anoniem Geplaatst: 14 september 2007 Delen Geplaatst: 14 september 2007 Ondanks mij virusscanner heb ik een probleem. Tijdens het opstarten worden er mails uitgegooid, die de scanner tegenhoudt. Dit is mijn Hijacklog Het likt me iets met het bestand cmbpk32a.dll, maar het kan niet gefixed worden. Wie wil er naar kijken en mij helpen? Logfile of HijackThis v1.99.1 Scan saved at 11:07:03, on 14-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\inetsrv\DavCData.exe C:\Program Files\Norton AntiVirus\OPScan.exe C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 Download en unzip [url=http://www.downloads.subratam.org/KillBox.exe]Killbox[/url] naar je bureaublad. Klik op [b:ce8120daec]killbox.exe[/b:ce8120daec]. Selecteer de optie "[b:ce8120daec]Delete on reboot[/b:ce8120daec]". In het veld "Full Path of File to Delete" kopieer en plak je het volgende: [b:ce8120daec] C:\WINDOWS\system32\cmpbk32a.dll [/b:ce8120daec] Klik op de knop: [b:ce8120daec]single file[/b:ce8120daec] Klik daarna op de rode cirkel met het wit kruisje erin. Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES. Je pc zal nu herstarten. maak een nieuwe scan met de combofix en plaats dat logje aub. Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 Ik heb het uitgevoerd. Bij de vraag om te booten heb ik yes aangegeven. Er verscheen na enige tijd een schermpje met de mededeling PendingFileRenameOperationsRegistry Data has been removed by External Process Nadat de boodschap is weggeklikt gebeurde er verder niets. Hier de combofixlog ComboFix 07-09-18.4 - "Piet" 2007-09-20 17:01:50.11 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.104 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))) . 2007-09-20 16:36 <DIR> d-------- C:\!KillBox 2007-09-20 14:55 756,224 --a------ C:\WINDOWS\system32\hhlsmrhk.dll 2007-09-20 14:55 68,608 --a------ C:\WINDOWS\system32\mmqliqvj.dll 2007-09-20 14:55 48,640 --a------ C:\WINDOWS\system32\tnzmdbzz.dll 2007-09-20 14:55 46,592 --a------ C:\WINDOWS\system32\atmdcpyk.dll 2007-09-20 14:55 125,440 --a------ C:\WINDOWS\system32\hqfezmcm.dll 2007-09-20 14:55 103,424 --a------ C:\WINDOWS\system32\guicatft.dll 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 83,456 --------- C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-20 10:21 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE 2007-09-20 10:21 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-18 14:39 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-20 11:13:36 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-20 14:43:59 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-20 14:43:59 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-20 14:43:59 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,021 2007-09-20 14:48:04 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----atw 16,384 2007-09-20 14:44:15 C:\WINDOWS\Temp\Perflib_Perfdata_2b0.dat ----a-w 57,344 2007-09-20 14:45:21 C:\WINDOWS\Temp\zquwyxdt.dll . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-20 14:55 83456 --------- c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}] 2007-09-20 14:55 68608 --a------ c:\windows\system32\mmqliqvj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2007-09-20 10:21] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2007-09-20 10:21] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2007-09-20 10:21] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2007-09-20 10:21] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2007-09-20 10:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-20 10:21] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2007-09-20 10:21] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-20 14:55 83456 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 17:08:10 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\???????`'`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-20 17:10:31 C:\ComboFix-quarantined-files.txt ... 2007-09-20 17:09 C:\ComboFix2.txt ... 2007-09-20 13:28 C:\ComboFix3.txt ... 2007-09-18 15:24 . --- E O F --- Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 We halen het weg en gelijk staan het er weer, ik denk toch dat het komt omdat je pc al die security updates mist. Download F-Secure Blacklight: [url]https://europe.f-secure.com/blacklight/try.shtml[/url] Plaats het op je bureaublad. Dubbelklik op [b:4ff7af4800]blbeta.exe[/b:4ff7af4800]. Klik op "I accept the agreement". Klik op "Next". Klik op "Scan" en als het programma klaar is klik je daarna op "Next". Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven. Laat nog niks hernoemen. Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen) Dit is het logje dat blacklight gemaakt heeft. Post het. Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 Voordat ik dit doe even het volgende. Ik kreeg een melding, dat Norton-antivirus een hoax heeft aangetroffen in C:\windows\system32\APPCERT\wnl32.dll Dit kon niet worden hersteld of verwijderd. Ik heb het opgezocht en dit bleek een MS bestand te zijn. Ik heb het niet verwijderd Vervolgens kwam ik wel een onduidelijk bestand tegen met de naam PRX66F.dll Nu is ook de auto-protectie van Norton uitgeschakeld en is er een systeemfout als ik het wil inschakelen. Mijn vraag is moet ik het bestand PRX66F.DLL proberen te verwijderen en Norton AV opnieuw installeren? Blacklight 09/20/07 20:36:56 [Info]: BlackLight Engine 1.0.64 initialized 09/20/07 20:36:56 [Info]: OS: 5.1 build 2600 () 09/20/07 20:36:56 [Note]: 7019 4 09/20/07 20:36:56 [Note]: 7005 0 09/20/07 20:36:56 [Note]: 7006 0 09/20/07 20:36:56 [Note]: 7011 3140 09/20/07 20:36:56 [Note]: 7026 0 09/20/07 20:36:56 [Note]: 7026 0 09/20/07 20:37:04 [Note]: FSRAW library version 1.7.1022 09/20/07 20:37:13 [Note]: 2000 1012 09/20/07 20:37:13 [Note]: 7007 0 Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 ik ga nu naar huis (overwerk he) google eens op [b:36a6a6032c]hoax [/b:36a6a6032c] :o ik kom straks terug op het probleem waar we nog steeds mee bezig zijn. Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe Dubbelklik op KillAFile.exe om de tool te starten. [b:73e9a6b05f]Optie 3: forced kill[/b:73e9a6b05f] In het keuzemenu kies je voor optie 3: 3: Replace a file on reboot Wanneer deze melding verschijnt Code: [color=green:73e9a6b05f]Insert full path and filename to delete. and then press enter:[/color:73e9a6b05f] tik je dit in: [b:73e9a6b05f]C:\WINDOWS\system32\cmpbk32a.dll[/b:73e9a6b05f] Indien het bestandje aanwezig is, zal de computer vragen om te herstarten. Sta dit toe. Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand. Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 KILLAFILE - logfile Running from: "C:\Documents and Settings\Piet\Bureaublad" *Delete on reboot: c:\windows\system32\cmpbk32a.dll --- Rebooting the computer --- c:\windows\system32\cmpbk32a.dll not deleted Finished! Ik heb gezocht op prx66f.dll Zie http://forums.spywareinfo.com/lofiversion/index.php/t104967.html Hetzelfde probleem, een bestand kan niet verwijderd worden. Nog geen oplossing Staat hier misschien de oplossing? (gezocht op cmpbk32a.dll) http://forums.spybot.info/archive/index.php/t-13682.html Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 eerst even wat proberen,. Open een leeg kladblokscherm en plak daar de vetgedrukte tekst in: [b:a3b0216c3f] IF EXIST temp.txt DEL temp.txt reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rvymvtzo\Parameters" /v ServiceDll>>temp.txt start notepad temp.txt [/b:a3b0216c3f] Sla het op je bureaublad op als delbat.reg met als type [i:a3b0216c3f]"alle bestanden" [/i:a3b0216c3f] Dubbelklik het bestand en klik op de vraag of je aan het register wil toevoegen op [b:a3b0216c3f]JA[/b:a3b0216c3f] start opnieuw op en doe een nieuwe scan met de combofix en plaats het logje aub. Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Ik krijg de boodschap Kan niet importeren. Het opgegeven bestand is geen registerscript. U kunt alleen binaire registerbestanden importeren vanuit de register-editor. Vraagje: moet systeemherstel worden uitgeschakeld? Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Herkansing, ik heb even advies ingewonnen. open Notepad (kladblok) en knip en plak het volgende: [b:f50c31feaf]IF EXIST temp.txt DEL temp.txt reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rvymvtzo\Parameters" /v ServiceDll>>temp.txt start notepad temp.txt [/b:f50c31feaf] Sla het op je bureaublad op als [b:f50c31feaf]fix.bat[/b:f50c31feaf] met als type "alle bestanden" Dubbelklik het bestand en klik op de vraag of je aan het register wil toevoegen op JA start opnieuw op en doe een nieuwe scan met de combofix en plaats het logje aub. Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Zoals gemeld werkt Norton AV niet goed meer. Ik heb het verwijderd en opnieuw geinstalleerd. Bij de volledige systemscan trof het een kwaadaardige code aan bij c:\womdows\system32\appcert\wnl32.dll. Vervolgens ging Norton AV opnieuw in een vernieuwingsstatus. Combofix 2x liep vast toen Norton een waarschuwing gaf dat er een kwaadaardig script was aangetroffen (veroorzaakt door combofix) Ik heb dus geen log. Eerder had ik de opdracht gegeven alle scripts van Combofix toe te staan. Temp.txt ziet er als volgt uit ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rvymvtzo\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\System32\cmpbk32a.dll Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Ja die melding krijgt het wel meer, zet je scanner even uit voor je de comboscan doet. Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Gelukt. Ik heb "script blokkeren"uitgeschakeld. ComboFix 07-09-18.4 - "Piet" 2007-09-21 21:12:40.14 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.156 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))) . 2007-09-21 19:39 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec 2007-09-21 16:47 <DIR> d-------- C:\Program Files\SymNetDrv 2007-09-21 16:29 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-09-21 16:29 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-09-21 16:29 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-09-20 21:42 90,112 --a------ C:\WINDOWS\system32\regdacl.exe 2007-09-20 21:42 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-09-20 21:42 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-09-20 21:42 16,384 --a------ C:\WINDOWS\system32\restart.exe 2007-09-20 21:42 <DIR> d-------- C:\WINDOWS\system32\regdacl 2007-09-20 20:10 17,408 C:\WINDOWS\system32\drivers\buvcdapu.sys 2007-09-20 16:36 <DIR> d-------- C:\!KillBox 2007-09-20 14:55 756,224 --a------ C:\WINDOWS\system32\hhlsmrhk.dll 2007-09-20 14:55 68,608 --a------ C:\WINDOWS\system32\mmqliqvj.dll 2007-09-20 14:55 48,640 --a------ C:\WINDOWS\system32\tnzmdbzz.dll 2007-09-20 14:55 46,592 --a------ C:\WINDOWS\system32\atmdcpyk.dll 2007-09-20 14:55 125,440 --a------ C:\WINDOWS\system32\hqfezmcm.dll 2007-09-20 14:55 103,424 --a------ C:\WINDOWS\system32\guicatft.dll 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 83,456 --------- C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-21 16:50 --------- d-------- C:\Program Files\Norton AntiVirus 2007-09-21 16:50 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-21 16:47 --------- d-------- C:\Program Files\Symantec 2007-09-21 16:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-09-20 10:21 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE 2007-09-20 10:21 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-r 10,134 2007-09-21 14:30:27 C:\WINDOWS\Installer\{77772678-817F-4401-9301-ED1D01A8DA56}\ARPPRODUCTICON.exe ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ------w 54,684 2001-09-07 12:00:00 C:\WINDOWS\system32\AppCert\wnl32.dll ----a-w 266,240 2007-09-21 17:54:51 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-21 18:39:23 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-21 18:39:23 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-21 18:39:23 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,016 2007-09-21 18:43:28 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----a-w 4,175 2007-09-20 19:42:40 C:\WINDOWS\system32\regdacl\doc\SMWNCV.cmd ----atw 16,384 2007-09-21 18:39:43 C:\WINDOWS\Temp\Perflib_Perfdata_7fc.dat . ----a-r 10,134 2007-06-22 20:14:23 C:\WINDOWS\Installer\{77772678-817F-4401-9301-ED1D01A8DA56}\ARPPRODUCTICON.exe ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 54,684 2001-09-07 12:00:00 C:\WINDOWS\system32\AppCert\wnl32.dll ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-20 14:55 83456 --------- c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}] 2007-09-20 14:55 68608 --a------ c:\windows\system32\mmqliqvj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2007-09-20 10:21] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2007-09-20 10:21] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2007-09-20 10:21] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2007-09-20 10:21] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2007-09-20 10:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-20 10:21] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-21 16:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-20 14:55 83456 C:\WINDOWS\system32\cmpbk32a.dll R0 bmclobvo;bmclobvo;C:\WINDOWS\System32\drivers\buvcdapu.sys R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-21 18:00:53 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-21 21:16:14 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-21 21:18:18 C:\ComboFix-quarantined-files.txt ... 2007-09-21 21:17 C:\ComboFix2.txt ... 2007-09-20 17:10 C:\ComboFix3.txt ... 2007-09-20 13:28 . --- E O F --- Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Doe dit even: Download IceSword: http://www.chip.de/downloads/c1_downloads_ls_getfile_v1_20302557.html?t=1163946230&v=3600 Plaats het op je bureaublad. Unzip het en er wordt een map gemaakt op je bureuablad. Open die map, dubbelklik op het "Sword icon" om IceSword te starten. Links klik je op file. Kies nu deze computer in icesword en navigeer naar dit bestand: C:\WINDOWS\System32\drivers\buvcdapu.sys Rechtsklik er op en kies voor delete. KillAfile heb je nog: Dubbelklik op KillAFile.exe om de tool te starten. In het keuzemenu kies je voor optie 3: 3: Force Kill. Wanneer deze melding verschijnt [code:1:48b6fc6355]Insert full path and filename to delete. and then press enter: [/code:1:48b6fc6355] tik je dit in: [b:48b6fc6355] C:\WINDOWS\System32\cmpbk32a.dll[/b:48b6fc6355] De computer zal vragen om te herstarten. Sta dit toe. Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand. Negeer eventuele foutmeldingen die je krijgt als de computer opnieuw start. Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Hi m@rc, Hier het logje KILLAFILE - logfile Running from: "C:\Documents and Settings\Piet\Bureaublad" *Delete on reboot: C:\windows\system32\cmpbk32a.dll --- Rebooting the computer --- C:\windows\system32\cmpbk32a.dll deleted Finished! Met de verkenner was het bestand niet meer te vinden. Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Eindelijk, plaats nog eens een nieuw combofix logje aub. Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Mooi zo. Ga naar Start - uitvoeren en tik in: [b:f1f82a81b5] sc delete bmclobvo[/b:f1f82a81b5] Druk op enter. In het venster uitvoeren tik je nu in: [b:f1f82a81b5] sc delete rvymvtzo[/b:f1f82a81b5] Druk op enter. Herstart de computer en post dan een nieuwe hijackthislog en ook een nieuwe log van Combofix waar juisterr al om vroeg. Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 De bestanden gedelete. Hier de logjes: ComboFix 07-09-18.4 - "Piet" 2007-09-21 23:02:16.17 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.162 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))) . 2007-09-21 19:39 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec 2007-09-21 16:47 <DIR> d-------- C:\Program Files\SymNetDrv 2007-09-21 16:29 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-09-21 16:29 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-09-21 16:29 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-09-20 21:42 90,112 --a------ C:\WINDOWS\system32\regdacl.exe 2007-09-20 21:42 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-09-20 21:42 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-09-20 21:42 16,384 --a------ C:\WINDOWS\system32\restart.exe 2007-09-20 21:42 <DIR> d-------- C:\WINDOWS\system32\regdacl 2007-09-20 16:36 <DIR> d-------- C:\!KillBox 2007-09-20 14:55 756,224 --a------ C:\WINDOWS\system32\hhlsmrhk.dll 2007-09-20 14:55 68,608 --a------ C:\WINDOWS\system32\mmqliqvj.dll 2007-09-20 14:55 48,640 --a------ C:\WINDOWS\system32\tnzmdbzz.dll 2007-09-20 14:55 46,592 --a------ C:\WINDOWS\system32\atmdcpyk.dll 2007-09-20 14:55 125,440 --a------ C:\WINDOWS\system32\hqfezmcm.dll 2007-09-20 14:55 103,424 --a------ C:\WINDOWS\system32\guicatft.dll 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-21 16:50 --------- d-------- C:\Program Files\Norton AntiVirus 2007-09-21 16:50 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-21 16:47 --------- d-------- C:\Program Files\Symantec 2007-09-21 16:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-09-20 10:21 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE 2007-09-20 10:21 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-r 10,134 2007-09-21 14:30:27 C:\WINDOWS\Installer\{77772678-817F-4401-9301-ED1D01A8DA56}\ARPPRODUCTICON.exe ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ------w 54,684 2001-09-07 12:00:00 C:\WINDOWS\system32\AppCert\wnl32.dll ----a-w 266,240 2007-09-21 17:54:51 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-21 20:57:38 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-21 20:57:38 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-21 20:57:38 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,011 2007-09-21 21:02:03 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----a-w 4,175 2007-09-21 20:01:10 C:\WINDOWS\system32\regdacl\doc\SMWNCV.cmd ----atw 16,384 2007-09-21 20:58:15 C:\WINDOWS\Temp\Perflib_Perfdata_210.dat . ----a-r 10,134 2007-06-22 20:14:23 C:\WINDOWS\Installer\{77772678-817F-4401-9301-ED1D01A8DA56}\ARPPRODUCTICON.exe ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 54,684 2001-09-07 12:00:00 C:\WINDOWS\system32\AppCert\wnl32.dll ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}] 2007-09-20 14:55 68608 --a------ c:\windows\system32\mmqliqvj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2007-09-20 10:21] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2007-09-20 10:21] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2007-09-20 10:21] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2007-09-20 10:21] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2007-09-20 10:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-20 10:21] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-21 16:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-21 18:00:53 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-21 23:06:05 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\???????P?_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-21 23:08:16 C:\ComboFix-quarantined-files.txt ... 2007-09-21 23:07 C:\ComboFix2.txt ... 2007-09-21 22:52 C:\ComboFix3.txt ... 2007-09-21 21:18 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:08:56, on 21-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll (file missing) O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - cmpbk32a.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 12860 bytes Quote Link naar reactie
0 anoniem Geplaatst: 21 september 2007 Auteur Delen Geplaatst: 21 september 2007 Ga naar Start - uitvoeren en tik in: [b:1871555b37]sc delete rvymvtzo[/b:1871555b37] Druk op Enter. Sluit alle open vensters, zeker je browser vensters. Start HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:1871555b37]O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll (file missing) O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll[/b:1871555b37] Klik daarna op "Fix checked" en sluit HijackThis af. Herstart de computer. Start HijackThis opnieuw, maak een nieuwe log en post deze. Quote Link naar reactie
0 anoniem Geplaatst: 22 september 2007 Auteur Delen Geplaatst: 22 september 2007 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:49:39, on 22-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - cmpbk32a.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 12698 bytes Quote Link naar reactie
Vraag
anoniem
Link naar reactie
Beste reacties voor deze vraag
69
Populaire dagen
21 sep
12
20 sep
9
23 sep
8
22 sep
7
Beste reacties voor deze vraag
anoniem 69 berichten
Populaire dagen
21 sep 2007
12 berichten
20 sep 2007
9 berichten
23 sep 2007
8 berichten
22 sep 2007
7 berichten
68 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen