Mededeling

Collapse
No announcement yet.

Sasser

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Sasser

    all,

    ik heb last van een sasser variant. Ik heb geprobeerd met sasser verwijderaars van symantec,maar geen oplossing. gaarne advies(nb,het is mijn bedrijfslaptop met win xp volledig up to date.virusscaner is mcafee)

    Ik zal ook een log van kspersky plaatsen

    all,

    ik heb last van een sasser variant. Ik heb geprobeerd met sasser verwijderaars van symantec,maar geen oplossing. gaarne advies(nb,het is mijn bedrijfslaptop met win xp volledig up to date.virusscaner is mcafee)

    Ik zal ook een log van kspersky plaatsen


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:21:42, on 02-05-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\WINDOWS\system32\ifxspmgt.exe
    c:\WINDOWS\system32\ifxtcs.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    c:\WINDOWS\system32\IfxPsdSv.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    D:\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\NetLimiter 2 Pro\NLClient.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\VMware\VMware Workstation\vmware-tray.exe
    c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    D:\VMware\VMware Workstation\hqtray.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\IEPro\MiniDM.exe
    C:\Documents and Settings\an\My Documents\My Downloads\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.val.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [vmware-tray] D:\VMware\VMware Workstation\vmware-tray.exe
    O4 - HKLM\..\Run: [VMware hqtray] "D:\VMware\VMware Workstation\hqtray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - Global Startup: BGInfo.lnk = ?
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198752881531
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = val.loc
    O17 - HKLM\Software\..\Telephony: DomainName = val.loc
    O20 - AppInit_DLLs: APSHook.dll
    O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 12592 bytes
    Last edited by deheugden; 02-05-08, 21:51.

  • #2
    sdfix en microsoft malicious software tool heb ik ook gebruik;maar nada

    Comment


    • #3
      Is dit soms het zelfde probleem?


      Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

      "Verwar de waarheid niet met de mening van de meerderheid"

      Comment


      • #4
        neen,heb 1 laptop en 2 vaste pc's(vroeger meer pc's maar gebruikte ze niet meer) en met 2 gaat het nu niet goed.dat probleem van die vaste pc loopt nog altijd;ik wacht op de scanuitslag van kaspersky.het grappige met mijn notebook is dat housecall alleen maar 1 adaware vind(attachment). het rare alleen is dat volgens symantec sasser avserve2.exe zou plaatsen in de windir en die staat er bij mij niet.de symptonen zijn wel van sasser(automatische shutdown via de meldingz).Dus momenteel zoek ik nog naar wat het precies is.

        Comment


        • #5
          Zou ook een variant van Rustock kunnen zijn, in dat geval kan je misschien beter een logje van Combofix posten

          Comment


          • #6
            ok,zal ik doen.ik zal verder eens zoeken op rustock; heb net een scan gedaan met kaspersky en die vind niets...raar eigenlijk;heb nooit last gehad van een virus(spyware wel )

            Comment


            • #7
              volgens symantec ook geen rustock; de keys bestaan niet.vreemd

              ComboFix 08-05-01.3 - and 2008-05-02 21:36:49.1 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1167 [GMT 2:00]
              Running from: C:\Documents and Settings\and\My Documents\My Downloads\ComboFix.exe
              * Created a new restore point
              * Resident AV is active


              WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
              .

              ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
              c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
              C:\WINDOWS\Downloaded Program Files\setup.inf

              ----- BITS: Possible infected sites -----

              hxxp://valaps02
              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              -------\Legacy_ASBroker
              -------\Service_ASBroker


              ((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
              .

