers\nimru2k.dll [2005-09-28 231936]
R3 nimsdrk;nimsdrk; C:\WINDOWS\system32\drivers\nimsdrk.dll [2005-10-06 131072]
R3 nimstsk;nimstsk; C:\WINDOWS\system32\drivers\nimstsk.dll [2005-10-06 51200]
R3 nimxdfk;nimxdfk; C:\WINDOWS\system32\drivers\nimxdfk.dll [2005-09-28 212480]
R3 niorbk;niorbk; C:\WINDOWS\system32\drivers\niorbk.dll [2005-10-06 38912]
R3 niscdk;niscdk; C:\WINDOWS\system32\drivers\niscdk.dll [2005-10-06 497664]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys [2005-12-06 670208]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\s060625\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2009-10-22 65448]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 nidsark;nidsark; C:\WINDOWS\system32\drivers\nidsark.dll [2005-10-06 714752]
S3 niesrk;niesrk; C:\WINDOWS\system32\drivers\niesrk.dll [2005-10-06 489984]
S3 nimslk;nimslk; C:\WINDOWS\system32\drivers\nimslk.dll [2005-10-06 14464]
S3 nimsrlk;nimsrlk; C:\WINDOWS\system32\drivers\nimsrlk.dll [2005-10-06 151683]
S3 nisdigk;nisdigk; C:\WINDOWS\system32\drivers\nisdigk.dll [2005-10-06 233472]
S3 nisftk;nisftk; C:\WINDOWS\system32\drivers\nisftk.dll [2005-10-06 163328]
S3 nispdk;nispdk; C:\WINDOWS\system32\drivers\nispdk.dll [2005-10-06 42496]
S3 nissrk;nissrk; C:\WINDOWS\system32\drivers\nissrk.dll [2005-10-06 1058304]
S3 nistc2k;nistc2k; C:\WINDOWS\system32\drivers\nistc2k.dll [2005-10-06 163328]
S3 nistcrk;nistcrk; C:\WINDOWS\system32\drivers\nistcrk.dll [2005-10-10 110080]
S3 nitiork;nitiork; C:\WINDOWS\system32\drivers\nitiork.dll [2005-10-06 692736]
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWK.sys [2005-10-12 8704]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciK.sys [2005-10-12 37376]
S3 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiK.sys [2005-10-12 10752]
S3 niwfrk;niwfrk; C:\WINDOWS\system32\drivers\niwfrk.dll [2005-10-06 422400]
S3 nixsrk;nixsrk; C:\WINDOWS\system32\drivers\nixsrk.dll [2005-10-06 926720]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2008-06-01 4096]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 UNDPX2A;UNDPX2A; \??\C:\WINDOWS\system32\drivers\UNDPX2A.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-04-05 454656]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-06-01 36400]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2005-08-25 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2005-11-11 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2005-11-11 53248]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-10-22 21256]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2009-08-25 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2009-10-22 146448]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-10-22 66896]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2009-10-22 70728]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2005-10-03 5728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nidevldu;nidevldu; C:\WINDOWS\system32\nipalsm.exe [2005-09-22 5728]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2005-11-11 204800]
R2 nipxirmu;nipxirmu; C:\WINDOWS\system32\nipalsm.exe [2005-09-22 5728]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2005-10-10 49152]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2005-11-11 659456]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2005-06-20 77824]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe []
S3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-11-08 36864]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-27 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;De service Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2005-11-02 913408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

dit was de log.txt.
ik kon hiervoor alleen install kiezen met de "sptd"-tool, en geen uninstall (wat dus waarschijnlijk inhoudt dat het zich niet op mijn pc bevondt? (heb dus uiteraard ook geen install gedaan)
malwarebytes vond niks in de quick scan.
ik kan de info.txt niet toevoegen als bijlage, krijg: De extensie txt is niet toegestaan.

Serendipity · **Geplaatst:** ma feb 08, 2010 11:20 pm

hier tevens de info.txt...

