Vraag & Antwoord

Beveiliging & privacy

rootkit-detective.exe??

6 antwoorden
  • Zit beneden op laptop op t forum , zie ik dat ik mijn hotmail account ineens opkomt. Nu staat dat boven op pc1 actief en daar ziat niemand achter.... Tevens zou ik 'rootkitdetective. exe 'aangemeld hebben. ZEGT ME niets dus maar even een HJTlog Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:58:01, on 12-4-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20978) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe F:\Program Files\TomTom HOME\TomTomHOME.exe F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe F:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe C:\Documents and Settings\az\Application Data\Folding@home-x86\FahCore_78.exe F:\Program Files\Firefox\firefox.exe C:\Documents and Settings\az\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - f:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "F:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Logitech . Productregistratie.lnk = F:\Program Files\Logitech\QuickCam\eReg.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235329214968 O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1b\RpcAgentSrv.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8935 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:97c7206f12] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - [/b:97c7206f12] Klik op 'Fix checked' om de items te verwijderen. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:97c7206f12][color=blue:97c7206f12]Combofix[/color:97c7206f12][/b:97c7206f12][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:97c7206f12][color=Red:97c7206f12]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:97c7206f12]download Combofix opnieuw[/b:97c7206f12]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:97c7206f12][/i:97c7206f12][list:97c7206f12][*:97c7206f12]Dubbelklik op [b:97c7206f12]Combofix.exe[/b:97c7206f12] om het te starten. [*:97c7206f12][i:97c7206f12]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:97c7206f12] [*:97c7206f12]Klik op [b:97c7206f12]OK[/b:97c7206f12] in het "NirCmd" venstertje. [*:97c7206f12][i:97c7206f12]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:97c7206f12]JA[/b:97c7206f12] te klikken in het "Query - Recovery Console" venster.[/i:97c7206f12] [*:97c7206f12]Klik op [b:97c7206f12]OK[/b:97c7206f12] en [b:97c7206f12]Ja[/b:97c7206f12] om automatisch de Recovery Console te laten installeren. [*:97c7206f12]Klik na afloop terug op [b:97c7206f12]Ja[/b:97c7206f12] om het scannen op malware te starten. [*:97c7206f12]Tijdens het runnen van de fix, [b:97c7206f12]NIET[/b:97c7206f12] in het venster klikken, want dit zal je pc doen vasthangen. [*:97c7206f12]Wanneer de fix voltooid is en na herstart, zal de log [b:97c7206f12]Combofix.txt[/b:97c7206f12] openen.[/list:u:97c7206f12]Post dit logje in je volgende antwoord.
  • Duurde even maar alla ComboFix 09-04-18.05 - az 18-04-2009 10:28.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3455.2766 [GMT 2:00] Gestart vanuit: e:\downloads\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))) . 2009-04-17 04:04 . 2009-02-09 11:19 2070528 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-17 04:04 . 2009-02-09 11:19 2028544 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-17 04:04 . 2009-02-09 11:19 2149888 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-30 18:23 . 2009-03-30 18:23 -------- d-----w C:\spoolerlogs 2009-03-24 15:01 . 2009-03-09 03:19 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-20 19:27 . 2009-04-05 17:59 442464 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-03-20 19:24 . 2009-03-20 19:24 -------- d-----w c:\documents and settings\az\Local Settings\Application Data\Linksys_LLC_-_A_Division_ 2009-03-20 19:22 . 2009-04-18 08:18 -------- d-----w c:\program files\WebEx 2009-03-20 19:21 . 2009-03-20 19:24 -------- d-----w c:\documents and settings\All Users\Application Data\Linksys 2009-03-20 19:21 . 2009-03-09 00:53 73728 ----a-w c:\windows\system32\javacpl.cpl 2009-03-20 19:21 . 2009-04-05 18:25 -------- d-----w c:\program files\Java 2009-03-20 19:21 . 2009-03-20 19:21 -------- d-----w c:\program files\Common Files\Java 2009-03-20 19:18 . 2009-04-05 18:05 -------- d-----w c:\program files\Linksys 2009-03-20 19:08 . 2009-03-20 19:08 -------- d-----w c:\documents and settings\az\Local Settings\Application Data\Adobe 2009-03-20 19:08 . 2009-03-20 19:08 -------- d-----w c:\program files\Common Files\Adobe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 08:21 . 2009-02-22 11:21 -------- d-----w c:\program files\Symantec AntiVirus 2009-04-17 08:14 . 2008-04-15 11:00 90642 ----a-w c:\windows\system32\perfc013.dat 2009-04-17 08:14 . 2008-04-15 11:00 508570 ----a-w c:\windows\system32\perfh013.dat 2009-04-16 08:54 . 2009-02-26 14:17 -------- d-----w c:\program files\Nero 2009-04-15 19:19 . 2009-02-26 14:17 -------- d-----w c:\program files\Common Files\Nero 2009-04-15 19:00 . 2009-02-22 18:55 -------- d-----w c:\documents and settings\az\Application Data\Folding@home-x86 2009-04-05 18:10 . 2009-02-21 17:02 19488 ----a-w c:\documents and settings\az\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-18 13:50 . 2009-02-27 11:12 64 ----a-w C:\moduleName.txt 2009-03-12 15:25 . 2009-02-21 16:58 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys 2009-03-12 15:21 . 2009-02-21 16:58 17531392 ----a-w c:\windows\RTHDCPL.EXE 2009-03-12 13:34 . 2009-02-25 11:42 39424 ----a-w c:\windows\system32\RtkCoInstXP.dll 2009-03-11 11:02 . 2009-02-28 09:48 2311 ----a-w c:\documents and settings\All Users\Application Data\xml19.tmp 2009-03-11 11:02 . 2009-02-28 09:48 0 ----a-w c:\documents and settings\All Users\Application Data\xml18.tmp 2009-03-11 11:02 . 2009-02-28 09:48 9017 ----a-w c:\documents and settings\All Users\Application Data\xml17.tmp 2009-03-10 12:32 . 2009-02-21 16:58 2168320 ----a-w c:\windows\MicCal.exe 2009-03-06 13:59 . 2008-04-15 11:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:17 . 2008-11-30 15:14 828416 ----a-w c:\windows\system32\wininet.dll 2009-03-02 09:14 . 2009-02-21 16:58 57344 ----a-w c:\windows\ALCMTR.EXE 2009-02-28 13:23 . 2009-02-28 13:23 -------- d-----w c:\documents and settings\az\Application Data\Malwarebytes 2009-02-28 13:23 . 2009-02-28 13:23 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 13:08 . 2009-02-28 13:05 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-28 12:52 . 2009-02-23 17:10 -------- d-----w c:\program files\Microsoft 2009-02-27 18:30 . 2005-01-24 09:30 139264 ----a-w c:\windows\system32\hpzjrd01.dll 2009-02-27 10:05 . 2009-02-27 10:05 -------- d-----w c:\documents and settings\All Users\Application Data\TomTom 2009-02-27 09:56 . 2009-02-21 16:58 -------- d--h--w c:\program files\InstallShield Installation Information 2009-02-26 14:27 . 2009-02-26 14:27 -------- d-----w c:\program files\Windows Sidebar 2009-02-26 14:23 . 2009-02-26 14:17 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-02-26 13:36 . 2009-02-26 10:07 -------- d-----w c:\documents and settings\az\Application Data\HP 2009-02-26 12:14 . 2009-02-26 12:14 125 ----a-w c:\documents and settings\az\Local Settings\Application Data\fusioncache.dat 2009-02-26 12:14 . 2009-02-26 12:14 -------- d-----w c:\documents and settings\All Users\Application Data\HP 2009-02-26 12:13 . 2009-02-21 15:23 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-26 12:08 . 2009-02-26 12:08 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic 2009-02-26 12:04 . 2009-02-26 12:04 -------- d-----w c:\program files\Common Files\Hewlett-Packard 2009-02-26 10:25 . 2009-02-26 10:18 -------- d-----w c:\program files\HP 2009-02-26 10:01 . 2009-02-26 10:01 -------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ 2009-02-26 09:56 . 2009-02-26 09:56 -------- d-----w c:\documents and settings\az\Application Data\ScanSoft 2009-02-26 09:56 . 2009-02-26 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\SSScanWizard 2009-02-26 09:56 . 2009-02-26 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\SSScanAppDataDir 2009-02-26 09:56 . 2009-02-26 09:55 -------- d-----w c:\program files\Common Files\ScanSoft Shared 2009-02-26 09:04 . 2009-02-26 09:03 -------- d-----w c:\program files\Canon 2009-02-24 15:31 . 2009-02-24 15:28 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure 2009-02-24 15:28 . 2009-02-24 15:28 -------- d-----w c:\documents and settings\az\Application Data\DriverCure 2009-02-24 15:28 . 2009-02-24 15:28 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic 2009-02-24 11:25 . 2009-02-24 11:25 -------- d-----w c:\program files\Common Files\Logitech 2009-02-24 11:24 . 2009-02-24 11:24 90 ----a-w C:\LogiSetup.log 2009-02-24 11:17 . 2009-02-24 10:22 -------- d-----w c:\program files\Common Files\LogiShrd 2009-02-24 11:17 . 2009-02-24 10:22 -------- d-----w c:\documents and settings\All Users\Application Data\Logishrd 2009-02-24 10:23 . 2009-02-24 10:23 -------- d-----w c:\documents and settings\az\Application Data\Leadertech 2009-02-24 10:22 . 2009-02-24 10:22 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-02-23 17:11 . 2009-02-23 17:09 -------- d-----w c:\program files\Windows Live 2009-02-23 17:10 . 2009-02-23 17:10 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-02-23 17:07 . 2009-02-23 17:07 -------- d-----w c:\program files\Common Files\Windows Live 2009-02-23 16:52 . 2009-02-23 16:52 -------- d-----w c:\documents and settings\az\Application Data\Talkback 2009-02-23 16:51 . 2009-02-23 16:50 3139 ----a-w c:\windows\mozver.dat 2009-02-23 15:23 . 2009-02-23 15:23 -------- d-----w c:\program files\FOXCONN 2009-02-23 15:21 . 2009-02-21 16:58 -------- d-----w c:\program files\Realtek 2009-02-23 15:21 . 2009-02-23 15:21 -------- d-----w c:\documents and settings\az\Application Data\InstallShield 2009-02-22 19:02 . 2009-02-22 19:02 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-22 18:55 . 2009-02-22 18:55 -------- d-----w c:\program files\Folding@home 2009-02-22 12:08 . 2009-02-22 11:21 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-22 11:21 . 2009-02-22 11:21 -------- d-----w c:\program files\Symantec 2009-02-22 11:21 . 2009-02-22 11:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\az\Application Data\ATI 2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-02-21 17:01 . 2009-02-21 16:59 -------- d-----w c:\program files\ATI Technologies 2009-02-21 17:00 . 2009-02-21 16:58 -------- d-----w c:\program files\Common Files\InstallShield 2009-02-21 16:04 . 2009-02-21 15:19 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-02-21 15:24 . 2009-02-21 15:24 -------- d-----w c:\program files\microsoft frontpage 2009-02-21 15:22 . 2009-02-21 15:22 -------- d-----w c:\program files\MSBuild 2009-02-21 15:22 . 2009-02-21 15:22 -------- d-----w c:\program files\Reference Assemblies 2009-02-21 15:22 . 2009-02-21 15:22 -------- d-----w c:\program files\MSXML 6.0 2009-02-21 15:17 . 2009-02-21 15:17 21748 ----a-w c:\windows\system32\emptyregdb.dat 2009-02-21 15:16 . 2009-02-21 15:16 -------- d-----w c:\program files\Windows Media Connect 2 2009-02-20 17:20 . 2008-11-30 15:14 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:30 . 2008-04-15 11:00 684544 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 14:02 . 2008-11-30 15:12 1847680 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:19 . 2008-08-14 13:58 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:19 . 2008-11-30 15:12 2149888 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:19 . 2008-04-15 11:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 11:00 . 2008-11-30 15:12 734208 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 11:00 . 2008-04-15 11:00 736256 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 11:00 . 2008-04-15 11:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-06 18:55 . 2009-02-06 18:55 308616 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 10:36 . 2008-04-15 11:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2008-04-15 11:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-21 13:54 . 2009-02-21 16:58 1206816 ----a-w c:\windows\RtlUpd.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="f:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "TomTomHOME.exe"="f:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "OpwareSE2"="f:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - f:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u:6fc7f039c9]0[/u:6fc7f039c9]OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "f:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "f:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "f:\program files\Microsoft ActiveSync\rapimgr.exe"= f:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "f:\program files\Microsoft ActiveSync\wcescomm.exe"= f:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "f:\program files\Microsoft ActiveSync\WCESMgr.exe"= f:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "f:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1b\\RpcAgentSrv.exe"= "f:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1b\\WNt500x86\\RpcSandraSrv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "67:UDP"= 67:UDP:DHCP Discovery Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1b\RpcAgentSrv.exe [2008-11-29 98488] R3 SliceDisk5;SliceDisk5; [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936] . Inhoud van de 'Gedeelde Taken' map 2009-04-17 c:\windows\Tasks\RegCure Program Check.job - f:\program files\RegCure\RegCure.exe [2008-04-21 21:21] 2009-04-16 c:\windows\Tasks\RegCure.job - f:\program files\RegCure\RegCure.exe [2008-04-21 21:21] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ IE: E&xporteren naar Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - f:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\az\Application Data\Mozilla\Firefox\Profiles\yk9nnulk.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/ FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: f:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-18 10:30 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="D1DAF2CFD0A395F70108C050516A739BDC125B8D368BC721E48123844202C10F2248088986F8CF51CBE71E9103DA71A36F63C6485EAE28D33805D7FA2C406BD4B27367D0C6A03A1CB2179A513071B053C04808BF8B8034D896DD29C3A6B62C8F2F7861DA09D05380E32E8BABA2EF07C99D781E18FAF2BA620F7EDFA47DA3EE25092626B54C35BCB6D0F92BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C8E5B58EDA11C4C7E052E814C3D60A546E1F61A04B2EDED71D0E1104E24F1620128688D9C2598482C249E669A1575D2B8EF24EBD3D7675157FB918BD7CC1CBD9A2807B4F2A81F87F73A3A9AFE10773FD9A925BD3A88D405C336B64AAEBD4FD3004D9B44340A36106B4B9503745EEEEEBD785FFC08EE60A970EB2768A0337605B5AC0FA4C43AAB1FF2AD49F316C7A91C5718BD8DB3C3F9957E5FBCF61CFE4160A329CA32AC3F0EA1608F72B72926B832839AAC45DA5753D17126D8F8B60422B09681C03F9832B2BDE9ED318C91E6F15101639DEF3A8C619B2FA9DAE5A63AD0EC3E42630F5BC0B0CA279E2925588EEC4FEF2C87CC355BDE658429ACAB49AEC8462FCDA95D68AB65D118C80528AD3188B35981628DD24F4BD220B436A89D02481D62DB10D35947F0159B67F0AC62F9E53B2543ACDBBD86E5BF95336731C7E75389B37797966AFDB687F84C1C436C2768D624A868CF453438B85D5EB28E102930D4E37F41B87D4D5ECE58983DEC658AB9AA87B79AF9DC218AFE50420EF961A16AFD18269543164656C848460B208B0C488EE54ECC5D9926E988AFC37627CC41D039D67122B4DD0D4B833920C34740A3448F399D8D7037B52BFD9F16E737050D77698D3DF3FCA2DC35C38046A63F8AE0236FDFA9EE1F16D0E23E2544E6C3E29CB4AC8D38A00153814A8058ABF95A13661E211DCC84C7B60F6BD92EABF7D7E11D24500965BE9A86DC85645D98065F28E9B14E96B1E9BC429CE216877EA8F3234E25551B1B69967364294F112A16083DB420D2D65A3B470138ABED6741858C6804D9743E83C1357920B856594DFB81E5A76E3F4C1B9B20E4B46B8D63CF21881AA6AA97D39F6BAC962FFB3F7FC80C6F5DB26457C99D2F77FD7A8CD676D513C44633415C9EBF8CA472C17E0630331FE680DC8F9506DCA0708583BDDE025676121AB98E16C88B523B541D135BFE7711F1D2C042251A2B1E2155DF71F0C72668B26BDE45CADEFCEA81A91BCA215ED5C30F780C91E5842E58156CB2DB88EF700D5F315A5B36CF658BFB83A8FEEFA9E29B2FBC02556EA95B054B6DB279D885B1894586770CC5F0E46B2316C64C121D0680390D772C064E82DD379FAC8646F7BD0A032D97D71CFA7345E4BA8B" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(840) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2020) f:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Voltooingstijd: 2009-04-18 10:30 ComboFix-quarantined-files.txt 2009-04-18 08:30 ComboFix2.txt 2009-03-12 15:34 ComboFix3.txt 2009-03-10 14:11 Pre-Run: 59.444.269.056 bytes beschikbaar Post-Run: 61.735.268.352 bytes beschikbaar 227 --- E O F --- 2009-04-17 08:02
  • Hai, Mag ik ook een nieuw gemaakt Hijackthis logje ter controle en vertel gelijk even hoe het nu gaat.
  • PC loopt goed log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:21, on 19-4-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21020) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe F:\Program Files\TomTom HOME\TomTomHOME.exe F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe F:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe F:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\az\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - f:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "F:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [OpwareSE2] "F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Logitech . Productregistratie.lnk = F:\Program Files\Logitech\QuickCam\eReg.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://f:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235329214968 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - f:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1b\RpcAgentSrv.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 8565 bytes Rootkitdetective-ding zie je als jij mij opzoekt op MSN: anjo zwartkruis Denk dan ook dat t daar ergens iets is.BVD anjo
  • zie toch niet bezonders hoor AZ

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.