              2008-05-02 20:24 . 2008-05-02 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
              2008-05-02 18:55 . 2008-05-02 18:55 <DIR> d-------- C:\Documents and Settings\And\Application Data\Nero
              2008-05-02 15:43 . 2008-05-02 15:51 <DIR> d-------- C:\Program Files\Common Files\Nero
              2008-05-02 15:43 . 2008-05-02 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
              2008-05-02 15:33 . 2008-05-02 15:33 <DIR> d-------- C:\Program Files\FolderSize
              2008-05-02 14:33 . 2008-05-02 14:33 <DIR> d--h----- C:\WINDOWS\PIF
              2008-05-01 18:36 . 2008-05-01 18:36 <DIR> d-------- C:\Documents and Settings\And\tmp
              2008-05-01 18:36 . 2008-05-01 18:36 <DIR> d-------- C:\Documents and Settings\And\HP
              2008-05-01 18:34 . 2008-05-01 18:34 <DIR> d-------- C:\WINDOWS\Sun
              2008-05-01 18:34 . 2008-05-01 18:34 <DIR> d-------- C:\Program Files\Java
              2008-05-01 18:34 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
              2008-05-01 18:33 . 2008-05-01 18:33 <DIR> d-------- C:\Program Files\Common Files\Java
              2008-05-01 14:53 . 2008-05-01 14:53 <DIR> d-------- C:\WINDOWS\ERUNT
              2008-05-01 14:52 . 2008-05-01 14:52 <DIR> d-------- C:\sdfix
              2008-05-01 12:38 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
              2008-04-30 22:34 . 2008-04-30 23:27 <DIR> d-------- C:\Documents and Settings\And\.housecall6.6
              2008-04-30 22:05 . 2008-04-30 22:34 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
              2008-04-30 22:05 . 2008-04-30 22:23 <DIR> d-------- C:\Documents and Settings\And\Application Data\HouseCall 6.6
              2008-04-30 19:08 . 2008-04-30 19:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
              2008-04-30 19:08 . 2008-04-30 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
              2008-04-30 18:48 . 2008-05-02 21:43 <DIR> d-------- C:\Documents and Settings\And\Application Data\VMware
              2008-04-30 18:22 . 2008-05-02 21:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
              2008-04-30 18:22 . 2008-03-03 20:13 121,392 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
              2008-04-30 18:22 . 2008-03-03 20:10 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
              2008-04-30 18:22 . 2008-03-03 20:10 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
              2008-04-30 18:21 . 2008-03-03 20:11 436,784 --a------ C:\WINDOWS\system32\vnetlib.dll
              2008-04-30 18:21 . 2008-03-03 20:12 150,064 --a------ C:\WINDOWS\system32\vmnat.exe
              2008-04-30 18:21 . 2008-03-03 20:10 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
              2008-04-30 18:21 . 2008-03-03 20:10 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
              2008-04-30 18:21 . 2008-03-03 20:14 25,136 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
              2008-04-30 18:21 . 2008-03-03 20:13 20,912 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
              2008-04-30 18:21 . 2008-03-03 20:10 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
              2008-04-30 18:21 . 2008-04-30 18:21 1,024 --a------ C:\.rnd
              2008-04-30 18:20 . 2008-05-02 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
              2008-04-30 18:19 . 2008-04-30 18:19 <DIR> d-------- C:\Program Files\VMware
              2008-04-30 18:19 . 2008-04-30 18:19 <DIR> d-------- C:\Program Files\Common Files\VMware
              2008-04-30 18:16 . 2008-04-30 18:18 <DIR> d-------- C:\totalcmd
              2008-04-30 18:16 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
              2008-04-30 18:16 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
              2008-04-30 18:16 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
              2008-04-30 18:16 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
              2008-04-30 18:16 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
              2008-04-30 18:16 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
              2008-04-30 18:16 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
              2008-04-30 18:16 . 2008-04-30 18:18 324 --a------ C:\WINDOWS\wincmd.ini
              2008-04-29 21:16 . 2008-04-29 21:16 <DIR> d-------- C:\Program Files\pdfsam
              2008-04-29 11:27 . 1999-05-27 21:28 46,192 --a------ C:\WINDOWS\system32\uptime.exe
              2008-04-29 11:01 . 2008-04-29 11:01 <DIR> d-------- C:\Documents and Settings\Adm_adduser\Application Data\Locktime
              2008-04-28 19:04 . 2008-04-28 19:04 <DIR> d-------- C:\Documents and Settings\af\Application Data\Nero
              2008-04-25 14:05 . 2008-04-25 14:05 <DIR> d-------- C:\Documents and Settings\af\Application Data\Media Player Classic
              2008-04-25 13:53 . 2008-04-25 13:53 <DIR> d-------- C:\Program Files\Undisker
              2008-04-25 13:25 . 2008-04-25 13:43 <DIR> d-------- C:\Documents and Settings\af\Application Data\MiniDm
              2008-04-25 11:21 . 2008-04-25 11:21 <DIR> d-------- C:\Documents and Settings\af\Contacts
              2008-04-25 11:18 . 2008-04-25 11:18 <DIR> d-------- C:\Documents and Settings\hdekkers\Application Data\IEPro
              2008-04-25 11:10 . 2008-04-25 11:10 <DIR> d-------- C:\Documents and Settings\hdekkers\Application Data\Locktime
              2008-04-25 11:09 . 2008-01-03 15:46 <DIR> d--hs---- C:\Documents and Settings\hdekkers\UserData
              2008-04-25 11:09 . 2007-12-24 18:02 <DIR> d-------- C:\Documents and Settings\hdekkers\Bluetooth Software
              2008-04-25 11:09 . 2008-01-25 14:43 <DIR> d-------- C:\Documents and Settings\hdekkers\Application Data\Intel
              2008-04-25 11:09 . 2007-12-24 18:02 <DIR> d-------- C:\Documents and Settings\hdekkers\Application Data\InstallShield
              2008-04-25 11:09 . 2007-12-24 18:02 <DIR> d-------- C:\Documents and Settings\hdekkers\Application Data\Infineon
              2008-04-25 11:09 . 2007-12-24 18:02 <DIR> d-------- C:\Documents and Settings\hdekkers\Application Data\hpqLog
              2008-04-25 11:09 . 2008-04-25 11:19 <DIR> d-------- C:\Documents and Settings\hdekkers
              2008-04-25 11:09 . 2008-05-02 21:36 1,024 --a------ C:\Documents and Settings\hdekkers\ntuser.dat.LOG
              2008-04-25 10:52 . 2008-04-25 10:52 <DIR> d-------- C:\Documents and Settings\af\Application Data\IEPro
              2008-04-25 10:51 . 2008-04-25 10:51 <DIR> d-------- C:\Documents and Settings\af\Application Data\Locktime
              2008-04-23 18:03 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
              2008-04-23 18:03 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
              2008-04-22 08:44 . 2008-04-22 08:44 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
              2008-04-22 08:42 . 2008-04-22 08:42 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
              2008-04-22 08:42 . 2008-04-22 08:42 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
              2008-04-22 08:40 . 2008-04-22 08:40 <DIR> d-------- C:\Program Files\Avanquest update
              2008-04-22 08:40 . 2008-04-22 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
              2008-04-22 08:39 . 2008-04-22 08:41 <DIR> d-------- C:\Program Files\Sony Ericsson
              2008-04-22 08:39 . 2008-04-22 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
              2008-04-20 14:32 . 2008-04-20 14:32 <DIR> d-------- C:\Program Files\MagicISO
              2008-04-19 15:57 . 2008-04-19 16:05 387 --a------ C:\WINDOWS\IfoEdit.INI
              2008-04-18 11:03 . 2008-04-18 11:03 <DIR> d-------- C:\Documents and Settings\and\Application Data\Locktime
              2008-04-18 10:21 . 2008-04-18 10:21 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
              2008-04-18 10:21 . 2008-04-18 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
              2008-04-18 08:49 . 2008-04-18 08:49 <DIR> d-------- C:\Documents and Settings\and\Application Data\Stellarium
              2008-04-17 21:51 . 2008-04-17 21:51 <DIR> d-------- C:\Program Files\Stellarium
              2008-04-17 17:26 . 2008-04-17 17:26 <DIR> d-------- C:\Program Files\NeroInstall.bak
              2008-04-17 17:19 . 2008-05-02 15:43 <DIR> d-------- C:\Program Files\Nero
              2008-04-15 22:43 . 2008-04-15 22:44 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
              2008-04-15 22:43 . 2008-04-15 22:43 <DIR> d-------- C:\Program Files\AVSMedia
              2008-04-15 17:56 . 2008-04-15 17:56 <DIR> d-------- C:\Program Files\GrabIt
              2008-04-13 15:35 . 2008-04-13 15:35 <DIR> d-------- C:\Program Files\Teletekstbrowser
              2008-04-13 15:35 . 2008-04-13 15:35 <DIR> d-------- C:\Documents and Settings\and\Application Data\Teletekst
              2008-04-13 15:35 . 2008-04-13 15:35 86 --a------ C:\WINDOWS\Teletekst.ini
              2008-04-13 14:09 . 2008-04-13 14:09 <DIR> d-------- C:\WINDOWS\Name Manager
              2008-04-13 14:09 . 2008-04-13 14:09 <DIR> d-------- C:\Program Files\Name Manager
              2008-04-13 14:09 . 2002-12-20 15:02 1,077,336 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX.bak
              2008-04-13 12:53 . 2008-04-13 12:53 223 --a------ C:\WINDOWS\HP PrecisionScan Pro.INI
              2008-04-08 15:08 . 2008-04-08 15:08 <DIR> d-------- C:\Documents and Settings\and\Application Data\MiniDm
              2008-04-08 13:49 . 2008-04-08 13:49 <DIR> d-------- C:\Documents and Settings\and\Application Data\IEPro
              2008-04-08 13:48 . 2008-04-08 13:49 <DIR> d-------- C:\Program Files\IEPro
              2008-04-08 11:12 . 2008-04-08 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
              2008-04-07 20:17 . 1927-03-21 05:04 487,936 --a------ C:\WINDOWS\LkUnInst.exe
              2008-04-07 20:17 . 2007-01-09 17:02 438,272 --a------ C:\WINDOWS\c4dll.dll
              2008-04-07 20:17 . 2007-01-09 17:02 399,872 --a------ C:\WINDOWS\c4dstand.dll
              2008-04-07 20:17 . 2001-01-25 02:12 98,304 --a------ C:\WINDOWS\system32\tsccvid.dll
              2008-04-07 20:17 . 1928-01-01 20:08 3,215 --a------ C:\WINDOWS\splash.ini
              2008-04-05 17:12 . 2008-04-05 17:12 <DIR> d-------- C:\WINDOWS\Downloaded Installations
              2008-04-05 17:12 . 2008-04-05 17:12 <DIR> d-------- C:\Program Files\HP
              2008-04-05 17:03 . 2008-04-05 17:03 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
              2008-04-05 17:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
              2008-04-05 17:03 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
              2008-04-05 16:53 . 2008-04-05 16:53 802 --a------ C:\WINDOWS\hpinfo.lnk
              2008-04-05 16:52 . 2008-04-05 16:53 <DIR> d-------- C:\Program Files\hp deskjet 930c series
              2008-04-05 16:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
              2008-04-05 16:41 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
              2008-04-02 12:46 . 2008-04-02 12:46 <DIR> d-------- C:\Program Files\QT Lite
              2008-04-02 12:46 . 2008-04-02 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
              2008-04-02 12:46 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
              2008-04-02 12:46 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
              2008-04-02 12:10 . 2008-04-02 12:10 <DIR> d-------- C:\Program Files\Messenger Plus! Live
              2008-04-02 12:07 . 2008-04-02 12:07 <DIR> d-------- C:\Documents and Settings\and\Contacts
              2008-04-02 12:07 . 2008-04-02 12:07 <DIR> d-------- C:\Documents and Settings\and\Application Data\Media Player Classic
              2008-04-02 12:06 . 2008-04-02 12:06 <DIR> d-------- C:\Program Files\Mediaplayer classic
              2008-04-02 11:58 . 2008-04-02 11:58 <DIR> d-------- C:\Program Files\MessengerPlus! 3
              2008-04-02 11:54 . 2008-04-02 12:06 <DIR> d-------- C:\Program Files\Windows Live
              2008-04-02 11:54 . 2008-04-02 12:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
              2008-04-02 11:54 . 2008-04-02 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
              2008-04-02 11:47 . 2008-04-02 11:47 <DIR> d-------- C:\Program Files\TechSmith
              2008-04-02 11:47 . 2008-04-02 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith

              .
              (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-04-22 06:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-04-05 15:03 --------- d-----w C:\Program Files\Hewlett-Packard
              2008-04-02 08:55 --------- d-----w C:\Program Files\Common Files\Adobe
              2008-04-01 08:01 --------- d-----w C:\Program Files\McAfee
              2008-04-01 08:01 --------- d-----w C:\Program Files\Common Files\McAfee
              2008-04-01 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
              2008-04-01 08:00 --------- d-----w C:\Program Files\Network Associates
              2008-04-01 07:54 --------- d-----w C:\Program Files\Common Files\Cisco Systems
              2008-03-03 18:14 925,104 ----a-w C:\WINDOWS\system32\drivers\vmx86.sys
              2008-03-03 18:14 34,864 ----a-w C:\WINDOWS\system32\drivers\hcmon.sys
              2008-03-03 18:11 15,920 ----a-w C:\WINDOWS\system32\drivers\vmparport.sys
              2008-02-29 18:19 54,824 ----a-w C:\WINDOWS\agrsmdel.exe
              .

              ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 10:08 68856]
              "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 22:50 138008]
              "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 22:50 162584]
              "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 22:50 138008]
              "PTHOSTTR"="c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 16:52 145184]
              "CognizanceTS"="c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 18:12 17920]
              "IFXSPMGT"="c:\WINDOWS\system32\ifxspmgt.exe" [2007-02-15 14:00 677408]
              "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
              "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 23:36 872448]
              "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 17:34 177456]
              "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 14:51 995328]
              "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 14:47 1101824]
              "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-11 14:56 136512]
              "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
              "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 01:40 196608]
              "vmware-tray"="D:\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 20:10 72240]
              "VMware hqtray"="D:\VMware\VMware Workstation\hqtray.exe" [2008-03-03 20:10 55856]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
              "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

              C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
              BGInfo.lnk - C:\WINDOWS\Installer\{25AB52B4-BF4E-49A7-94CC-29F0561DB260}\Icon25AB52B4.exe [2008-01-03 15:39:53 6656]
              Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 16:14:00 561213]
              Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-02 10:08:35 124400]
              SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48 6395464]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "NoWelcomeScreen"= 1 (0x1)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
              c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
              "AppInit_DLLs"=APSHook.dll

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
              @="Driver"

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
              "C:\\Program Files\\IEPro\\MiniDM.exe"=
              "C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
              "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
              "3389:TCP"= 3389:TCPxpsp2res.dll,-22009

              R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
              R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2007-01-23 21:07]
              R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
              R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 20:13]
              S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-22 08:42]
              S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2007-07-17 02:24]
              S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
              Cognizance REG_MULTI_SZ ASBroker ASChannel

              .
              Contents of the 'Scheduled Tasks' folder
              "2008-05-02 19:44:25 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"
              - C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PSD -V906 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
              .
              **************************************************************************

              catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-05-02 21:44:10
              Windows 5.1.2600 Service Pack 2 NTFS

              scanning hidden processes ...

              scanning hidden autostart entries ...

              scanning hidden files ...

              scan completed successfully
              hidden files: 1

              **************************************************************************
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
              C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              C:\WINDOWS\system32\scardsvr.exe
              C:\WINDOWS\system32\agrsmsvc.exe
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              C:\Program Files\FolderSize\FolderSizeSvc.exe
              C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              C:\WINDOWS\system32\IFXTCS.exe
              C:\Program Files\McAfee\Common Framework\FrameworkService.exe
              C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
              C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
              C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
              C:\WINDOWS\system32\IfxPsdSv.exe
              C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
              C:\WINDOWS\system32\vmnat.exe
              C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
              C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
              D:\VMware\VMware Workstation\vmware-authd.exe
              C:\WINDOWS\system32\vmnetdhcp.exe
              C:\Program Files\NetLimiter 2 Pro\NLClient.exe
              C:\WINDOWS\system32\igfxsrvc.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\McAfee\Common Framework\Mctray.exe
              C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
              C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
              C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
              C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
              C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
              C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
              .
              **************************************************************************
              .
              Completion time: 2008-05-02 21:46:23 - machine was rebooted
              ComboFix-quarantined-files.txt 2008-05-02 19:46:19

              Pre-Run: 11,723,751,424 bytes free
              Post-Run: 18,330,705,920 bytes free

              281 --- E O F --- 2008-04-25 07:00:39

              Comment


              • #8
                Ik zie eigenlijk ook geen verkeerde dingen.

                Download Malwarebytes' Anti-Malware op je bureaublad.
                Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
                Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
                Druk daarna op "Finish".
                Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
                Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
                Druk dan op de knop "Start Scan".
                Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
                Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
                Als het programma je computer wil laten herstarten, sta je dit toe.
                Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
                Post deze log in je volgende bericht

                Comment


                • #9
                  niets gevonden.heb er ook geen last meer van alhoewel na sdfix gebruik het nog 1 keer terug gekomen is,daarom ik mijn post hier.

                  Malwarebytes' Anti-Malware 1.11
                  Database version: 714

                  Scan type: Full Scan (C:\|)
                  Objects scanned: 84503
                  Time elapsed: 25 minute(s), 34 second(s)

                  Memory Processes Infected: 0
                  Memory Modules Infected: 0
                  Registry Keys Infected: 0
                  Registry Values Infected: 0
                  Registry Data Items Infected: 0
                  Folders Infected: 0
                  Files Infected: 0

                  Memory Processes Infected:
                  (No malicious items detected)

                  Memory Modules Infected:
                  (No malicious items detected)

                  Registry Keys Infected:
                  (No malicious items detected)

                  Registry Values Infected:
                  (No malicious items detected)

                  Registry Data Items Infected:
                  (No malicious items detected)

                  Folders Infected:
                  (No malicious items detected)

                  Files Infected:
                  (No malicious items detected)

                  Comment


                  • #10
                    Mogelijk toch Rustock geweest, ik weet dat SDfix ge-update wordt om nieuwe Rustock-varianten te verwijderen

                    Comment


                    • #11
                      dan sluit ik de post wel;grappig eigenlijk; mooit last vam vira op mijn eigen pc's en nu op mijn werk pc met een installatie die niet door mij gedaan is.bedankt voor de hulp en fijne zondag nog.

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X