info.txt logfile of random's system information tool 1.06 2010-02-08 23:21:02

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x13 UNINSTALL
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.2.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AFPL Ghostscript 8.53-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Arena 12.0 (CPR 9)-->MsiExec.exe /I{BD78DE74-95DB-429D-A66F-6306BCEDA640}
ATI - Software-verwijderprogramma-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATMA V 5.05-->D:\PROGRA~1\DIABLO~2\Crack\New\ATMAV~1\Setup.exe /remove
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Canon IJ Network Scan Utility-->"C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files\Canon\Canon IJ Network Scan Utility\uninst.ini
Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 3.0-->"C:\Program Files\Canon\MP Navigator EX 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 3.0\uninst.ini
Canon MP640 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series
Canon MP640 series User Registration-->C:\Program Files\Canon\IJEREG\MP640 series\UNINST.EXE
Canon Utilities Easy-PhotoPrint EX-->D:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
CCleaner-->"D:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint-->"D:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConvertXtoDVD 3.3.4.107-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.5-->C:\WINDOWS\system32\uninscpw.exe C:\Program Files\
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DVDFab 6.2.1.8 (31/12/2009)-->"D:\Program Files\DVDFab 6\unins000.exe"
DVlaD-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\DVlaD\ST6UNST.LOG"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Full Tilt Poker-->D:\Program Files\Full Tilt Poker\uninstall.exe
GPL Ghostscript 8.61-->D:\Program Files\gs\uninstgs.exe "D:\Program Files\gs\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->D:\Program Files\gs\uninstgs.exe "D:\Program Files\gs\fonts\uninstal.txt"
GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
GrabIt 1.7.2 Beta 3 (build 996)-->"C:\Program Files\GrabIt\unins000.exe"
GTK2-Runtime-->D:\Program Files\GTK2-Runtime\gtk2_runtime_uninst.exe
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\setup.exe" -l0x13 -AddRemove
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "D:\Program Files\Diablo Backup\Crack\New\ST6UNST.LOG"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Huur- en zorgtoeslag 2009-->C:\Program Files\Belastingdienst\Huur- en zorgtoeslag\2009\hz2009u.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Development Kit 6 Update 2-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lenovo Battery Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MATLAB 7.0.4-->C:\Program Files\MATLAB704\uninstall\uninstall.exe C:\Program Files\MATLAB704\
McAfee Agent-->MsiExec.exe /X{AA951B10-7089-4D60-B288-516E641F48E6}
McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework SDK (English) 1.1-->MsiExec.exe /X{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools-->MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0413-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
mkv2vob-->MsiExec.exe /X{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
National Instruments Software-->"C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NetBeans IDE 5.5.1-->C:\Program Files\netbeans-5.5.1\_uninst\uninstaller.exe
NI EULA Depot-->MsiExec.exe /I{60FC2242-9CF5-4264-B02A-A4A86447F560}
NI MDF Support-->MsiExec.exe /I{28C59BDD-55F3-4454-BF17-37AC537F894B}
Norman Ad-Aware SE Professional-->C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenTTD 0.6.3-->D:\Transport Tycoon\OpenTTD\uninstall.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PlugY, The Survival Kit-->"D:\Program Files\Diablo II\Mod PlugY\PlugY Uninstaller.exe"
Productivity Center Supplement voor ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x13 -AddRemove
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime Alternative 1.71-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Real Alternative 1.51-->"C:\Program Files\Real Alternative\unins000.exe"
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Scroll Lock Indicator Utility-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\TpScrLk.inf
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Software Installer-->swiif.exe /U
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sony Ericsson PC Suite 1.20.237-->MsiExec.exe /I{D21635EA-7A89-4881-86A9-0C1DCBCD1317}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SPSS 15.0 for Windows-->MsiExec.exe /X{15B25E12-3E5F-4C13-A637-9EC72A55491E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STATGRAPHICS Centurion XV.I-->MsiExec.exe /I{2473E61E-98A8-4557-828F-BE2888DED32C}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TeamSpeak 2 RC2-->"D:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 2 Server RC2-->"D:\Program Files\Teamspeak2_RC2server\unins000.exe"
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad EasyEject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x13 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE -U -ITkp0588p.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\setup.exe" -l0x13 -AddRemove
ThinkPad Presentation Director-->C:\WINDOWS\IsUn0413.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav-wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x13 UNINSTALL
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\SETUP.EXE" -l0x13 UNINSTALLFROMSYS
ThinkVantage Active Protection System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\setup.exe" -l0x13 anything
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x13 -AddRemove
TrackPoint Toegankelijkheidsfuncties-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Turbo Pascal 7.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\TP\DeIsL1.isu" -c"C:\Program Files\TP\_ISREG32.DLL"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB MP3 Player WIN98 Drivers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MP3\U-MP3\Uninst.isu"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}
Windows Live Family Safety-->MsiExec.exe /X{66867BB8-FBC5-450B-8533-C6BE2C9C4068}
Windows Live Messenger-->MsiExec.exe /X{10F5387D-1728-423A-A578-B00982CF2646}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}
Wolfram Notebook Indexer 1.1-->MsiExec.exe /I{E24A7D40-D12E-4A11-8DEC-7BB21BE4614D}
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

=====HijackThis Backups=====

O2 - BHO: AmskerBar - {B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD} - C:\WINDOWS\system32\hozr.dll [2008-12-20]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-12-20]
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe [2008-12-20]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2008-12-26]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-12-26]
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) [2010-02-07]
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) [2010-02-07]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-02-07]

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: McAfee VirusScan Enterprise

======System event log======

Computer Name: S060625
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D851F103-8C90-4321-AFF0-58BA5BD421C2}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Record Number: 11
Source Name: DCOM
Time Written: 20091204204228.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: S060625
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D851F103-8C90-4321-AFF0-58BA5BD421C2}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Record Number: 10
Source Name: DCOM
Time Written: 20091204204228.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: S060625
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D851F103-8C90-4321-AFF0-58BA5BD421C2}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Record Number: 9
Source Name: DCOM
Time Written: 20091204204228.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: S060625
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{D851F103-8C90-4321-AFF0-58BA5BD421C2}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Record Number: 8
Source Name: DCOM
Time Written: 20091204204228.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: S060625
Event Code: 5719
Message: No Domain Controller is available for domain TUE due to the following:
There are currently no logon servers available to service the logon request.
.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Record Number: 3
Source Name: NETLOGON
Time Written: 20091204204210.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: S060625
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 14154
Source Name: AutoEnrollment
Time Written: 20080624174926.000000+120
Event Type: error
User:

Computer Name: S060625
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 14153
Source Name: Userenv
Time Written: 20080624174846.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: S060625
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 14148
Source Name: Userenv
Time Written: 20080624174811.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: S060625
Event Code: 1517
Message: Windows saved user TUE\s060625 registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14146
Source Name: Userenv
Time Written: 20080624174644.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: S060625
Event Code: 1000
Message: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module gdiplus.dll, version 5.1.3102.2180, fault address 0x0003bffa.

Record Number: 14145
Source Name: Application Error
Time Written: 20080624174618.000000+120
Event Type: error
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEFAULT_CA_NR"=CA6
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"FP_NO_HOST_CHECK"=NO
"MKL_SERIAL"=YES
"NIDAQmxSwitchDir"=C:\Program Files\National Instruments\NI-DAQ\Switch\
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=D:\Program Files\Rockwell Software\RSCommon;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ThinkPad\Utilities;C:\Program Files\MATLAB704\bin\win32;C:\VXIPNP\WinNT\Bin;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Statgraphics\STATGRAPHICS Centurion XV.I;C:\Program Files\Common Files\Adobe\AGL;D:\Program Files\Autodesk\Backburner;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Common Files\Ulead Systems\MPEG;D:\Program Files\GTK2-Runtime\lib;D:\Program Files\QuickTime Alternative\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e08
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"VXIPNPPATH"=C:\VXIPNP\
"windir"=%SystemRoot%

-----------------EOF-----------------

Emphyrio · **Geplaatst:** di feb 09, 2010 12:42 am

Hoi Serendipity,

Download Combofix via deze handleiding en plaats het op je bureaublad (Desktop).

Lees de handleiding even door aub en voer uit wat er staat.

Extra nota... Zorg ervoor dat je Security software uitschakeld is (Antivirus, Firewall, AntiSpyware) tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt onterecht zien als geïnfecteerd, en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw.
Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

Deze kan je vinden op C:\combofix.txt.

Post het Combofixlogje samen met een nieuw HijackThislogje in je volgende antwoord.

Emphyrio

Serendipity · **Geplaatst:** di feb 09, 2010 10:13 am

hierbij het logje van combofix:

ComboFix 10-02-08.06 - s060625 2010-02-09 9:51.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2473 [GMT 1:00]
Running from: c:\documents and settings\s060625\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\IluPak.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\s060625\Application Data\inst.exe
c:\recycler\S-1-5-21-1957994488-725345543-839522115-500
c:\recycler\S-1-5-21-2470071173-3291389867-1549491625-500
c:\recycler\S-1-5-21-2614440383-3442498606-2814822380-500
c:\recycler\S-1-5-21-500276409-1830147257-367532862-500
c:\windows\system32\STEC3.sys
c:\windows\system32\twain_32.dll

----- BITS: Possible infected sites -----

hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_STEC3
-------\Service_Iprip
-------\Service_STEC3

((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-08 21:13 . 2010-02-08 22:21 -------- d-----w- C:\rsit
2010-02-08 15:13 . 2009-10-22 19:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-02-08 15:13 . 2009-10-22 19:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-08 15:13 . 2009-10-22 19:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-02-08 15:13 . 2009-10-22 19:07 91672 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-08 15:13 . 2009-10-22 19:07 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2010-02-08 15:13 . 2009-10-22 19:07 70728 ----a-w- c:\windows\system32\mfevtps.exe
2010-02-08 15:13 . 2009-10-22 19:07 343664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-02-08 15:12 . 2010-02-08 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-08 15:05 . 2010-02-08 15:05 -------- d-----w- c:\program files\McAfee
2010-02-08 15:05 . 2010-02-08 15:05 -------- d-----w- c:\program files\Common Files\McAfee
2010-02-08 00:16 . 2010-02-08 00:19 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-07 19:59 . 2010-02-07 19:59 -------- d-----w- c:\program files\XP Codec Pack
2010-02-06 22:56 . 2010-02-06 22:56 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Gas Powered Games
2010-02-06 22:48 . 2010-02-06 22:48 -------- d-----w- c:\documents and settings\s060625\Application Data\Media Center Programs
2010-02-06 22:26 . 2010-02-06 22:26 -------- d-----w- c:\documents and settings\s060625\Application Data\InstallShield Installation Information
2010-02-05 21:19 . 2010-02-05 21:20 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Temp
2010-02-05 21:19 . 2010-02-05 21:20 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Google
2010-02-05 21:19 . 2010-02-05 21:19 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Deployment
2010-02-05 17:14 . 2010-02-05 17:21 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2010-02-04 23:51 . 2010-02-04 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-04 23:50 . 2010-02-04 23:57 -------- d-----w- c:\documents and settings\s060625\Application Data\Winamp
2010-02-04 23:30 . 2010-02-04 23:30 -------- d-sh--w- c:\documents and settings\s060625\PrivacIE
2010-02-04 23:29 . 2010-02-04 23:29 -------- d-sh--w- c:\documents and settings\s060625\IETldCache
2010-02-04 23:14 . 2010-02-04 23:46 -------- d-----w- c:\windows\ie8updates
2010-02-04 23:10 . 2010-02-04 23:12 -------- dc-h--w- c:\windows\ie8
2010-02-04 23:07 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-04 23:07 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-04 23:07 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-03 13:17 . 2010-02-03 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-01-17 16:28 . 2010-02-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2010-01-17 16:23 . 2010-01-17 16:23 -------- d-----w- c:\windows\system32\AGEIA
2010-01-17 16:23 . 2010-01-17 16:24 -------- d-----w- c:\program files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 08:58 . 2006-12-18 21:26 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-08 22:01 . 2008-06-06 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-08 15:14 . 2006-06-30 12:35 -------- d-----w- c:\program files\Network Associates
2010-02-08 15:11 . 2006-06-30 12:35 -------- d-----w- c:\program files\Common Files\Network Associates
2010-02-08 14:27 . 2006-09-03 10:29 -------- d-----w- c:\program files\mIRC
2010-02-07 23:09 . 2008-06-06 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 23:09 . 2008-06-06 17:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-07 19:44 . 2006-10-11 21:20 -------- d-----w- c:\program files\DivX
2010-02-06 23:14 . 2009-01-23 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Dillie-O Digital
2010-02-05 00:20 . 2006-07-03 11:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 00:14 . 2009-11-29 16:17 -------- d-----w- c:\program files\DevalVR
2010-02-05 00:11 . 2006-07-03 11:38 -------- d-----w- c:\program files\Java
2010-02-03 13:03 . 2009-02-08 17:55 -------- d-----w- c:\documents and settings\s060625\Application Data\Vso
2010-01-22 11:31 . 2008-09-03 18:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 16:30 . 2007-12-08 09:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-16 23:26 . 2006-06-30 11:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 15:07 . 2008-12-20 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-06-06 17:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 17:31 . 2007-01-21 14:26 249856 ------w- c:\windows\Setup1.exe
2009-12-29 17:31 . 2007-01-21 14:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 20:07 . 2009-12-19 20:07 152576 ----a-w- c:\documents and settings\s060625\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-19 20:07 . 2009-11-24 14:56 79488 ----a-w- c:\documents and settings\s060625\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-18 23:09 . 2007-01-13 15:03 36397 ----a-w- c:\windows\DIIUnin.dat
2009-12-14 21:44 . 2009-12-14 21:44 -------- d-----w- c:\documents and settings\s060625\Application Data\Apple Computer
2009-12-12 17:02 . 2006-07-21 07:17 -------- d-----w- c:\program files\QuickTime Alternative
2009-12-12 17:02 . 2006-07-21 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-12 17:02 . 2009-12-12 17:02 -------- d-----w- c:\program files\Common Files\Apple
2009-12-12 17:02 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-06 18:29 . 2006-07-03 10:26 92456 ----a-w- c:\documents and settings\templateuser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2004-03-15 15:51 . 2004-03-15 15:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2005-10-12 14:04 . 2005-10-12 14:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-26 312840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2009-08-25 136512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"QuickTime Task"="d:\program files\QuickTime Alternative\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-22 124240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sitecom WLAN Client Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sitecom WLAN Client Utility.lnk
backup=c:\windows\pss\Sitecom WLAN Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WorkPace 3.1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WorkPace 3.1.lnk
backup=c:\windows\pss\WorkPace 3.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^s060625^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\s060625\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-05 21:19 135664 ----atw- c:\documents and settings\s060625\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EA Core"=c:\program files\Electronic Arts\EADM\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"IJNetworkScanUtility"=c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_02\\jre\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Transport Tycoon\\OpenTTD\\openttd.exe"=
"d:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\Teamspeak2_RC2server\\server_windows.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"d:\\Program Files\\Diablo II\\Diablo II.exe"=
"d:\\Program Files\\Diablo II\\Game.exe"=
"d:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"d:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"d:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"d:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"d:\\StubInstaller.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-05 54752]
R2 gpib420;GPIB Analyzer;c:\windows\system32\drivers\gpib420.sys [2005-07-18 31334]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [2005-07-18 199783]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-16 47640]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-10-22 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-02-08 70728]
R2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2005-09-28 141824]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [2005-10-13 166912]
R2 niemrk;niemrk;c:\windows\system32\drivers\niemrk.dll [2005-10-06 346624]
R2 nifslk;nifslk;c:\windows\system32\drivers\nifslk.dll [2005-10-06 35328]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [2005-10-06 19456]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2005-09-21 55296]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [2005-10-08 476160]
R2 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.dll [2005-10-06 19968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [2005-10-06 170496]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [2005-09-28 231936]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [2005-10-06 131072]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [2005-10-06 51200]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [2005-10-06 497664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\LogMeIn\x86\RaInfo.sys --> d:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\s060625\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\s060625\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-02-08 65448]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [2005-10-06 714752]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [2005-10-06 489984]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2005-10-06 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2005-10-06 151683]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [2005-10-06 233472]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftk.dll [2005-10-06 163328]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [2005-10-06 42496]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [2005-10-06 1058304]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [2005-10-06 163328]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [2005-10-10 110080]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [2005-10-06 692736]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWK.sys [2005-10-12 8704]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciK.sys [2005-10-12 37376]
S3 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiK.sys [2005-10-12 10752]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [2005-10-06 422400]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [2005-10-06 926720]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 23:05]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895577662-1677200029-1617787245-232390Core.job
- c:\documents and settings\s060625\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 21:19]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895577662-1677200029-1617787245-232390UA.job
- c:\documents and settings\s060625\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyServer = ftp=proxy.wfw.wtb.tue.nl:80;http=proxy.wfw.wtb.tue.nl:80;https=proxy.wfw.wtb.tue.nl:443
uInternet Settings,ProxyOverride = *.tue.nl;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: tue.nl
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 10:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1895577662-1677200029-1617787245-232390\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,f7,53,76,81,e2,88,53,6c,ef,ef,81,9f,45,db,bb,2a,31,5e,e9,f2,a9,33,
1e,5e,9c,85,7a,b2,9a,3f,a9,6d,d6,04,a0,a9,bf,bc,97,c6,7e,9f,63,b5,cb,61,14,\
"??"=hex:a8,03,7c,e4,e0,42,51,f1,59,3b,74,9d,57,79,54,69

[HKEY_USERS\S-1-5-21-1895577662-1677200029-1617787245-232390\Software\SecuROM\License information*]
"datasecu"=hex:50,58,e4,b6,fa,76,c8,33,33,72,a1,d2,99,00,6c,7d,85,34,72,ca,c1,
ff,31,c0,bf,ff,92,ff,b3,68,53,a1,21,b3,e1,a3,8f,41,2f,24,eb,61,2c,a8,2a,b9,\
"rkeysecu"=hex:60,23,56,77,53,b4,a4,c7,f3,63,2c,b8,ca,21,64,f5

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\tphklock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(1436)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\windows\system32\nipalsm.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\nipalsm.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-02-09 10:08:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 09:08
ComboFix2.txt 2008-12-26 15:34

Pre-Run: 4,038,344,704 bytes free
Post-Run: 3,907,346,432 bytes free

- - End Of File - - 50A2C56E39DF5A36B16A24C6D7E41BAE

Serendipity · **Geplaatst:** di feb 09, 2010 10:16 am

ow, en hier het hijackthislogje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18, on 2010-02-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\s060625\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wfw.wtb.tue.nl:80;http=proxy.wfw.wtb.tue.nl:80;https=proxy.wfw.wtb.tue.nl:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tue.nl;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.tue.nl
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9184576468
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10735 bytes

Emphyrio · **Geplaatst:** di feb 09, 2010 4:03 pm

Hoi Serendipity,

Open een kladblokbestand.
Kopieer het onderstaande en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
c:\windows\system32\LMIRfsClientNP.dll
Driver::
LMIRfsClientNP

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

Afbeelding

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Maak een nieuwe hijackthislog en post deze ook.

Emphyrio

Serendipity · **Geplaatst:** di feb 09, 2010 6:00 pm

ComboFix 10-02-08.09 - s060625 2010-02-09 17:43:24.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2512 [GMT 1:00]
Running from: c:\documents and settings\s060625\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\s060625\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\windows\system32\LMIRfsClientNP.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\LMIRfsClientNP.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LMIRFSCLIENTNP
-------\Service_LMIRfsClientNP

((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-08 21:13 . 2010-02-08 22:21 -------- d-----w- C:\rsit
2010-02-08 15:13 . 2009-10-22 19:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-02-08 15:13 . 2009-10-22 19:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-08 15:13 . 2009-10-22 19:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-02-08 15:13 . 2009-10-22 19:07 91672 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-08 15:13 . 2009-10-22 19:07 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2010-02-08 15:13 . 2009-10-22 19:07 70728 ----a-w- c:\windows\system32\mfevtps.exe
2010-02-08 15:13 . 2009-10-22 19:07 343664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-02-08 15:12 . 2010-02-08 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-08 15:05 . 2010-02-08 15:05 -------- d-----w- c:\program files\McAfee
2010-02-08 15:05 . 2010-02-08 15:05 -------- d-----w- c:\program files\Common Files\McAfee
2010-02-08 00:16 . 2010-02-08 00:19 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-07 19:59 . 2010-02-07 19:59 -------- d-----w- c:\program files\XP Codec Pack
2010-02-06 22:56 . 2010-02-06 22:56 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Gas Powered Games
2010-02-06 22:48 . 2010-02-06 22:48 -------- d-----w- c:\documents and settings\s060625\Application Data\Media Center Programs
2010-02-06 22:26 . 2007-10-15 20:11 552214 ----a-w- c:\documents and settings\s060625\Application Data\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\ISSetup.dll
2010-02-06 22:26 . 2007-09-21 21:33 456416 ----a-r- c:\documents and settings\s060625\Application Data\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe
2010-02-06 22:26 . 2006-08-07 18:09 164784 ----a-r- c:\documents and settings\s060625\Application Data\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\_Setup.dll
2010-02-06 22:26 . 2010-02-06 22:26 -------- d-----w- c:\documents and settings\s060625\Application Data\InstallShield Installation Information
2010-02-05 21:19 . 2010-02-05 21:20 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Temp
2010-02-05 21:19 . 2010-02-05 21:20 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Google
2010-02-05 21:19 . 2010-02-05 21:19 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Deployment
2010-02-05 17:14 . 2010-02-05 17:21 -------- d-----w- c:\documents and settings\s060625\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2010-02-04 23:51 . 2010-02-04 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-04 23:50 . 2010-02-04 23:57 -------- d-----w- c:\documents and settings\s060625\Application Data\Winamp
2010-02-04 23:30 . 2010-02-04 23:30 -------- d-sh--w- c:\documents and settings\s060625\PrivacIE
2010-02-04 23:29 . 2010-02-04 23:29 -------- d-sh--w- c:\documents and settings\s060625\IETldCache
2010-02-04 23:14 . 2010-02-04 23:46 -------- d-----w- c:\windows\ie8updates
2010-02-04 23:10 . 2010-02-04 23:12 -------- dc-h--w- c:\windows\ie8
2010-02-04 23:07 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-04 23:07 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-04 23:07 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-03 13:17 . 2010-02-03 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-01-17 16:28 . 2010-02-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2010-01-17 16:23 . 2010-01-17 16:23 -------- d-----w- c:\windows\system32\AGEIA
2010-01-17 16:23 . 2010-01-17 16:24 -------- d-----w- c:\program files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 16:50 . 2006-12-18 21:26 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-08 22:01 . 2008-06-06 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-08 15:14 . 2006-06-30 12:35 -------- d-----w- c:\program files\Network Associates
2010-02-08 15:11 . 2006-06-30 12:35 -------- d-----w- c:\program files\Common Files\Network Associates
2010-02-08 14:27 . 2006-09-03 10:29 -------- d-----w- c:\program files\mIRC
2010-02-07 23:09 . 2008-06-06 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 23:09 . 2008-06-06 17:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-07 19:44 . 2006-10-11 21:20 -------- d-----w- c:\program files\DivX
2010-02-06 23:14 . 2009-01-23 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Dillie-O Digital
2010-02-05 00:20 . 2006-07-03 11:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 00:14 . 2009-11-29 16:17 -------- d-----w- c:\program files\DevalVR
2010-02-05 00:11 . 2006-07-03 11:38 -------- d-----w- c:\program files\Java
2010-02-03 13:03 . 2009-02-08 17:55 -------- d-----w- c:\documents and settings\s060625\Application Data\Vso
2010-01-22 11:31 . 2008-09-03 18:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 16:30 . 2007-12-08 09:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-16 23:26 . 2006-06-30 11:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 15:07 . 2008-12-20 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-06-06 17:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 17:31 . 2007-01-21 14:26 249856 ------w- c:\windows\Setup1.exe
2009-12-29 17:31 . 2007-01-21 14:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 20:07 . 2009-12-19 20:07 152576 ----a-w- c:\documents and settings\s060625\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-19 20:07 . 2009-11-24 14:56 79488 ----a-w- c:\documents and settings\s060625\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-18 23:09 . 2007-01-13 15:03 36397 ----a-w- c:\windows\DIIUnin.dat
2009-12-14 21:44 . 2009-12-14 21:44 -------- d-----w- c:\documents and settings\s060625\Application Data\Apple Computer
2009-12-12 17:02 . 2006-07-21 07:17 -------- d-----w- c:\program files\QuickTime Alternative
2009-12-12 17:02 . 2006-07-21 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-12 17:02 . 2009-12-12 17:02 -------- d-----w- c:\program files\Common Files\Apple
2009-12-12 17:02 . 2009-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-06 18:29 . 2006-07-03 10:26 92456 ----a-w- c:\documents and settings\templateuser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2004-03-15 15:51 . 2004-03-15 15:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2005-10-12 14:04 . 2005-10-12 14:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-26 312840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2009-08-25 136512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"QuickTime Task"="d:\program files\QuickTime Alternative\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-22 124240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 17:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sitecom WLAN Client Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sitecom WLAN Client Utility.lnk
backup=c:\windows\pss\Sitecom WLAN Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WorkPace 3.1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WorkPace 3.1.lnk
backup=c:\windows\pss\WorkPace 3.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^s060625^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\s060625\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-05 21:19 135664 ----atw- c:\documents and settings\s060625\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EA Core"=c:\program files\Electronic Arts\EADM\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"IJNetworkScanUtility"=c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_02\\jre\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Transport Tycoon\\OpenTTD\\openttd.exe"=
"d:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\Teamspeak2_RC2server\\server_windows.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"d:\\Program Files\\Diablo II\\Diablo II.exe"=
"d:\\Program Files\\Diablo II\\Game.exe"=
"d:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"d:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"d:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"d:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"d:\\StubInstaller.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-05 54752]
R2 gpib420;GPIB Analyzer;c:\windows\system32\drivers\gpib420.sys [2005-07-18 31334]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [2005-07-18 199783]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-16 47640]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-10-22 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-02-08 70728]
R2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2005-09-28 141824]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [2005-10-13 166912]
R2 niemrk;niemrk;c:\windows\system32\drivers\niemrk.dll [2005-10-06 346624]
R2 nifslk;nifslk;c:\windows\system32\drivers\nifslk.dll [2005-10-06 35328]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [2005-10-06 19456]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2005-09-21 55296]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [2005-10-08 476160]
R2 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.dll [2005-10-06 19968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [2005-10-06 170496]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [2005-09-28 231936]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [2005-10-06 131072]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [2005-10-06 51200]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [2005-10-06 497664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\LogMeIn\x86\RaInfo.sys --> d:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\s060625\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\s060625\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-02-08 65448]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [2005-10-06 714752]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [2005-10-06 489984]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2005-10-06 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2005-10-06 151683]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [2005-10-06 233472]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftk.dll [2005-10-06 163328]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [2005-10-06 42496]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [2005-10-06 1058304]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [2005-10-06 163328]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [2005-10-10 110080]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [2005-10-06 692736]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWK.sys [2005-10-12 8704]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciK.sys [2005-10-12 37376]
S3 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiK.sys [2005-10-12 10752]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [2005-10-06 422400]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [2005-10-06 926720]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NIPALK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 23:05]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895577662-1677200029-1617787245-232390Core.job
- c:\documents and settings\s060625\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 21:19]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1895577662-1677200029-1617787245-232390UA.job
- c:\documents and settings\s060625\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-05 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyServer = ftp=proxy.wfw.wtb.tue.nl:80;http=proxy.wfw.wtb.tue.nl:80;https=proxy.wfw.wtb.tue.nl:443
uInternet Settings,ProxyOverride = *.tue.nl;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: tue.nl
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 17:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1895577662-1677200029-1617787245-232390\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,f7,53,76,81,e2,88,53,6c,ef,ef,81,9f,45,db,bb,2a,31,5e,e9,f2,a9,33,
1e,5e,9c,85,7a,b2,9a,3f,a9,6d,d6,04,a0,a9,bf,bc,97,c6,7e,9f,63,b5,cb,61,14,\
"??"=hex:a8,03,7c,e4,e0,42,51,f1,59,3b,74,9d,57,79,54,69

[HKEY_USERS\S-1-5-21-1895577662-1677200029-1617787245-232390\Software\SecuROM\License information*]
"datasecu"=hex:50,58,e4,b6,fa,76,c8,33,33,72,a1,d2,99,00,6c,7d,85,34,72,ca,c1,
ff,31,c0,bf,ff,92,ff,b3,68,53,a1,21,b3,e1,a3,8f,41,2f,24,eb,61,2c,a8,2a,b9,\
"rkeysecu"=hex:60,23,56,77,53,b4,a4,c7,f3,63,2c,b8,ca,21,64,f5

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\tphklock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1600)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\windows\system32\nipalsm.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\nipalsm.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-02-09 18:00:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 17:00
ComboFix2.txt 2010-02-09 09:08
ComboFix3.txt 2008-12-26 15:34

Pre-Run: 3,892,441,088 bytes free
Post-Run: 3,851,866,112 bytes free

- - End Of File - - 403E02C1F06DD5304D2EDAC045E240CF

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01, on 2010-02-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wfw.wtb.tue.nl:80;http=proxy.wfw.wtb.tue.nl:80;https=proxy.wfw.wtb.tue.nl:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tue.nl;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.tue.nl
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9184576468
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10400 bytes

Emphyrio · **Geplaatst:** di feb 09, 2010 6:11 pm

Kan ik een update van je probleem hebben a.u.b. ?

Emphyrio

Serendipity · **Geplaatst:** di feb 09, 2010 6:27 pm

het was geen probleem,
ik merkte dat ik iets verkeerds had gedownload en haalde er toen wat spyware af, wilde vooral weten of er nog wat achter was gebleven?

houdt dat in dat hij nu dus clean is?
alvast bedankt,
Serendipity

Emphyrio · **Geplaatst:** di feb 09, 2010 6:48 pm

Hoi Serendipity,

Je logs zijn clean

We gaan opruimen........

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.
___________________________________________________________________________________________________________

Download OTC.exe (by OldTimer)

Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.
___________________________________________________________________________________________________________

De volgende stappen zou ik je nog willen aanraden:

1. Oude Herstelpunten verwijderen:

Wis even je bestaande herstelpunten volgens deze procedure.

2. Updates:

Ga naar Secunia Online (OSI) en laat de Secunia Online Software Inspector (OSI) je computer scannen.

De Secunia Online Software Inspector scant de computer op programma's die niet geupdate zijn en
daardoor ook mogelijke beveiligingslekken kunnen bevatten die ondermeer door malware misbruikt kunnen worden.

Plaats voor je de scan start eventueel ook een vinkje bij 'Enable thorough system inspection'.
Hierdoor kan OSI ook de programma's vinden indien deze niet op de standaardlocatie geïnstalleerd zijn.

Wordt een niet-up-to-date programma gevonden, dan wordt deze in het rood als 'insecure' weergegeven
en krijg je de mogelijk om via de 'download-link' de meest recente versie te downloaden.

Mag ik je tot slot nog deze tips aanreiken : Veilig Internetten

Emphyrio

Serendipity · **Geplaatst:** di feb 09, 2010 10:44 pm

Dat is mooi om te horen

heb alleen nog één vraagje: Waarom daemon tools gedeinstalleerd moest worden en of ik deze nu weer kan installeren? of dat het verstandiger is bijvoorbeeld virtualclonedrive te gebruiken?

alvast bedankt,
Serendipity

Aantal trojans weggehaald met spybot/malwarebytes

Wie is er online