Scans
Scans
Hoi,
open HijackThis, click op
do a scan only en vink volgende regels aan:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - IE Anti-Spyware (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - IE Anti-Spyware (file missing)
Sluit alle open vensters, behalve HijackThis, en klik op
Fix Checked. Sluit HijackThis.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Folder::
C:\Program Files\NetProject
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= -
Sla dit op op je Bureaublad als
CFScript .
Sleep
CFScript in
ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal
ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de
Combofix.txt in je volgende antwoord.
ComboFix 08-02-25.3 - user 2008-02-28 19:04:18.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.157 [GMT 1:00]
Gestart vanuit: C:\Users\user\Documents\ComboFix.exe
Command switches used :: C:\Users\user\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\uninst.exe
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject\waun.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 17:47 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-02-28 17:45 --------- d-----w C:\ProgramData\avg7
2008-02-28 17:41 --------- d-----w C:\Users\user\AppData\Roaming\AVG7
2008-02-28 17:38 --------- d---a-w C:\ProgramData\TEMP
2008-02-28 15:02 --------- d-----w C:\Users\charlotte\AppData\Roaming\AVG7
2008-02-27 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-27 18:23 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-26 22:38 --------- d-----w C:\Program Files\Trend Micro
2008-02-26 22:37 --------- d-----w C:\Program Files\Hitman Pro
2008-02-26 22:36 --------- d-----w C:\Users\user\AppData\Roaming\Lavasoft
2008-02-26 22:36 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-26 22:36 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-26 22:08 --------- d-----w C:\Users\user\AppData\Roaming\PC Tools
2008-02-26 22:01 --------- d-----w C:\ProgramData\Prevx
2008-02-26 21:55 --------- d-----w C:\ProgramData\SurfRight
2008-02-26 21:55 --------- d-----w C:\Program Files\SurfRight
2008-02-26 21:54 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-02-26 21:53 --------- d-----w C:\ProgramData\Grisoft
2008-02-26 21:29 --------- d-----w C:\ProgramData\Symantec
2008-02-26 21:27 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-26 21:27 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-26 21:27 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-26 21:27 --------- d-----w C:\Program Files\Symantec
2008-02-26 21:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-26 21:15 --------- d-----w C:\Program Files\Sotfone
2008-02-20 22:10 --------- d-----w C:\Program Files\MSECache
2008-02-14 02:11 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:11 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:08 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:08 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:08 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 02:08 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:08 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-01 11:55 42,376 ----a-w C:\Windows\system32\drivers\ikfilesec.sys
2008-01-24 22:08 16,640 --s-a-w C:\Windows\system32\drivers\ctredrv.sys
2008-01-15 19:16 --------- d-----w C:\Users\user\AppData\Roaming\Skype
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-13 15:20 --------- d-----w C:\Users\user\AppData\Roaming\CyberLink
2008-01-13 15:20 --------- d-----w C:\ProgramData\CyberLink
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-12 00:07 --------- d-----w C:\Program Files\DivX
2008-01-11 20:09 --------- d-----w C:\Users\user\AppData\Roaming\ArcSoft
2008-01-11 18:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 18:43 --------- d-----w C:\Program Files\ArcSoft
2008-01-11 18:40 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 18:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 18:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 18:06 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 18:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 18:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2007-12-13 10:32 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 10:32 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 10:32 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-09-04 17:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:06 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-25 19:58 171448]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-23 22:50 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 19:57 3784704 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 16:18 22696]
"Acer Tour"="" []
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 17:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 17:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 17:02 81920]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-02 17:58 464168]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [ ]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-01-10 10:34 200704]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2006-08-29 08:26 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 13:37 86016]
"eRecoveryService"="" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 00:06 304664]
"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 17:43 754712]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 17:38 244512]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-14 19:38 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-28 18:48 579072]
"CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2008-02-19 15:49 559864]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-17 11:06 484984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-26 22:54 219136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-13 19:49:24 528384]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-26 22:54 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{66FCBB55-81DF-47B0-BCD5-BA03387BDA58}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{C6818DF6-D2B6-4AE2-8082-5B221017FB10}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{26931DEE-3016-4CD6-954B-7AB7E7BC2854}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-02 17:59]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-01-02 17:59]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-01-02 17:59]
R1 ctredrv.sys;ctredrv.sys;C:\Windows\system32\drivers\ctredrv.sys [2008-01-24 23:08]
R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071020.002\IDSvix86.sys [2007-09-13 15:49]
R2 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe" [2008-02-19 15:49]
R2 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe" [2008-02-19 16:08]
R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" [2008-02-19 16:20]
R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" [2008-02-19 15:49]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-01-02 17:58]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 19:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 15:46]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 08:33]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-02-28 18:47]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 18:29]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-29 02:36]
R3 NETw3v32;Stuurprogramma voor Intel(R) PRO/Wireless 3945ABG-adapter onder Windows Vista 32-bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 17:42]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 08:30]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 19:45]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]
*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-01 21:07:54 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - user.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2007-12-28 13:59:59 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-28 19:07:31
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-02-28 19:08:28
ComboFix-quarantined-files.txt 2008-02-28 18:08:25
ComboFix2.txt 2008-02-27 19:58:25
.
2008-02-17 10:41:31 --- E O F ---
Scan Hijack na Combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:28, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\SurfRight\Caretaker\Notifier.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Yahoo! UK & Ireland
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} -
IE Anti-Spyware (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} -
IE Anti-Spyware (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) -
http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 13926 bytes