problem z wirusami i z logbookiem

[Kagome_171]

skanowalam komputer escanem i znalazlo pare wirusow + mam service event log error 4201 i chcialam zastosowac http://forums.microsoft.com/msdn/showpost.aspx?postid=1280359&siteid=1&sb=0&d=1&at=7&ft=11&tf=0&pageid=1
ale zauwazylam ze nie chce sie wlaczyc regedit.
+ w wwd nie moge zamknac dcom (port 135) mowi ze zamknie przy nastepnym uruchomieniu ale tego nie robi


logi:

Deckard's System Scanner v20071014.68
Run by Kagome17 on 2008-06-02 11:56:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
18: 2008-06-02 08:31:58 UTC - RP98 - Windows Update
17: 2008-06-02 08:06:40 UTC - RP97 - Windows Update
16: 2008-06-02 07:49:46 UTC - RP96 - Windows Update
15: 2008-06-01 22:00:05 UTC - RP95 - Gepland herstelpunt
14: 2008-05-31 22:22:38 UTC - RP94 - Gepland herstelpunt


-- First Restore Point --
1: 2008-05-18 22:00:02 UTC - RP81 - Gepland herstelpunt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kagome17.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:03, on 2-6-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Users\Kagome17\AppData\Local\Temp\mexe.com
C:\Windows\system32\wuauclt.exe
C:\Users\Kagome17\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kagome17\Desktop\HIJACK~1\Kagome17.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=NL&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6145 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-02 11:30:00 346 --a------ C:\Windows\Tasks\Uitgebreide garantie.job
2008-06-02 11:30:00 346 --a------ C:\Windows\Tasks\Recovery DVD Creator.job


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 11:40:08 0 d-a------ C:\Windows\system32\systems.txt
2008-06-02 10:41:35 0 d-------- C:\WUTemp
2008-06-02 10:38:59 1043 --a------ C:\Windows\mozver.dat
2008-06-02 10:06:23 0 dr------- C:\Users\Kagome17\Favorites
2008-05-15 19:29:48 0 d-a------ C:\Windows\zts2.exe
2008-05-15 19:29:48 0 d-a------ C:\Windows\system32\vcmgcd32.dll
2008-05-15 19:29:48 0 d-a------ C:\Windows\system32\iifgfgf.dll
2008-05-15 19:29:48 0 d-a------ C:\Windows\rundll16.exe
2008-05-15 19:29:48 0 d-a------ C:\Windows\rundl132.dll
2008-05-15 19:29:48 0 d-a------ C:\Windows\logo1_.exe
2008-05-05 21:10:20 200704 --a------ C:\Windows\system32\UpdateDriver.exe <Not Verified; ; UpdateDriver Application>
2008-05-05 21:10:20 40960 --a------ C:\Windows\system32\F5D7050.dll
2008-05-05 21:10:04 0 d-------- C:\Users\Kagome17\Application Data\InstallShield
2008-05-05 21:04:34 0 d-------- C:\Program Files\Belkin
2008-05-05 13:22:08 0 d-------- C:\Program Files\Ares
2008-05-05 13:17:44 0 d-------- C:\Users\Kagome17\Application Data\Samsung
2008-05-05 13:17:04 174592 --a------ C:\Windows\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-05 13:16:11 5632 --a------ C:\Windows\system32\drivers\StarOpen.sys
2008-05-04 16:31:47 0 d-------- C:\DVDVideoSoft
2008-05-04 16:20:14 0 d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-05-04 16:20:03 0 d-------- C:\Program Files\DVDVIDEOSOFT
2008-05-04 02:03:43 0 d-------- C:\Program Files\Audacity


-- Find3M Report ---------------------------------------------------------------

2008-06-02 11:54:52 0 d-------- C:\Users\Kagome17\AppData\Roaming\DNA
2008-06-02 11:35:39 699038 --a------ C:\Windows\system32\perfh013.dat
2008-06-02 11:35:39 127210 --a------ C:\Windows\system32\perfc013.dat
2008-06-02 10:24:41 0 d-------- C:\Users\Kagome17\AppData\Roaming\AVG7
2008-06-01 19:57:11 0 d-------- C:\Users\Kagome17\AppData\Roaming\gtk-2.0
2008-05-23 23:55:33 0 d-------- C:\Program Files\Windows Mail
2008-05-15 20:09:04 0 d-------- C:\Users\Kagome17\AppData\Roaming\BitTorrent
2008-05-05 21:10:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 21:10:04 0 d-------- C:\Users\Kagome17\AppData\Roaming\InstallShield
2008-05-05 20:11:33 0 d-------- C:\Users\Kagome17\AppData\Roaming\Winamp
2008-05-05 13:17:44 0 d-------- C:\Users\Kagome17\AppData\Roaming\Samsung
2008-05-04 16:20:14 0 d-------- C:\Program Files\Common Files
2008-05-01 00:00:12 0 d-------- C:\Program Files\Picasa2
2008-04-29 23:28:09 0 d-------- C:\Program Files\Google
2008-04-29 22:50:56 0 d-------- C:\Users\Kagome17\AppData\Roaming\Google
2008-04-28 22:25:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-28 22:23:19 0 d-------- C:\Program Files\CCleaner
2008-04-28 22:23:10 0 d-------- C:\Program Files\Yahoo!
2008-04-28 22:21:02 0 d-------- C:\Users\Kagome17\AppData\Roaming\Packard Bell
2008-04-28 21:48:12 3476 --a------ C:\Program Files\mpc7.reg
2008-04-28 21:48:12 18156 --a------ C:\Program Files\mpc6.reg
2008-04-28 21:48:12 16218 --a------ C:\Program Files\mpc5.reg
2008-04-28 21:48:12 770 --a------ C:\Program Files\mpc4.reg
2008-04-28 21:48:12 3026 --a------ C:\Program Files\mpc3.reg
2008-04-28 21:48:12 680 --a------ C:\Program Files\mpc2.reg
2008-04-28 21:48:12 596 --a------ C:\Program Files\mpc1.reg
2008-04-28 21:48:12 362 --a------ C:\Program Files\ffdsvsetts.reg
2008-04-28 21:48:12 1658 --a------ C:\Program Files\ffdssetts.reg
2008-04-28 21:48:12 1292 --a------ C:\Program Files\ffdsasetts.reg
2008-04-28 20:33:49 0 d-------- C:\Program Files\Common Files\GTK
2008-04-28 20:21:28 0 d-------- C:\Program Files\GIMP-2.0
2008-04-28 18:41:23 174 --ahs---- C:\Program Files\desktop.ini
2008-04-28 18:37:53 0 d-------- C:\Program Files\Windows Calendar
2008-04-28 18:37:48 0 d-------- C:\Program Files\Windows Sidebar
2008-04-28 18:37:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-28 18:28:55 0 d-------- C:\Program Files\Winamp
2008-04-28 17:14:47 0 d-------- C:\Users\Kagome17\AppData\Roaming\Desktopicon
2008-04-28 16:54:13 0 d-------- C:\Program Files\Samsung
2008-04-28 16:48:19 0 d-------- C:\Program Files\BitTorrent
2008-04-28 16:48:13 0 d-------- C:\Program Files\DNA
2008-04-28 16:46:50 0 d-------- C:\Program Files\PS Tray Factory
2008-04-28 16:33:43 0 d-------- C:\Users\Kagome17\AppData\Roaming\Adobe
2008-04-28 16:20:15 0 d-------- C:\Program Files\MSXML 4.0
2008-04-28 16:11:06 0 --a------ C:\Windows\nsreg.dat
2008-04-28 16:03:57 0 d-------- C:\Users\Kagome17\AppData\Roaming\Macromedia
2008-04-28 15:14:58 0 d-------- C:\Users\Kagome17\AppData\Roaming\Media Player Classic
2008-04-28 15:12:11 0 d-------- C:\Users\Kagome17\AppData\Roaming\Grisoft
2008-04-28 14:55:16 4688 --a------ C:\Program Files\satsukidecodersettings.ini
2008-04-28 14:55:16 0 d-------- C:\Program Files\Satsuki Decoder Pack
2008-04-28 14:52:12 0 d-------- C:\Users\Kagome17\AppData\Roaming\Talkback
2008-04-28 14:51:58 0 d-------- C:\Users\Kagome17\AppData\Roaming\Mozilla
2008-04-28 13:49:15 0 d-------- C:\Users\Kagome17\AppData\Roaming\CyberLink
2008-04-28 13:49:00 0 d-------- C:\Users\Kagome17\AppData\Roaming\Roxio
2008-04-28 13:49:00 0 d-------- C:\Users\Kagome17\AppData\Roaming\ATI
2008-04-28 13:48:23 0 d-------- C:\Users\Kagome17\AppData\Roaming\Identities
2008-04-28 13:39:03 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06-09-2007 23:10]
"RtHDVCpl"="RtHDVCpl.exe" [10-04-2007 16:01 C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10-11-2006 12:35]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [11-01-2007 11:40]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [20-02-2007 18:20]
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [18-01-2007 14:03]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28-04-2008 16:09]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 11:25]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [10-11-2006 12:12]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01-04-2008 20:49]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [01-03-2008 07:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [28-04-2008 16:25]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [19-07-2007 15:32]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [02-06-2008 10:24]
"ares"="C:\Program Files\Ares\Ares.exe" [04-05-2007 02:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"TrayFactory"=C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 28-04-2008 15:03 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-02 11:58:57 ------------

ComboFix 08-06-01.6 - Kagome17 2008-06-02 12:07:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.751 [GMT 2:00]
Gestart vanuit: C:\Users\Kagome17\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))
.

2008-06-02 11:55 . 2008-06-02 11:55 <DIR> d-------- C:\Deckard
2008-06-02 10:41 . 2008-06-02 10:41 <DIR> d-------- C:\WUTemp
2008-06-02 10:38 . 2008-06-02 10:39 1,043 --a------ C:\Windows\mozver.dat
2008-06-02 09:49 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-02 09:49 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\zts2.exe
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\System32\vcmgcd32.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\System32\iifgfgf.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\rundll16.exe
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\rundl132.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\logo1_.exe
2008-05-15 19:28 . 2008-06-02 11:38 26 --a------ C:\Windows\Lic.xxx
2008-05-05 21:10 . 2008-05-05 21:10 <DIR> d-------- C:\Users\Kagome17\AppData\Roaming\InstallShield
2008-05-05 21:10 . 2006-08-15 11:42 200,704 --a------ C:\Windows\System32\UpdateDriver.exe
2008-05-05 21:10 . 2004-04-30 15:12 40,960 --a------ C:\Windows\System32\F5D7050.dll
2008-05-05 21:10 . 2006-11-21 11:41 5,230 --a------ C:\Windows\System32\ucuiinfo.ini
2008-05-05 21:04 . 2008-05-05 21:10 <DIR> d-------- C:\Program Files\Belkin
2008-05-05 15:06 . 2008-05-05 15:06 33 --a------ C:\Windows\Multimedia manager.INI
2008-05-05 13:22 . 2008-05-05 13:22 <DIR> d-------- C:\Program Files\Ares
2008-05-05 13:17 . 2008-05-05 13:17 <DIR> d-------- C:\Users\Kagome17\AppData\Roaming\Samsung
2008-05-05 13:17 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-05-05 13:16 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-05-04 16:31 . 2008-05-04 16:36 <DIR> d-------- C:\DVDVideoSoft
2008-05-04 16:20 . 2008-05-04 16:33 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2008-05-04 16:20 . 2008-05-04 16:36 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-05-04 16:20 . 2002-01-05 15:37 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-05-04 02:03 . 2008-05-04 02:03 <DIR> d-------- C:\Program Files\Audacity

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 10:04 --------- d-----w C:\Users\Kagome17\AppData\Roaming\DNA
2008-06-02 08:24 --------- d-----w C:\Users\Kagome17\AppData\Roaming\AVG7
2008-06-01 17:57 --------- d-----w C:\Users\Kagome17\AppData\Roaming\gtk-2.0
2008-05-23 21:55 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 18:09 --------- d-----w C:\Users\Kagome17\AppData\Roaming\BitTorrent
2008-05-05 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 18:11 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Winamp
2008-04-30 22:00 --------- d-----w C:\Program Files\Picasa2
2008-04-29 21:28 --------- d-----w C:\Program Files\Google
2008-04-29 21:18 --------- d-----w C:\Program Files\Unlocker
2008-04-28 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 20:23 --------- d-----w C:\Program Files\Yahoo!
2008-04-28 20:23 --------- d-----w C:\Program Files\CCleaner
2008-04-28 20:21 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Packard Bell
2008-04-28 19:48 770 ----a-w C:\Program Files\mpc4.reg
2008-04-28 19:48 680 ----a-w C:\Program Files\mpc2.reg
2008-04-28 19:48 596 ----a-w C:\Program Files\mpc1.reg
2008-04-28 19:48 362 ----a-w C:\Program Files\ffdsvsetts.reg
2008-04-28 19:48 3,476 ----a-w C:\Program Files\mpc7.reg
2008-04-28 19:48 3,026 ----a-w C:\Program Files\mpc3.reg
2008-04-28 19:48 18,156 ----a-w C:\Program Files\mpc6.reg
2008-04-28 19:48 16,218 ----a-w C:\Program Files\mpc5.reg
2008-04-28 19:48 1,658 ----a-w C:\Program Files\ffdssetts.reg
2008-04-28 19:48 1,292 ----a-w C:\Program Files\ffdsasetts.reg
2008-04-28 18:33 --------- d-----w C:\Program Files\Common Files\GTK
2008-04-28 18:21 --------- d-----w C:\Program Files\GIMP-2.0
2008-04-28 16:41 174 --sha-w C:\Program Files\desktop.ini
2008-04-28 16:40 --------- d-----w C:\ProgramData\Sonic
2008-04-28 16:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-28 16:37 --------- d-----w C:\Program Files\Windows Calendar
2008-04-28 16:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-28 16:28 --------- d-----w C:\Program Files\Winamp
2008-04-28 15:14 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Desktopicon
2008-04-28 14:54 --------- d-----w C:\Program Files\Samsung
2008-04-28 14:48 --------- d-----w C:\Program Files\DNA
2008-04-28 14:48 --------- d-----w C:\Program Files\BitTorrent
2008-04-28 14:46 --------- d-----w C:\Program Files\PS Tray Factory
2008-04-28 14:38 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-28 14:38 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-28 14:38 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-28 14:38 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-28 14:38 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-28 14:38 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-04-28 14:38 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-28 14:38 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-28 14:38 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-28 14:38 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-28 14:38 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-28 14:38 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-28 14:36 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-28 14:36 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-28 14:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-28 14:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-28 14:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-28 14:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-28 14:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-28 14:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-28 14:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-28 14:34 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-28 14:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-28 14:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-28 14:34 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-28 14:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-28 14:33 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-28 14:33 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-04-28 14:33 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-04-28 14:33 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-04-28 14:33 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-04-28 14:33 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-28 14:33 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-04-28 14:33 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-04-28 14:33 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-28 14:32 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-28 14:32 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-28 14:32 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-28 14:32 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-28 14:32 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-28 14:31 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-28 14:29 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-28 14:29 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-04-28 14:29 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-04-28 14:29 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-04-28 14:29 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-04-28 14:29 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-04-28 14:29 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-04-28 14:29 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-28 14:29 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-04-28 14:29 12,800 ----a-w C:\Windows\System32\batt.dll
2008-04-28 14:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-28 14:28 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-28 14:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-28 14:28 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-28 14:27 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-28 14:27 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-04-28 14:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-28 14:24 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-28 14:24 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-28 14:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-04-28 14:23 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-28 14:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-28 16:25 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 10:24 289088]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-28 16:09 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-28 15:03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-28 15:03 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{84B33403-58B7-4225-B59B-E35796F76BE5}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{280BC2FE-0409-4CEE-BE5A-581D0B14EFF3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D5AB0C93-FB12-48A3-8FFB-2CE946E789B0}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8EE312B1-BFE6-41F1-A725-F5932573B255}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D1BF96FB-9049-457B-8920-20929AE32368}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{7333A691-894F-43E0-9A7E-F990529688B4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{234CE6B2-B6BC-4034-9F09-FE0B69324E52}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{6DE3C40B-039A-4A7B-A0E5-7C19F972FBFA}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{2750B071-DAFA-49CC-A16E-54FC76C7CB38}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 19:29]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]

*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-02 10:00:01 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-06-02 10:00:01 C:\Windows\Tasks\Uitgebreide garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 12:09:40
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-06-02 12:10:32
ComboFix-quarantined-files.txt 2008-06-02 10:10:29

Pre-Run: 264,345,677,824 bytes beschikbaar
Post-Run: 264,356,663,296 bytes beschikbaar

216 --- E O F --- 2008-06-02 08:33:55

02 jun 2008 12:13:42 - Offending Key found: HKCU\Software\kazaa !!!
02 jun 2008 12:13:44 - Obiekt "kazaa Spyware/Adware" zosta³ znaleziony w systemie plików! Podjêta akcja: Nie podjêto dzia³ania.

02 jun 2008 12:13:48 - Offending Registry Entry found: hklm\software\microsoft\windows\currentversion\explorer\alwaysunloaddll
02 jun 2008 12:13:48 - System found infected with regsort Corrupted Adware/Spyware (hklm\software\microsoft\windows\currentversion\explorer\alwaysunloaddll)! Action taken: Nie podjêto dzia³ania.

02 jun 2008 12:13:49 - Offending Registry Entry found: hkcu\software\microsoft\ole
02 jun 2008 12:13:49 - System found infected with backdoor (ircbot) trojans Spyware/Adware (hkcu\software\microsoft\ole)! Action taken: Nie podjêto dzia³ania.

02 jun 2008 12:13:50 - Offending file found: C:\PROGRA~1\ares\ares.exe
02 jun 2008 12:13:50 - System found infected with killav.nbd Browser Hijacker (C:\PROGRA~1\ares\ares.exe)! Action taken: Nie podjêto dzia³ania.

02 jun 2008 12:13:51 - Offending Registry Entry found: hkcu\software\wget
02 jun 2008 12:13:51 - System found infected with backdoor (ircbot) trojans Spyware/Adware (hkcu\software\wget)! Action taken: Nie podjêto dzia³ania.

02 jun 2008 12:13:51 - Offending Registry Entry found: hkcu\software\microsoft\internet explorer\desktop\safemode\components
02 jun 2008 12:13:51 - System found infected with combo Spyware/Adware (hkcu\software\microsoft\internet explorer\desktop\safemode\components)! Action taken: Nie podjêto dzia³ania.
02 jun 2008 12:14:06 - Wpis "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odnosi siê do nieprawid³owego obiektu ".4". Podjêta akcja: Nie podjêto dzia³ania.

02 jun 2008 12:14:06 - Wpis "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odnosi siê do nieprawid³owego obiektu ".5". Podjêta akcja: Nie podjêto dzia³ania.

02 jun 2008 12:14:06 - Wpis "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odnosi siê do nieprawid³owego obiektu ".etl". Podjêta akcja: Nie podjêto dzia³ania.

02 jun 2008 12:14:06 - Wpis "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odnosi siê do nieprawid³owego obiektu ".thumbnails". Podjêta akcja: Nie podjêto dzia³ania.

02 jun 2008 12:14:06 - Wpis "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odnosi siê do nieprawid³owego obiektu ".xht". Podjêta akcja: Nie podjêto dzia³ania.

02 jun 2008 12:14:06 - Wpis "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odnosi siê do nieprawid³owego obiektu ".xhtml". Podjêta akcja: Nie podjêto dzia³ania.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:20, on 2-6-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Windows\System32\WScript.exe
C:\Users\Kagome17\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=NL&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5677 bytes

[Okocza]

fix w hijacku

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

otworz notatnik i wklej:

Kod: Zaznacz wszystko

File::
C:\Windows\System32\vcmgcd32.dll
C:\Windows\System32\iifgfgf.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]


Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[Kagome_171]

ok

logi z combofixa + silenta:

ComboFix 08-06-01.6 - Kagome17 2008-06-02 15:34:20.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.946 [GMT 2:00]
Gestart vanuit: C:\Users\Kagome17\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kagome17\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\Windows\System32\iifgfgf.dll
C:\Windows\System32\vcmgcd32.dll
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))
.

2008-06-02 11:55 . 2008-06-02 11:55 <DIR> d-------- C:\Deckard
2008-06-02 10:41 . 2008-06-02 10:41 <DIR> d-------- C:\WUTemp
2008-06-02 10:38 . 2008-06-02 10:39 1,043 --a------ C:\Windows\mozver.dat
2008-06-02 09:49 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-02 09:49 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\zts2.exe
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\System32\vcmgcd32.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\System32\iifgfgf.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\rundll16.exe
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\rundl132.dll
2008-05-15 19:29 . 2008-05-15 19:29 <DIR> d-a------ C:\Windows\logo1_.exe
2008-05-15 19:28 . 2008-06-02 12:11 26 --a------ C:\Windows\Lic.xxx
2008-05-05 21:10 . 2008-05-05 21:10 <DIR> d-------- C:\Users\Kagome17\AppData\Roaming\InstallShield
2008-05-05 21:10 . 2006-08-15 11:42 200,704 --a------ C:\Windows\System32\UpdateDriver.exe
2008-05-05 21:10 . 2004-04-30 15:12 40,960 --a------ C:\Windows\System32\F5D7050.dll
2008-05-05 21:10 . 2006-11-21 11:41 5,230 --a------ C:\Windows\System32\ucuiinfo.ini
2008-05-05 21:04 . 2008-05-05 21:10 <DIR> d-------- C:\Program Files\Belkin
2008-05-05 15:06 . 2008-05-05 15:06 33 --a------ C:\Windows\Multimedia manager.INI
2008-05-05 13:22 . 2008-05-05 13:22 <DIR> d-------- C:\Program Files\Ares
2008-05-05 13:17 . 2008-05-05 13:17 <DIR> d-------- C:\Users\Kagome17\AppData\Roaming\Samsung
2008-05-05 13:17 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-05-05 13:16 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-05-04 16:31 . 2008-05-04 16:36 <DIR> d-------- C:\DVDVideoSoft
2008-05-04 16:20 . 2008-05-04 16:33 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2008-05-04 16:20 . 2008-05-04 16:36 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-05-04 16:20 . 2002-01-05 15:37 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-05-04 02:03 . 2008-05-04 02:03 <DIR> d-------- C:\Program Files\Audacity

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 13:35 --------- d-----w C:\Users\Kagome17\AppData\Roaming\DNA
2008-06-02 08:24 --------- d-----w C:\Users\Kagome17\AppData\Roaming\AVG7
2008-06-01 17:57 --------- d-----w C:\Users\Kagome17\AppData\Roaming\gtk-2.0
2008-05-23 21:55 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 18:09 --------- d-----w C:\Users\Kagome17\AppData\Roaming\BitTorrent
2008-05-05 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 18:11 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Winamp
2008-04-30 22:00 --------- d-----w C:\Program Files\Picasa2
2008-04-29 21:28 --------- d-----w C:\Program Files\Google
2008-04-29 21:18 --------- d-----w C:\Program Files\Unlocker
2008-04-28 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 20:23 --------- d-----w C:\Program Files\Yahoo!
2008-04-28 20:23 --------- d-----w C:\Program Files\CCleaner
2008-04-28 20:21 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Packard Bell
2008-04-28 19:48 770 ----a-w C:\Program Files\mpc4.reg
2008-04-28 19:48 680 ----a-w C:\Program Files\mpc2.reg
2008-04-28 19:48 596 ----a-w C:\Program Files\mpc1.reg
2008-04-28 19:48 362 ----a-w C:\Program Files\ffdsvsetts.reg
2008-04-28 19:48 3,476 ----a-w C:\Program Files\mpc7.reg
2008-04-28 19:48 3,026 ----a-w C:\Program Files\mpc3.reg
2008-04-28 19:48 18,156 ----a-w C:\Program Files\mpc6.reg
2008-04-28 19:48 16,218 ----a-w C:\Program Files\mpc5.reg
2008-04-28 19:48 1,658 ----a-w C:\Program Files\ffdssetts.reg
2008-04-28 19:48 1,292 ----a-w C:\Program Files\ffdsasetts.reg
2008-04-28 18:33 --------- d-----w C:\Program Files\Common Files\GTK
2008-04-28 18:21 --------- d-----w C:\Program Files\GIMP-2.0
2008-04-28 16:41 174 --sha-w C:\Program Files\desktop.ini
2008-04-28 16:40 --------- d-----w C:\ProgramData\Sonic
2008-04-28 16:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-28 16:37 --------- d-----w C:\Program Files\Windows Calendar
2008-04-28 16:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-28 16:28 --------- d-----w C:\Program Files\Winamp
2008-04-28 15:14 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Desktopicon
2008-04-28 14:54 --------- d-----w C:\Program Files\Samsung
2008-04-28 14:48 --------- d-----w C:\Program Files\DNA
2008-04-28 14:48 --------- d-----w C:\Program Files\BitTorrent
2008-04-28 14:46 --------- d-----w C:\Program Files\PS Tray Factory
2008-04-28 14:38 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-28 14:38 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-28 14:38 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-28 14:38 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-28 14:38 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-28 14:38 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-04-28 14:38 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-28 14:38 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-28 14:38 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-28 14:38 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-28 14:38 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-28 14:38 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-28 14:36 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-28 14:36 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-28 14:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-28 14:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-28 14:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-28 14:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-28 14:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-28 14:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-28 14:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-28 14:34 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-28 14:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-28 14:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-28 14:34 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-28 14:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-28 14:33 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-04-28 14:33 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-04-28 14:33 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-04-28 14:33 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-04-28 14:33 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-04-28 14:33 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-28 14:33 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-04-28 14:33 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-04-28 14:33 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-28 14:32 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-28 14:32 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-28 14:32 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-28 14:32 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-28 14:32 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-28 14:31 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-28 14:29 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-28 14:29 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-04-28 14:29 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-04-28 14:29 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-04-28 14:29 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-04-28 14:29 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-04-28 14:29 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-04-28 14:29 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-28 14:29 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-04-28 14:29 12,800 ----a-w C:\Windows\System32\batt.dll
2008-04-28 14:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-28 14:28 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-28 14:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-28 14:28 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-28 14:27 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-28 14:27 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-04-28 14:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-28 14:24 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-28 14:24 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-28 14:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-04-28 14:23 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-28 14:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-06-02_12.10.14,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 09:14:29 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-02 11:35:03 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-02 11:35:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-02 11:35:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-02 09:16:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-02 11:37:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-02 11:37:32 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-02 09:16:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-02 11:37:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-02 11:37:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-31 18:03:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-02 12:49:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-31 18:03:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-02 12:49:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-31 18:03:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-02 12:49:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-05 19:00:22 271,600 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-06-02 11:35:03 271,600 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-06-02 09:35:39 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-02 11:40:16 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-02 09:35:39 127,210 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-06-02 11:40:16 127,210 ----a-w C:\Windows\System32\perfc013.dat
- 2008-06-02 09:35:39 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-02 11:40:16 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-02 09:35:39 699,038 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-06-02 11:40:16 699,038 ----a-w C:\Windows\System32\perfh013.dat
- 2008-06-02 09:17:10 5,004 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1792446332-4255028786-3400362792-1002_UserData.bin
+ 2008-06-02 11:37:42 5,052 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1792446332-4255028786-3400362792-1002_UserData.bin
- 2008-06-02 09:17:10 44,620 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-02 11:37:42 45,270 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-02 09:17:07 29,254 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-02 11:37:40 29,318 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-28 16:25 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 10:24 289088]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-28 16:09 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-28 15:03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{84B33403-58B7-4225-B59B-E35796F76BE5}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{280BC2FE-0409-4CEE-BE5A-581D0B14EFF3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D5AB0C93-FB12-48A3-8FFB-2CE946E789B0}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8EE312B1-BFE6-41F1-A725-F5932573B255}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D1BF96FB-9049-457B-8920-20929AE32368}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{7333A691-894F-43E0-9A7E-F990529688B4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{234CE6B2-B6BC-4034-9F09-FE0B69324E52}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{6DE3C40B-039A-4A7B-A0E5-7C19F972FBFA}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{2750B071-DAFA-49CC-A16E-54FC76C7CB38}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 19:29]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]

.
Inhoud van de 'Gedeelde Taken' map
"2008-06-02 13:29:59 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-06-02 13:29:59 C:\Windows\Tasks\Uitgebreide garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 15:36:41
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-06-02 15:37:25
ComboFix-quarantined-files.txt 2008-06-02 13:37:22
ComboFix2.txt 2008-06-02 10:10:33

Pre-Run: 260,765,270,016 bytes beschikbaar
Post-Run: 260,851,425,280 bytes beschikbaar

255 --- E O F --- 2008-06-02 08:33:55

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"SmpcSys" = "C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" ["Packard Bell BV"]
"BitTorrent DNA" = ""C:\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]
"ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"StartCCC" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [null data]
"RoxWatchTray" = ""C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"" ["Sonic Solutions"]
"toolbar_eula_launcher" = "C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [null data]
"ACTIVBOARD" = "C:\Program Files\Packard Bell\FIJI\aboard.exe" ["Packard Bell BV"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"TrayFactory" = "C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start" ["PS Soft Lab"]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"UnlockerAssistant" = ""C:\Program Files\Unlocker\UnlockerAssistant.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"TrayFactory" = "C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start" ["PS Soft Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Help bij koppelingen"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Kagome17\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

FunMultiMediaHandler\
"Provider" = "MultiMedia Manager"
"ProgID" = "FUNBOX.Autoplay"
HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}"
-> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2"
\LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)]

RoxioSCAudioCDTask33\
"Provider" = "Roxio Creator Audio"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]

RoxioSCCopyCD33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCCopyDisc33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCDataProject33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data" [null data]

RoxioSCDataTask33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"Recovery DVD Creator" -> launches: "C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe" ["Packard Bell BV"]
"Uitgebreide garantie" -> launches: "C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe" ["Packard Bell BV"]
"{3277D9C5-7905-4FEC-87C2-8651DFBFF8E0}" -> launches: "C:\Windows\system32\pcalua.exe -a I:\Vista\Programy\Autorun.exe -d I:\Vista\Programy" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 22


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati External Event Utility, Ati External Event Utility, "C:\Windows\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
Roxio Hard Drive Watcher 9, RoxWatch9, ""C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"" ["Sonic Solutions"]
RoxMediaDB9, RoxMediaDB9, ""C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"" ["Sonic Solutions"]
WIA (Windows Image Acquisition), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Event Collector, Wecsvc, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\system32\wecsvc.dll" [MS]}
WLAN Auto Config, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}


---------- (launch time: 2008-06-02 15:38:25)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 265 seconds.
---------- (total run time: 299 seconds)

[Okocza]

a więc tak, wyłącz przywracanie systemu, włącz awaryjny i wtedy zastosuj to co Ci poleciłem poprzednim razem - nie usuneło plików.

[Kagome_171]

jak wylaczyc przywracanie systemu w viscie?
+
jak wchodze na hijacka w awaryjnym to nie ma tych wpisow...

[Okocza]

otworz notatnik i wklej:

Kod:
File::
C:\Windows\System32\vcmgcd32.dll
C:\Windows\System32\iifgfgf.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]


Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

to wykonaj w awaryjnym...

[Kagome_171]

ComboFix 08-06-01.6 - Kagome17 2008-06-02 18:44:22.3 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1399 [GMT 2:00]
Gestart vanuit: C:\Users\Kagome17\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kagome17\Desktop\CFScript.txt

FILE ::
C:\Windows\System32\iifgfgf.dll
C:\Windows\System32\vcmgcd32.dll
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 16:37 --------- d-----w C:\ProgramData\Sonic
2008-06-02 16:36 --------- d-----w C:\Users\Kagome17\AppData\Roaming\DNA
2008-06-02 16:34 --------- d-----w C:\Users\Kagome17\AppData\Roaming\BitTorrent
2008-06-02 15:52 174 --sha-w C:\Program Files\desktop.ini
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Mail
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Journal
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Defender
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Calendar
2008-06-02 15:30 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-02 15:30 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-02 14:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-02 14:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-02 14:17 --------- d-----w C:\Users\Kagome17\AppData\Roaming\gtk-2.0
2008-06-02 08:24 --------- d-----w C:\Users\Kagome17\AppData\Roaming\AVG7
2008-05-05 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 19:10 --------- d-----w C:\Users\Kagome17\AppData\Roaming\InstallShield
2008-05-05 19:10 --------- d-----w C:\Program Files\Belkin
2008-05-05 18:11 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Winamp
2008-05-05 11:22 --------- d-----w C:\Program Files\Ares
2008-05-05 11:17 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Samsung
2008-05-04 14:36 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2008-05-04 14:33 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-05-04 00:03 --------- d-----w C:\Program Files\Audacity
2008-04-30 22:00 --------- d-----w C:\Program Files\Picasa2
2008-04-29 21:28 --------- d-----w C:\Program Files\Google
2008-04-29 21:18 --------- d-----w C:\Program Files\Unlocker
2008-04-28 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 20:23 --------- d-----w C:\Program Files\Yahoo!
2008-04-28 20:23 --------- d-----w C:\Program Files\CCleaner
2008-04-28 20:21 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Packard Bell
2008-04-28 19:48 770 ----a-w C:\Program Files\mpc4.reg
2008-04-28 19:48 680 ----a-w C:\Program Files\mpc2.reg
2008-04-28 19:48 596 ----a-w C:\Program Files\mpc1.reg
2008-04-28 19:48 362 ----a-w C:\Program Files\ffdsvsetts.reg
2008-04-28 19:48 3,476 ----a-w C:\Program Files\mpc7.reg
2008-04-28 19:48 3,026 ----a-w C:\Program Files\mpc3.reg
2008-04-28 19:48 18,156 ----a-w C:\Program Files\mpc6.reg
2008-04-28 19:48 16,218 ----a-w C:\Program Files\mpc5.reg
2008-04-28 19:48 1,658 ----a-w C:\Program Files\ffdssetts.reg
2008-04-28 19:48 1,292 ----a-w C:\Program Files\ffdsasetts.reg
2008-04-28 18:33 --------- d-----w C:\Program Files\Common Files\GTK
2008-04-28 18:21 --------- d-----w C:\Program Files\GIMP-2.0
2008-04-28 16:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-28 16:28 --------- d-----w C:\Program Files\Winamp
2008-04-28 15:14 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Desktopicon
2008-04-28 14:54 --------- d-----w C:\Program Files\Samsung
2008-04-28 14:48 --------- d-----w C:\Program Files\DNA
2008-04-28 14:48 --------- d-----w C:\Program Files\BitTorrent
2008-04-28 14:46 --------- d-----w C:\Program Files\PS Tray Factory
2008-04-28 14:30 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-28 14:29 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-28 14:29 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-28 14:29 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-28 14:29 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-28 14:29 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-28 14:29 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-28 14:29 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-28 14:29 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-28 14:29 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-28 14:28 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-28 14:28 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-28 14:22 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-28 14:20 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-28 14:03 --------- d-----w C:\ProgramData\avg7
2008-04-28 13:14 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Media Player Classic
2008-04-28 13:12 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Grisoft
2008-04-28 13:04 --------- d-----w C:\ProgramData\Grisoft
2008-04-28 13:03 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-04-28 12:55 4,688 ----a-w C:\Program Files\satsukidecodersettings.ini
2008-04-28 12:55 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-04-28 12:52 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Talkback
2008-04-28 12:13 --------- d-----w C:\ProgramData\Templates
2008-04-28 12:13 --------- d-----w C:\ProgramData\Start Menu
2008-04-28 12:13 --------- d-----w C:\ProgramData\Favorites
2008-04-28 12:13 --------- d-----w C:\ProgramData\Documents
2008-04-28 12:13 --------- d-----w C:\ProgramData\Desktop
2008-04-28 12:13 --------- d-----w C:\ProgramData\Application Data
2008-04-28 11:49 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Roxio
2008-04-28 11:49 --------- d-----w C:\Users\Kagome17\AppData\Roaming\CyberLink
2008-04-28 11:49 --------- d-----w C:\Users\Kagome17\AppData\Roaming\ATI
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Sjablonen
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Menu Start
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Favorieten
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Documenten
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Bureaublad
2008-03-08 04:21 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 02:08 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 10:24 289088]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-28 16:09 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]
"@"="" []
"GrpConv"="grpconv -o" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-28 15:03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{84B33403-58B7-4225-B59B-E35796F76BE5}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{280BC2FE-0409-4CEE-BE5A-581D0B14EFF3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D5AB0C93-FB12-48A3-8FFB-2CE946E789B0}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8EE312B1-BFE6-41F1-A725-F5932573B255}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D1BF96FB-9049-457B-8920-20929AE32368}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{7333A691-894F-43E0-9A7E-F990529688B4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{234CE6B2-B6BC-4034-9F09-FE0B69324E52}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{6DE3C40B-039A-4A7B-A0E5-7C19F972FBFA}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{2750B071-DAFA-49CC-A16E-54FC76C7CB38}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 19:29]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]

*Newly Created Service* - ECACHE
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-02 16:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-06-02 16:30:00 C:\Windows\Tasks\Uitgebreide garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 18:47:05
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-06-02 18:47:45
ComboFix-quarantined-files.txt 2008-06-02 16:47:43

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

187 --- E O F --- 2008-06-02 15:32:16

[wojtas]

okocza nigdy Ci ten skrypt nie zadziała.. czemu? otóż combofix wyraznie ma przy tych wpisach literke d i atrybut <dir> czyli jest to folder...

Otworz notatnik i wklej w nim to:

File::
C:\Windows\System32\UpdateDriver.exe
C:\Windows\System32\F5D7050.dll
C:\Windows\System32\ucuiinfo.ini

Folder::
C:\Windows\zts2.exe
C:\Windows\System32\vcmgcd32.dll
C:\Windows\System32\iifgfgf.dll
C:\Windows\rundll16.exe
C:\Windows\rundl132.dll
C:\Windows\logo1_.exe

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[Magik]

jak wylaczyc przywracanie systemu w viscie?

http://www.vista.pl/articles/art,233/

Pozdrawiam

Kod: Zaznacz wszystko

Windows Vista

   1. Przejdź do Panelu Sterowania i uruchom aplet System.
   2. W lewym okienku kliknij łącze Ochrona systemu - jeśli zostanie wyświetlony monit o podanie hasła administratora lub potwierdzenie, wpisz hasło lub potwierdź.
   3. Aby wyłączyć Ochronę systemu dla danego dysku twardego, wyczyść umieszczone obok niego pole wyboru i kliknij OK.
   4. Pojawi się okno Ochrona systemu z pytaniem Czy na pewno chcesz wyłączyć Przywracanie systemu? - kliknij przycisk Wyłącz przywracanie systemu.
   5. Kliknij  OK, aby zamknąć okno Właściwości systemu.

[Kagome_171]

Kagome_171 napisał:
jak wylaczyc przywracanie systemu w viscie?


http://www.vista.pl/articles/art,233/

Pozdrawiam
Kod:

Windows Vista

1. Przejdź do Panelu Sterowania i uruchom aplet System.
2. W lewym okienku kliknij łącze Ochrona systemu - jeśli zostanie wyświetlony monit o podanie hasła administratora lub potwierdzenie, wpisz hasło lub potwierdź.
3. Aby wyłączyć Ochronę systemu dla danego dysku twardego, wyczyść umieszczone obok niego pole wyboru i kliknij OK.
4. Pojawi się okno Ochrona systemu z pytaniem Czy na pewno chcesz wyłączyć Przywracanie systemu? - kliknij przycisk Wyłącz przywracanie systemu.
5. Kliknij OK, aby zamknąć okno Właściwości systemu.

_________________

dzieki


log:

ComboFix 08-06-01.6 - Kagome17 2008-06-04 11:11:16.4 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1411 [GMT 2:00]
Gestart vanuit: C:\Users\Kagome17\Desktop\HiJackThis\ComboFix.exe
Command switches used :: C:\Users\Kagome17\Desktop\HiJackThis\CFScript.txt

FILE ::
C:\Windows\System32\F5D7050.dll
C:\Windows\System32\ucuiinfo.ini
C:\Windows\System32\UpdateDriver.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\logo1_.exe
C:\Windows\rundl132.dll
C:\Windows\rundll16.exe
C:\Windows\System32\F5D7050.dll
C:\Windows\System32\iifgfgf.dll
C:\Windows\System32\ucuiinfo.ini
C:\Windows\System32\UpdateDriver.exe
C:\Windows\System32\vcmgcd32.dll
C:\Windows\zts2.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 09:07 --------- d-----w C:\Users\Kagome17\AppData\Roaming\DNA
2008-06-04 06:00 --------- d-----w C:\Users\Kagome17\AppData\Roaming\AVG7
2008-06-02 21:49 --------- d-----w C:\Users\Kagome17\AppData\Roaming\gtk-2.0
2008-06-02 16:56 --------- d-----w C:\ProgramData\Sonic
2008-06-02 16:34 --------- d-----w C:\Users\Kagome17\AppData\Roaming\BitTorrent
2008-06-02 15:52 174 --sha-w C:\Program Files\desktop.ini
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Mail
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Journal
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Defender
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-02 15:46 --------- d-----w C:\Program Files\Windows Calendar
2008-06-02 15:30 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-02 15:30 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-02 14:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-02 14:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-05 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 19:10 --------- d-----w C:\Users\Kagome17\AppData\Roaming\InstallShield
2008-05-05 19:10 --------- d-----w C:\Program Files\Belkin
2008-05-05 18:11 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Winamp
2008-05-05 11:22 --------- d-----w C:\Program Files\Ares
2008-05-05 11:17 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Samsung
2008-05-04 14:36 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2008-05-04 14:33 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-05-04 00:03 --------- d-----w C:\Program Files\Audacity
2008-04-30 22:00 --------- d-----w C:\Program Files\Picasa2
2008-04-29 21:28 --------- d-----w C:\Program Files\Google
2008-04-29 21:18 --------- d-----w C:\Program Files\Unlocker
2008-04-28 20:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 20:23 --------- d-----w C:\Program Files\Yahoo!
2008-04-28 20:23 --------- d-----w C:\Program Files\CCleaner
2008-04-28 20:21 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Packard Bell
2008-04-28 19:48 770 ----a-w C:\Program Files\mpc4.reg
2008-04-28 19:48 680 ----a-w C:\Program Files\mpc2.reg
2008-04-28 19:48 596 ----a-w C:\Program Files\mpc1.reg
2008-04-28 19:48 362 ----a-w C:\Program Files\ffdsvsetts.reg
2008-04-28 19:48 3,476 ----a-w C:\Program Files\mpc7.reg
2008-04-28 19:48 3,026 ----a-w C:\Program Files\mpc3.reg
2008-04-28 19:48 18,156 ----a-w C:\Program Files\mpc6.reg
2008-04-28 19:48 16,218 ----a-w C:\Program Files\mpc5.reg
2008-04-28 19:48 1,658 ----a-w C:\Program Files\ffdssetts.reg
2008-04-28 19:48 1,292 ----a-w C:\Program Files\ffdsasetts.reg
2008-04-28 18:33 --------- d-----w C:\Program Files\Common Files\GTK
2008-04-28 18:21 --------- d-----w C:\Program Files\GIMP-2.0
2008-04-28 16:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-28 16:28 --------- d-----w C:\Program Files\Winamp
2008-04-28 15:14 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Desktopicon
2008-04-28 14:54 --------- d-----w C:\Program Files\Samsung
2008-04-28 14:48 --------- d-----w C:\Program Files\DNA
2008-04-28 14:48 --------- d-----w C:\Program Files\BitTorrent
2008-04-28 14:46 --------- d-----w C:\Program Files\PS Tray Factory
2008-04-28 14:30 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-28 14:29 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-28 14:29 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-28 14:29 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-28 14:29 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-28 14:29 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-28 14:29 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-28 14:29 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-28 14:29 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-28 14:29 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-28 14:28 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-28 14:28 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-28 14:22 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-28 14:20 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-28 14:03 --------- d-----w C:\ProgramData\avg7
2008-04-28 13:14 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Media Player Classic
2008-04-28 13:12 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Grisoft
2008-04-28 13:04 --------- d-----w C:\ProgramData\Grisoft
2008-04-28 13:03 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-04-28 12:55 4,688 ----a-w C:\Program Files\satsukidecodersettings.ini
2008-04-28 12:55 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-04-28 12:52 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Talkback
2008-04-28 12:13 --------- d-----w C:\ProgramData\Templates
2008-04-28 12:13 --------- d-----w C:\ProgramData\Start Menu
2008-04-28 12:13 --------- d-----w C:\ProgramData\Favorites
2008-04-28 12:13 --------- d-----w C:\ProgramData\Documents
2008-04-28 12:13 --------- d-----w C:\ProgramData\Desktop
2008-04-28 12:13 --------- d-----w C:\ProgramData\Application Data
2008-04-28 11:49 --------- d-----w C:\Users\Kagome17\AppData\Roaming\Roxio
2008-04-28 11:49 --------- d-----w C:\Users\Kagome17\AppData\Roaming\CyberLink
2008-04-28 11:49 --------- d-----w C:\Users\Kagome17\AppData\Roaming\ATI
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Sjablonen
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Menu Start
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Favorieten
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Documenten
2008-04-28 11:39 --------- d-sh--w C:\ProgramData\Bureaublad
2008-03-08 04:21 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 02:08 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-02 10:24 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-28 16:09 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-11-10 12:12 424448]
"@"="" []
"GrpConv"="grpconv -o" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-28 15:03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{84B33403-58B7-4225-B59B-E35796F76BE5}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{280BC2FE-0409-4CEE-BE5A-581D0B14EFF3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D5AB0C93-FB12-48A3-8FFB-2CE946E789B0}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8EE312B1-BFE6-41F1-A725-F5932573B255}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D1BF96FB-9049-457B-8920-20929AE32368}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{7333A691-894F-43E0-9A7E-F990529688B4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{234CE6B2-B6BC-4034-9F09-FE0B69324E52}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{6DE3C40B-039A-4A7B-A0E5-7C19F972FBFA}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{2750B071-DAFA-49CC-A16E-54FC76C7CB38}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 19:29]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 04:07]

*Newly Created Service* - ECACHE
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-04 08:59:59 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-06-04 08:59:59 C:\Windows\Tasks\Uitgebreide garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 11:13:14
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-06-04 11:13:53
ComboFix-quarantined-files.txt 2008-06-04 09:13:51

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

199 --- E O F --- 2008-06-03 23:25:40

[ Dodano: Dzisiaj o 19:30 ]
i?

[wojtas]

czysto