Mededeling

**Marckie** · 27-05-08, 16:28

Hallo,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

F2 - REG:system.ini: UserInit=C:\WINDOWS1\system32\userinit.exe,C:\WINDOWS1\system32\vbpdtvdp.exe,
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [04eae56d] rundll32.exe "C:\WINDOWS1\system32\qhqkkofy.dll",b
O4 - HKLM\..\Run: [BM07d9d6f1] Rundll32.exe "C:\WINDOWS1\system32\tkuerduw.dll",s

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**vegetassj22** · 31-05-08, 11:31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:33, on 31.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS1\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\Rundll32.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS1\explorer.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS1\VirtualDNS.dll (file missing)
O2 - BHO: Windows Live - Pomoc pri vpisu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [04eae56d] rundll32.exe "C:\WINDOWS1\system32\xklfacqf.dll",b
O4 - HKLM\..\Run: [BM07d9d6f1] Rundll32.exe "C:\WINDOWS1\system32\fnfqgroy.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: I&zvozi v Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Po�lji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: P&o�lji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E8C5AC-1A05-45C1-A0F7-F1384B3552E0}: NameServer = 193.189.160.13,193.189.160.23
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DriveHQ FileManagerFun - Drive Headquarter - C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\system32\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10366 bytes

ComboFix 08-05-26.2 - Samo Dernov�ek 2008-05-31 10:56:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1446 [GMT 2:00]
Running from: C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS1\BM07d9d6f1.xml
C:\WINDOWS1\default.htm
C:\WINDOWS1\explore.exe
C:\WINDOWS1\iexplorer.exe
C:\WINDOWS1\lfn.exe
C:\WINDOWS1\mainms.vpi
C:\WINDOWS1\pskt.ini
C:\WINDOWS1\system32\carcfbjp.ini
C:\WINDOWS1\system32\clbdll.dll
C:\WINDOWS1\system32\fqcaflkx.ini
C:\WINDOWS1\system32\geijliei.dll
C:\WINDOWS1\system32\kRCMmUvw.ini
C:\WINDOWS1\system32\kRCMmUvw.ini2
C:\WINDOWS1\system32\kwtvyube.ini
C:\WINDOWS1\system32\lopmboit.ini
C:\WINDOWS1\system32\mcrh.tmp
C:\WINDOWS1\system32\MSINET.oca
C:\WINDOWS1\system32\obbtnspu.ini
C:\WINDOWS1\system32\tuvSkLfe.dll
C:\WINDOWS1\system32\usiqksrp.ini
C:\WINDOWS1\system32\WinCtrl32.dl_
C:\WINDOWS1\system32\WinCtrl32.dll
C:\WINDOWS1\system32\WLCtrl32.dll
C:\WINDOWS1\system32\wvUmMCRk.dll
C:\WINDOWS1\system32\yfokkqhq.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-31 11:07 . 2008-05-31 11:07 362,928 --a------ C:\Documents and Settings\Samo Dernovcatchme.zip
2008-05-30 15:09 . 2008-05-30 15:09 115,712 --a------ C:\WINDOWS1\system32\xklfacqf.dll
2008-05-30 15:07 . 2008-05-30 15:07 125,440 --a------ C:\WINDOWS1\system32\fnfqgroy.dll
2008-05-29 15:07 . 2008-05-29 15:07 126,976 --a------ C:\WINDOWS1\system32\uryldabs.dll
2008-05-27 15:15 . 2008-05-27 15:15 113,664 --a------ C:\WINDOWS1\system32\upsntbbo.dll
2008-05-27 15:06 . 2008-05-27 15:06 125,440 --a------ C:\WINDOWS1\system32\nqiqwuwq.dll
2008-05-26 21:31 . 2008-05-26 21:31 30,720 --a------ C:\WINDOWS1\accesss.exe
2008-05-26 21:31 . 2008-05-26 21:31 24,320 --a------ C:\WINDOWS1\astctl32.ocx
2008-05-26 21:31 . 2008-05-26 21:31 19,968 --a------ C:\WINDOWS1\y.exe
2008-05-26 21:31 . 2008-05-26 21:31 19,456 --a------ C:\WINDOWS1\x.exe
2008-05-26 21:31 . 2008-05-26 21:31 18,944 --a------ C:\WINDOWS1\avpcc.dll
2008-05-26 21:31 . 2008-05-26 21:31 12,800 --a------ C:\WINDOWS1\xxxvideo.hta
2008-05-26 15:59 . 2008-05-26 16:00 <DIR> d-------- C:\WINDOWS1\ERUNT
2008-05-26 15:54 . 2008-05-26 15:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-26 15:49 . 2008-05-26 20:46 <DIR> d-------- C:\SDFix
2008-05-26 15:03 . 2008-05-31 11:10 54,156 --ah----- C:\WINDOWS1\QTFont.qfn
2008-05-26 15:03 . 2008-05-26 15:03 1,409 --a------ C:\WINDOWS1\QTFont.for
2008-05-25 11:53 . 2008-05-25 11:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 09:47 . 2008-05-25 09:47 <DIR> d--h----- C:\WINDOWS1\system32\GroupPolicy
2008-05-24 23:18 . 2008-05-24 23:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-24 23:18 . 2008-05-24 23:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Lavasoft
2008-05-24 19:27 . 2008-05-24 19:25 512,096 --a------ C:\WINDOWS1\system32\drivers\amon.sys
2008-05-24 19:27 . 2008-05-24 19:25 298,104 --a------ C:\WINDOWS1\system32\imon.dll
2008-05-24 19:27 . 2008-05-24 19:25 15,424 --a------ C:\WINDOWS1\system32\drivers\nod32drv.sys
2008-05-24 19:14 . 2004-08-12 15:17 4,224 --a------ C:\WINDOWS1\system32\beep.sys
2008-05-24 19:13 . 2008-05-24 19:13 87,513 --a------ C:\WINDOWS1\system32\vbpdtvdp.exe
2008-05-24 18:10 . 2008-05-24 18:10 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2008-05-22 16:48 . 2008-05-22 16:48 4,444 --a------ C:\WINDOWS1\system32\pid.PNF
2008-05-20 23:17 . 2004-08-12 15:34 221,184 --a------ C:\WINDOWS1\system32\wmpns.dll
2008-05-20 14:04 . 2008-05-20 14:04 <DIR> d-------- C:\WINDOWS1\ServicePackFiles
2008-05-20 14:00 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS1\003291_.tmp
2008-05-17 12:26 . 2008-05-18 15:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\POPWWPROFILES
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS1\system32\lsdelete.exe
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS1\system32\xfcodec.dll
2008-05-13 14:19 . 2003-10-27 14:06 115,016 --a------ C:\WINDOWS1\system32\MSINET.OCX
2008-05-13 14:19 . 2003-10-27 14:06 89,360 --a------ C:\WINDOWS1\system32\VB5DB.DLL
2008-05-13 14:19 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS1\system32\xmltok.dll
2008-05-13 14:19 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS1\system32\xmlparse.dll
2008-05-13 14:19 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS1\system32\comdlg32.oca
2008-05-13 14:19 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS1\system32\xmlinst.exe
2008-05-13 14:19 . 2003-10-27 14:06 24,576 --a------ C:\WINDOWS1\system32\msxml3a.dll
2008-05-10 01:11 . 2008-05-10 01:14 <DIR> d-------- C:\MyBackup
2008-05-10 00:11 . 2008-05-10 00:11 <DIR> d-------- C:\Program Files\PC Tune-Up
2008-05-06 23:44 . 2008-05-06 23:44 <DIR> d-------- C:\Program Files\iPod
2008-05-01 23:16 . 2008-05-06 14:37 <DIR> d-------- C:\Program Files\CABAL Online
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS1\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS1\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS1\system32\drivers\Awrtpd.sys
2008-04-28 22:48 . 2008-04-28 22:53 <DIR> d-------- C:\Program Files\Metin2
2008-04-27 14:31 . 2008-04-27 14:32 <DIR> d-------- C:\Program Files\Teamspeak2
2008-04-15 13:55 . 2008-04-15 13:55 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-15 13:43 . 2008-04-28 14:30 <DIR> d-------- C:\Program Files\Shaiya
2008-04-14 05:42 . 2008-04-14 05:42 20,992 --a------ C:\WINDOWS1\system32\spupdwxp.exe
2008-04-14 05:42 . 2008-04-14 05:42 20,992 --a------ C:\WINDOWS1\system32\faxpatch.exe
2008-04-14 05:42 . 2008-04-14 05:42 7,680 --a------ C:\WINDOWS1\system32\spdwnwxp.exe
2008-04-12 10:20 . 2008-04-12 10:20 98,304 --a------ C:\WINDOWS1\system32CmdLineExt.dll
2008-04-12 02:07 . 2008-05-24 00:53 <DIR> d-------- C:\VivoxLogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 08:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\DriveHQ
2008-05-30 13:53 22,328 ----a-w C:\WINDOWS1\system32\drivers\PnkBstrK.sys
2008-05-30 11:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-30 11:13 --------- d-----w C:\Program Files\eMule
2008-05-29 16:32 --------- d-----w C:\Program Files\CrossFire
2008-05-25 18:20 --------- d-----w C:\Program Files\uTorrent
2008-05-24 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 17:34 --------- d-----w C:\Program Files\ESET
2008-05-24 05:30 --------- d-----w C:\Program Files\Ubisoft
2008-05-24 05:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 22:51 --------- d-----w C:\Program Files\WarRock
2008-05-08 18:05 --------- d-----w C:\Program Files\EA SPORTS
2008-05-08 18:04 --------- d-----w C:\Program Files\DANCE!ONLINE
2008-05-06 21:44 --------- d-----w C:\Program Files\iTunes
2008-05-06 21:43 --------- d-----w C:\Program Files\QuickTime
2008-05-06 21:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-29 11:49 --------- d-----w C:\Program Files\iMesh Applications
2008-04-20 11:23 --------- d-----w C:\Program Files\ProjectTorque
2008-04-17 12:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\Ubisoft
2008-04-14 03:43 40,840 ----a-w C:\WINDOWS1\system32\drivers\termdd.sys
2008-04-14 03:43 21,896 ----a-w C:\WINDOWS1\system32\drivers\tdtcp.sys
2008-04-14 03:43 139,656 ----a-w C:\WINDOWS1\system32\drivers\rdpwd.sys
2008-04-14 03:43 12,040 ----a-w C:\WINDOWS1\system32\drivers\tdpipe.sys
2008-04-14 03:42 69,120 ----a-w C:\WINDOWS1\notepad.exe
2008-04-14 03:42 50,688 ----a-w C:\WINDOWS1\twain_32.dll
2008-04-14 03:42 32,866 ------w C:\WINDOWS1\slrundll.exe
2008-04-14 03:42 3,901 ------w C:\WINDOWS1\system32\drivers\siint5.dll
2008-04-14 03:42 283,648 ----a-w C:\WINDOWS1\winhlp32.exe
2008-04-14 03:42 146,432 ----a-w C:\WINDOWS1\regedit.exe
2008-04-14 03:42 11,325 ------w C:\WINDOWS1\system32\drivers\vchnt5.dll
2008-04-14 03:42 10,752 ----a-w C:\WINDOWS1\hh.exe
2008-04-14 03:42 1,033,728 ----a-w C:\WINDOWS1\explorer.exe
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS1\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS1\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS1\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS1\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS1\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS1\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS1\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS1\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS1\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS1\system32\drivers\afd.sys
2008-04-13 22:48 52,480 ----a-w C:\WINDOWS1\system32\drivers\i8042prt.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS1\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS1\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS1\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS1\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS1\system32\drivers\ks.sys
2008-04-13 22:45 64,512 ----a-w C:\WINDOWS1\system32\drivers\serial.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS1\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS1\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS1\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS1\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS1\system32\drivers\fastfat.sys
2008-04-13 22:30 30,080 ----a-w C:\WINDOWS1\system32\drivers\modem.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS1\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS1\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS1\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS1\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS1\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS1\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS1\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS1\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS1\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS1\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS1\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS1\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS1\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS1\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS1\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS1\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS1\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOWS1\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS1\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS1\system32\drivers\rmcast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS1\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS1\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS1\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS1\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 ----a-w C:\WINDOWS1\system32\drivers\http.sys
2008-04-13 22:21 61,824 ----a-w C:\WINDOWS1\system32\drivers\nic1394.sys
2008-04-13 22:21 60,800 ----a-w C:\WINDOWS1\system32\drivers\arp1394.sys
2008-04-13 22:21 59,904 ----a-w C:\WINDOWS1\system32\drivers\atmarpc.sys
2008-04-13 22:21 55,808 ----a-w C:\WINDOWS1\system32\drivers\atmlane.sys
2008-04-13 22:21 101,120 ------w C:\WINDOWS1\system32\drivers\bthpan.sys
2008-04-13 22:17 25,856 ----a-w C:\WINDOWS1\system32\drivers\usbprint.sys
2008-04-13 22:15 60,160 ----a-w C:\WINDOWS1\system32\drivers\drmk.sys
2008-04-13 22:14 81,664 ----a-w C:\WINDOWS1\system32\drivers\videoprt.sys
2008-04-13 22:14 799,744 ----a-w C:\WINDOWS1\system32\drivers\dmboot.sys
2008-04-13 22:14 20,992 ----a-w C:\WINDOWS1\system32\drivers\vga.sys
2008-04-13 22:14 153,344 ----a-w C:\WINDOWS1\system32\drivers\dmio.sys
2008-04-13 22:13 14,208 ------w C:\WINDOWS1\system32\drivers\wacompen.sys
2008-04-13 22:13 12,672 ------w C:\WINDOWS1\system32\drivers\mutohpen.sys
2008-04-13 22:11 52,352 ----a-w C:\WINDOWS1\system32\drivers\volsnap.sys
2008-04-13 22:11 42,112 ----a-w C:\WINDOWS1\system32\drivers\imapi.sys
2008-04-13 22:09 92,544 ----a-w C:\WINDOWS1\system32\drivers\mqac.sys
2008-04-13 22:09 7,552 ----a-w C:\WINDOWS1\system32\drivers\mskssrv.sys
2008-04-13 22:09 5,504 ----a-w C:\WINDOWS1\system32\drivers\mstee.sys
2008-04-13 22:09 5,376 ----a-w C:\WINDOWS1\system32\drivers\mspclock.sys
2008-04-13 22:09 42,368 ----a-w C:\WINDOWS1\system32\drivers\mountmgr.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]
C:\WINDOWS1\VirtualDNS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 14:21 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-15 12:02 482760]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-01 17:42 67128]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 07:08 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 17:46 28160 C:\WINDOWS1\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS1\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NWEReboot"=""

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 16264192 C:\WINDOWS1\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS1\SkyTel.exe]
"NvMediaCenter"="C:\WINDOWS1\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-24 19:25 949376]
"04eae56d"="C:\WINDOWS1\system32\xklfacqf.dll" [2008-05-30 15:09 115712]
"BM07d9d6f1"="C:\WINDOWS1\system32\fnfqgroy.dll" [2008-05-30 15:07 125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [1/1/2008 5:42:40 PM 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/6/2007 5:12:08 PM 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-12 16:28 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aei71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bfJ14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfj82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cgK61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Chk83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dhK71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dhL83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eim83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fjN26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gko83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hko58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ilP04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ims50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\koS03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\loS61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqu04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nqU27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nrV26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otY38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ptX83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ruY15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rvA83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swB71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\txB04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tyC61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyd82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vaE47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vyd37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcG38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xbf36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xbf72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xcg58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ydH14.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Samo Dernov�ek.SAMOPC^Start Menu^Programs^Startup^Izrezovalnik zaslona in zaganjalnik za OneNote 2007.lnk]
path=C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Start Menu\Programs\Startup\Izrezovalnik zaslona in zaganjalnik za OneNote 2007.lnk
backup=C:\WINDOWS1\pss\Izrezovalnik zaslona in zaganjalnik za OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM07d9d6f1]
C:\WINDOWS1\system32\geijliei.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEUpdate]
C:\WINDOWS1\system32\adsldps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Application Data\Microsoft\dtsc\24521.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS1\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS1\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\F.E.A.R\\fpupdate.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\F.E.A.R\\FEAR.exe"=
"C:\\Program Files\\F.E.A.R\\FEARMP.exe"=
"C:\\Program Files\\GRAW\\GRAW.exe"=
"C:\\Program Files\\CrossFire\\xfire.exe"=
"C:\\WINDOWS1\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS1\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus.ex"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\ProjectTorque\\ProjectTorque.bin"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\WarRock\\System\\WarRock.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Metin2\\metin2.bin"=
"C:\\Program Files\\CABAL Online\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*

isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*

isabled:SolidNetworkManager

R0 videX32;videX32;C:\WINDOWS1\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS1\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;"C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe" [2007-07-11 21:30]
S0 Aei71;Aei71;C:\WINDOWS1\system32\Drivers\Aei71.sys

S0 bfJ14;bfJ14;C:\WINDOWS1\system32\Drivers\bfJ14.sys

S0 Bfj82;Bfj82;C:\WINDOWS1\system32\Drivers\Bfj82.sys

S0 cgK61;cgK61;C:\WINDOWS1\system32\Drivers\cgK61.sys

S0 Chk83;Chk83;C:\WINDOWS1\system32\Drivers\Chk83.sys

S0 dhK71;dhK71;C:\WINDOWS1\system32\Drivers\dhK71.sys

S0 dhL83;dhL83;C:\WINDOWS1\system32\Drivers\dhL83.sys

S0 fjN26;fjN26;C:\WINDOWS1\system32\Drivers\fjN26.sys

S0 ilP04;ilP04;C:\WINDOWS1\system32\Drivers\ilP04.sys

S0 Ims50;Ims50;C:\WINDOWS1\system32\Drivers\Ims50.sys

S0 koS03;koS03;C:\WINDOWS1\system32\Drivers\koS03.sys

S0 loS61;loS61;C:\WINDOWS1\system32\Drivers\loS61.sys

S0 Mqu04;Mqu04;C:\WINDOWS1\system32\Drivers\Mqu04.sys

S0 nqU27;nqU27;C:\WINDOWS1\system32\Drivers\nqU27.sys

S0 nrV26;nrV26;C:\WINDOWS1\system32\Drivers\nrV26.sys

S0 otY38;otY38;C:\WINDOWS1\system32\Drivers\otY38.sys

S0 ptX83;ptX83;C:\WINDOWS1\system32\Drivers\ptX83.sys

S0 ruY15;ruY15;C:\WINDOWS1\system32\Drivers\ruY15.sys

S0 rvA83;rvA83;C:\WINDOWS1\system32\Drivers\rvA83.sys

S0 swB71;swB71;C:\WINDOWS1\system32\Drivers\swB71.sys

S0 txB04;txB04;C:\WINDOWS1\system32\Drivers\txB04.sys

S0 tyC61;tyC61;C:\WINDOWS1\system32\Drivers\tyC61.sys

S0 Uyd82;Uyd82;C:\WINDOWS1\system32\Drivers\Uyd82.sys

S0 vaE47;vaE47;C:\WINDOWS1\system32\Drivers\vaE47.sys

S0 Vyd37;Vyd37;C:\WINDOWS1\system32\Drivers\Vyd37.sys

S0 wcG38;wcG38;C:\WINDOWS1\system32\Drivers\wcG38.sys

S0 Xbf36;Xbf36;C:\WINDOWS1\system32\Drivers\Xbf36.sys

S0 Xbf72;Xbf72;C:\WINDOWS1\system32\Drivers\Xbf72.sys

S0 ydH14;ydH14;C:\WINDOWS1\system32\Drivers\ydH14.sys

S3 XDva042;XDva042;C:\WINDOWS1\system32\XDva042.sys

S3 XDva068;XDva068;C:\WINDOWS1\system32\XDva068.sys

S3 XDva074;XDva074;C:\WINDOWS1\system32\XDva074.sys

S3 XDva120;XDva120;C:\WINDOWS1\system32\XDva120.sys

S3 XDva145;XDva145;C:\WINDOWS1\system32\XDva145.sys

.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 13:47:02 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 11:11:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS1\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-05-31 11:18:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 09:16:59

Pre-Run: 13,412,622,336 bytes free
Post-Run: 13,815,652,352 bytes free

461 --- E O F --- 2007-11-14 02:01:37
(^ staat in code omdat ik anders

"Je bericht bevat 37 afbeeldingen. Je mag slechts 15 afbeeldingen invoegen. Ga terug, verhelp het probleem en probeer het opnieuw.

Onder afbeeldingen vallen ook smileys, de vB-code [img] en de HTML-code <img>. Je kunt deze onderdelen alleen gebruiken als ze door de beheerder zijn ingeschakeld."

kreeg

Blijkbaar werkt firefox nog niet helemaal

Google and some sites just dnt load...waiting for a response
But some random sites work like www.stickpage.com
www.google.com loads, but when i search it just goes like "waiting for google.com..." and doesnt ever time out or load

**Marckie** · 31-05-08, 11:42

Code tags weg gehaald, gebruik van smileys in je post uigeschakeld.

**Marckie** · 31-05-08, 13:57

Ik begrijp dat je iemand wil helpen, maar is het niet veel makkelijker dat de persoon die je helpt rechtstreeks contact heeft met ons?
Alles gaat vlugger, bij vragen kan hij rechtstreeks bij ons terecht..
Ik zie ook dat de voorbije dagen andere tools gebruikt zijn, dan welke ik geadviseerd hebt .
Wordt de persoon nog op een ander forum geholpen?

**Marckie** · 31-05-08, 14:11

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS1\VirtualDNS.dll (file missing)
O4 - HKLM\..\Run: [04eae56d] rundll32.exe "C:\WINDOWS1\system32\xklfacqf.dll",b
O4 - HKLM\..\Run: [BM07d9d6f1] Rundll32.exe "C:\WINDOWS1\system32\fnfqgroy.dll",s

Klik daarna op "Fix checked" en sluit HijackThis af.

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\Documents and Settings\Samo Dernovcatchme.zip
C:\WINDOWS1\system32\xklfacqf.dll
C:\WINDOWS1\system32\fnfqgroy.dll
C:\WINDOWS1\system32\uryldabs.dll
C:\WINDOWS1\system32\upsntbbo.dll
C:\WINDOWS1\system32\nqiqwuwq.dll
C:\WINDOWS1\accesss.exe
C:\WINDOWS1\astctl32.ocx
C:\WINDOWS1\y.exe
C:\WINDOWS1\x.exe
C:\WINDOWS1\avpcc.dll
C:\WINDOWS1\xxxvideo.hta
C:\WINDOWS1\003291_.tmp

Folder::
C:\SDFix

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM07d9d6f1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEUpdate]

Driver::
Aei71
bfJ14
Bfj82
cgK61
Chk83
dhK71
dhL83
fjN26
ilP04
Ims50
koS03
loS61
Mqu04
nqU27
nrV26
otY38
ptX83
ruY15
rvA83
swB71
txB04
tyC61
Uyd82
vaE47
Vyd37
wcG38
Xbf36
Xbf72
ydH14
XDva042
XDva068
XDva074
XDva120
XDva145

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

Start HijackThis opnieuw, maak een nieuwe log en post deze.

**vegetassj22** · 01-06-08, 16:12

Mijn vriend zit in slovenië en spreekt Engels met me. Ik weet niet of men hier ook Engels mag spreken, dus dacht ik dat het best was dat ik even tussenpersoon speelde.
Die andere tools heeft hij zelf gebruikt... dacht dat hij het beter wist

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:58, on 1.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\WINDOWS1\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS1\RTHDCPL.EXE
C:\WINDOWS1\system32\RUNDLL32.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS1\system32\wpabaln.exe
C:\WINDOWS1\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live - Pomoc pri vpisu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BM07d9d6f1] Rundll32.exe "C:\WINDOWS1\system32\fnfqgroy.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: I&zvozi v Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Po�lji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: P&o�lji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E8C5AC-1A05-45C1-A0F7-F1384B3552E0}: NameServer = 193.189.160.13,193.189.160.23
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DriveHQ FileManagerFun - Drive Headquarter - C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\system32\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10272 bytes

ComboFix 08-05-26.2 - Samo Dernov�ek 2008-06-01 15:07:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1412 [GMT 2:00]
Running from: C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Samo Dernovcatchme.zip
C:\WINDOWS1\003291_.tmp
C:\WINDOWS1\accesss.exe
C:\WINDOWS1\astctl32.ocx
C:\WINDOWS1\avpcc.dll
C:\WINDOWS1\system32\fnfqgroy.dll
C:\WINDOWS1\system32\nqiqwuwq.dll
C:\WINDOWS1\system32\upsntbbo.dll
C:\WINDOWS1\system32\uryldabs.dll
C:\WINDOWS1\system32\xklfacqf.dll
C:\WINDOWS1\x.exe
C:\WINDOWS1\xxxvideo.hta
C:\WINDOWS1\y.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Samo Dernovcatchme.zip
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\backups.zip
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS1\003291_.tmp
C:\WINDOWS1\accesss.exe
C:\WINDOWS1\astctl32.ocx
C:\WINDOWS1\avpcc.dll
C:\WINDOWS1\BM07d9d6f1.xml
C:\WINDOWS1\pskt.ini
C:\WINDOWS1\system32\fnfqgroy.dll
C:\WINDOWS1\system32\fqcaflkx.ini
C:\WINDOWS1\system32\nqiqwuwq.dll
C:\WINDOWS1\system32\upsntbbo.dll
C:\WINDOWS1\system32\xklfacqf.dll
C:\WINDOWS1\x.exe
C:\WINDOWS1\xxxvideo.hta
C:\WINDOWS1\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BFJ14
-------\Legacy_BFJ82
-------\Legacy_CGK61
-------\Legacy_KOS03
-------\Legacy_NRV26
-------\Legacy_OTY38
-------\Legacy_PTX83
-------\Legacy_XDVA042
-------\Legacy_XDVA068
-------\Legacy_XDVA074
-------\Legacy_XDVA120
-------\Legacy_XDVA145
-------\Service_Aei71
-------\Service_bfJ14
-------\Service_Bfj82
-------\Service_cgK61
-------\Service_Chk83
-------\Service_dhK71
-------\Service_dhL83
-------\Service_fjN26
-------\Service_ilP04
-------\Service_Ims50
-------\Service_koS03
-------\Service_loS61
-------\Service_Mqu04
-------\Service_nqU27
-------\Service_nrV26
-------\Service_otY38
-------\Service_ptX83
-------\Service_ruY15
-------\Service_rvA83
-------\Service_swB71
-------\Service_txB04
-------\Service_tyC61
-------\Service_Uyd82
-------\Service_vaE47
-------\Service_Vyd37
-------\Service_wcG38
-------\Service_Xbf36
-------\Service_Xbf72
-------\Service_XDva042
-------\Service_XDva068
-------\Service_XDva074
-------\Service_XDva120
-------\Service_XDva145
-------\Service_ydH14

((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-31 11:18 . 2008-05-31 11:18 <DIR> d-------- C:\Documents and Settings\Samo Dernov�ek.SAMOPC
2008-05-31 11:18 . 2008-05-31 11:18 <DIR> d-------- C:\Documents and Settings\Samo Dernov�ek
2008-05-31 11:18 . <DIR> C:\Documents and Settings\Samo Dernov�ek\Local Settings
2008-05-31 11:18 . <DIR> C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Local Settings
2008-05-31 11:18 . <DIR> C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Local Settings
2008-05-26 15:59 . 2008-05-26 16:00 <DIR> d-------- C:\WINDOWS1\ERUNT
2008-05-26 15:54 . 2008-05-26 15:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-26 15:03 . 2008-06-01 15:24 54,156 --ah----- C:\WINDOWS1\QTFont.qfn
2008-05-26 15:03 . 2008-05-26 15:03 1,409 --a------ C:\WINDOWS1\QTFont.for
2008-05-25 11:53 . 2008-05-25 11:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 09:47 . 2008-05-25 09:47 <DIR> d--h----- C:\WINDOWS1\system32\GroupPolicy
2008-05-24 23:18 . 2008-05-24 23:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-24 23:18 . 2008-05-24 23:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Lavasoft
2008-05-24 19:27 . 2008-05-24 19:25 512,096 --a------ C:\WINDOWS1\system32\drivers\amon.sys
2008-05-24 19:27 . 2008-05-24 19:25 298,104 --a------ C:\WINDOWS1\system32\imon.dll
2008-05-24 19:27 . 2008-05-24 19:25 15,424 --a------ C:\WINDOWS1\system32\drivers\nod32drv.sys
2008-05-24 19:14 . 2004-08-12 15:17 4,224 --a------ C:\WINDOWS1\system32\beep.sys
2008-05-24 19:13 . 2008-05-24 19:13 87,513 --a------ C:\WINDOWS1\system32\vbpdtvdp.exe
2008-05-24 18:10 . 2008-05-24 18:10 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2008-05-22 16:48 . 2008-05-22 16:48 4,444 --a------ C:\WINDOWS1\system32\pid.PNF
2008-05-20 23:17 . 2004-08-12 15:34 221,184 --a------ C:\WINDOWS1\system32\wmpns.dll
2008-05-20 14:04 . 2008-05-20 14:04 <DIR> d-------- C:\WINDOWS1\ServicePackFiles
2008-05-17 12:26 . 2008-05-18 15:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\POPWWPROFILES
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS1\system32\lsdelete.exe
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS1\system32\xfcodec.dll
2008-05-13 14:19 . 2003-10-27 14:06 115,016 --a------ C:\WINDOWS1\system32\MSINET.OCX
2008-05-13 14:19 . 2003-10-27 14:06 89,360 --a------ C:\WINDOWS1\system32\VB5DB.DLL
2008-05-13 14:19 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS1\system32\xmltok.dll
2008-05-13 14:19 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS1\system32\xmlparse.dll
2008-05-13 14:19 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS1\system32\comdlg32.oca
2008-05-13 14:19 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS1\system32\xmlinst.exe
2008-05-13 14:19 . 2003-10-27 14:06 24,576 --a------ C:\WINDOWS1\system32\msxml3a.dll
2008-05-10 01:11 . 2008-05-10 01:14 <DIR> d-------- C:\MyBackup
2008-05-10 00:11 . 2008-05-10 00:11 <DIR> d-------- C:\Program Files\PC Tune-Up
2008-05-06 23:44 . 2008-05-06 23:44 <DIR> d-------- C:\Program Files\iPod
2008-05-01 23:16 . 2008-05-06 14:37 <DIR> d-------- C:\Program Files\CABAL Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 11:34 22,328 ----a-w C:\WINDOWS1\system32\drivers\PnkBstrK.sys
2008-06-01 11:34 107,832 ----a-w C:\WINDOWS1\system32\PnkBstrB.exe
2008-06-01 08:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\DriveHQ
2008-06-01 00:54 --------- d-----w C:\Program Files\uTorrent
2008-05-31 10:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-30 11:13 --------- d-----w C:\Program Files\eMule
2008-05-29 16:32 --------- d-----w C:\Program Files\CrossFire
2008-05-24 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 17:34 --------- d-----w C:\Program Files\ESET
2008-05-24 05:30 --------- d-----w C:\Program Files\Ubisoft
2008-05-24 05:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 22:51 --------- d-----w C:\Program Files\WarRock
2008-05-08 18:05 --------- d-----w C:\Program Files\EA SPORTS
2008-05-08 18:04 --------- d-----w C:\Program Files\DANCE!ONLINE
2008-05-06 21:44 --------- d-----w C:\Program Files\iTunes
2008-05-06 21:43 --------- d-----w C:\Program Files\QuickTime
2008-05-06 21:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-29 11:49 --------- d-----w C:\Program Files\iMesh Applications
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS1\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS1\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS1\system32\drivers\Awrtpd.sys
2008-04-28 20:53 --------- d-----w C:\Program Files\Metin2
2008-04-28 12:30 --------- d-----w C:\Program Files\Shaiya
2008-04-27 12:32 --------- d-----w C:\Program Files\Teamspeak2
2008-04-20 11:23 --------- d-----w C:\Program Files\ProjectTorque
2008-04-17 12:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Application Data\Ubisoft
2008-04-15 11:55 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-14 03:55 1,804 ----a-w C:\WINDOWS1\system32\dcache.bin
2008-04-14 03:46 329,728 ----a-w C:\WINDOWS1\system32\netsetup.exe
2008-04-14 03:43 92,424 ----a-w C:\WINDOWS1\system32\rdpdd.dll
2008-04-14 03:43 87,176 ----a-w C:\WINDOWS1\system32\rdpwsx.dll
2008-04-14 03:43 40,840 ----a-w C:\WINDOWS1\system32\drivers\termdd.sys
2008-04-14 03:43 21,896 ----a-w C:\WINDOWS1\system32\drivers\tdtcp.sys
2008-04-14 03:43 139,656 ----a-w C:\WINDOWS1\system32\drivers\rdpwd.sys
2008-04-14 03:43 12,168 ----a-w C:\WINDOWS1\system32\tsddd.dll
2008-04-14 03:43 12,040 ----a-w C:\WINDOWS1\system32\drivers\tdpipe.sys
2008-04-14 03:41 98,304 ----a-w C:\WINDOWS1\system32\actxprxy.dll
2008-04-14 03:40 53,279 ----a-w C:\WINDOWS1\system32\odbcji32.dll
2008-04-14 03:40 4,126 ----a-w C:\WINDOWS1\system32\msdxmlc.dll
2008-04-14 03:40 3,584 ----a-w C:\WINDOWS1\system32\msafd.dll
2008-04-13 23:00 1,845,632 ----a-w C:\WINDOWS1\system32\win32k.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS1\system32\drivers\rdbss.sys
2008-04-13 22:54 2,145,280 ----a-w C:\WINDOWS1\system32\ntoskrnl.exe
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS1\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS1\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS1\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS1\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS1\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS1\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS1\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS1\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS1\system32\drivers\afd.sys
2008-04-13 22:48 52,480 ----a-w C:\WINDOWS1\system32\drivers\i8042prt.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS1\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS1\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS1\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS1\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS1\system32\drivers\ks.sys
2008-04-13 22:45 64,512 ----a-w C:\WINDOWS1\system32\drivers\serial.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS1\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS1\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS1\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS1\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS1\system32\drivers\fastfat.sys
2008-04-13 22:30 30,080 ----a-w C:\WINDOWS1\system32\drivers\modem.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS1\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS1\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS1\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS1\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS1\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS1\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS1\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS1\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS1\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS1\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS1\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS1\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS1\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS1\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS1\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS1\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS1\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOWS1\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS1\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS1\system32\drivers\rmcast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS1\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS1\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS1\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS1\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 ----a-w C:\WINDOWS1\system32\drivers\http.sys
2008-04-13 22:21 61,824 ----a-w C:\WINDOWS1\system32\drivers\nic1394.sys
2008-04-13 22:21 60,800 ----a-w C:\WINDOWS1\system32\drivers\arp1394.sys
2008-04-13 22:21 59,904 ----a-w C:\WINDOWS1\system32\drivers\atmarpc.sys
2008-04-13 22:21 55,808 ----a-w C:\WINDOWS1\system32\drivers\atmlane.sys
2008-04-13 22:21 101,120 ------w C:\WINDOWS1\system32\drivers\bthpan.sys
2008-04-13 22:17 25,856 ----a-w C:\WINDOWS1\system32\drivers\usbprint.sys
2008-04-13 22:15 60,160 ----a-w C:\WINDOWS1\system32\drivers\drmk.sys
2008-04-13 22:14 81,664 ----a-w C:\WINDOWS1\system32\drivers\videoprt.sys
2008-04-13 22:14 799,744 ----a-w C:\WINDOWS1\system32\drivers\dmboot.sys
2008-04-13 22:14 20,992 ----a-w C:\WINDOWS1\system32\drivers\vga.sys
.

((((((((((((((((((((((((((((( [email protected]_11.16.35.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-31 09:10:27 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
+ 2008-06-01 13:24:03 2,048 --s-a-w C:\WINDOWS1\bootstat.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 14:21 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-15 12:02 482760]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-01 17:42 67128]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 07:08 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 17:46 28160 C:\WINDOWS1\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS1\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NWEReboot"=""

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 16264192 C:\WINDOWS1\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS1\SkyTel.exe]
"NvMediaCenter"="C:\WINDOWS1\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-24 19:25 949376]
"BM07d9d6f1"="C:\WINDOWS1\system32\fnfqgroy.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [1/1/2008 5:42:40 PM 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/6/2007 5:12:08 PM 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-12 16:28 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Aei71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bfJ14.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfj82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cgK61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Chk83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dhK71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dhL83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Eim83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fjN26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gko83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hko58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ilP04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ims50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\koS03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\loS61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqu04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nqU27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nrV26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otY38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ptX83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ruY15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rvA83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swB71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\txB04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txb26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tyC61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uyd82.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vaE47.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vyd37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wcG38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xbf36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xbf72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xcg58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ydH14.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Samo Dernov�ek.SAMOPC^Start Menu^Programs^Startup^Izrezovalnik zaslona in zaganjalnik za OneNote 2007.lnk]
path=C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Start Menu\Programs\Startup\Izrezovalnik zaslona in zaganjalnik za OneNote 2007.lnk
backup=C:\WINDOWS1\pss\Izrezovalnik zaslona in zaganjalnik za OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
C:\Documents and Settings\Samo Dernov�ek.SAMOPC\Application Data\Microsoft\dtsc\24521.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS1\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS1\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\F.E.A.R\\fpupdate.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\F.E.A.R\\FEAR.exe"=
"C:\\Program Files\\F.E.A.R\\FEARMP.exe"=
"C:\\Program Files\\GRAW\\GRAW.exe"=
"C:\\Program Files\\CrossFire\\xfire.exe"=
"C:\\WINDOWS1\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS1\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus.ex"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\ProjectTorque\\ProjectTorque.bin"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\WarRock\\System\\WarRock.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Metin2\\metin2.bin"=
"C:\\Program Files\\CABAL Online\\launcher\\update\\ESTdnheadless.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*

isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*

isabled:SolidNetworkManager

R0 videX32;videX32;C:\WINDOWS1\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS1\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;"C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe" [2007-07-11 21:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90b52150-4395-11dc-8d43-001966009b76}]
\Shell\AutoRun\command - D:\MLLaunch.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 13:47:00 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 15:24:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS1\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\WINDOWS1\system32\PnkBstrA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS1\system32\wpabaln.exe
.
**************************************************************************
.
Completion time: 2008-06-01 15:31:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 13:31:35
ComboFix2.txt 2008-05-31 09:18:03

Pre-Run: 8,586,850,304 bytes free
Post-Run: 8,626,384,896 bytes free

543 --- E O F --- 2007-11-14 02:01:37

Verder vraagt hij of dit veilig is:
http://www.liutilities.com/products/campaigns/plib/rbplib/

Dank bij voorbaat

**Marckie** · 01-06-08, 16:21

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O4 - HKLM\..\Run: [BM07d9d6f1] Rundll32.exe "C:\WINDOWS1\system32\fnfqgroy.dll",s

Klik daarna op "Fix checked" en sluit HijackThis af.

Zijn er nog problemen?

**vegetassj22** · 01-06-08, 16:30

Verder vraagt hij of dit veilig is:
http://www.liutilities.com/products/campaigns/plib/rbplib/

**Marckie** · 01-06-08, 16:33

Voor je andere tools gaat gebruiken, kan je beter zorgen dat de computer weer malwarevrij is. Ik zie trouwens het nut niet van dergelijke programma's.

Mededeling

virus killt internet

virus killt internet

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment