Ik hoop dat het gelukt is, ik heb ondanks advies mijn Norton niet uitgezet (schaamrood) en kreeg prompt een bedreigingsmelding, maar Combofix bleef keurig doorscannen…ik moest wel een herstart maken, alle snelkoppelingen gaven een ‘verwijderde sleutel’. Na de herstart was alles gelukkig weer normaal.
———————COMBOFIX
ComboFix 09-10-17.01 - deDeurs 19-10-2009 0:29.1.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.2038.869
Gestart vanuit: c:\users\deDeurs\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3499118962-3174052510-3011646402-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-09-18 to 2009-10-18 ))))))))))))))))))))))))))))))
.
2009-10-18 22:36 . 2009-10-18 22:36 ——– d—–w- c:\users\Default\AppData\Local\temp
2009-10-18 08:17 . 2009-10-18 08:17 812344 —-a-w- c:\users\deDeurs\HijackThisInstaller.exe
2009-10-17 22:42 . 2009-10-17 22:42 ——– d—–w- c:\program files\Trend Micro
2009-10-17 20:50 . 2009-10-17 20:50 ——– d—–w- c:\program files\CleanUp!
2009-10-17 20:49 . 2009-10-17 20:49 339257 —-a-w- c:\users\deDeurs\CleanUp452.exe
2009-10-17 19:26 . 2009-10-17 19:26 ——– d—–w- c:\programdata\Rising
2009-10-17 19:26 . 2009-10-17 19:26 96880 ——w- c:\windows\system32\KakaTool.dll
2009-10-17 19:26 . 2009-10-17 19:26 637592 ——w- c:\windows\system32\kmon.dll
2009-10-17 19:26 . 2009-10-17 19:26 100976 ——w- c:\windows\system32\UrlFilter.dll
2009-10-17 19:26 . 2009-10-17 19:26 15776 ——w- c:\windows\system32\kknative.exe
2009-10-17 19:26 . 2009-10-17 19:26 ——– d—–w- c:\program files\Rising
2009-10-17 19:25 . 2009-10-17 19:25 8781208 —-a-w- c:\users\deDeurs\RPCDOC.EXE
2009-10-16 09:57 . 2009-09-10 16:48 218624 —-a-w- c:\windows\system32\msv1_0.dll
2009-10-16 09:57 . 2009-08-04 12:34 3548216 —-a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 09:57 . 2009-08-04 12:34 3600456 —-a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-07 21:57 . 2009-10-07 21:57 1359360 —-a-w- c:\program files\iview425_setup.exe
2009-10-02 16:29 . 2009-10-01 08:29 195440 ——w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 22:26 . 2009-10-18 22:26 6736 —-a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-10-17 17:52 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2009-10-07 21:58 . 2008-06-18 21:41 ——– d—–w- c:\program files\IrfanView
2009-09-14 09:29 . 2009-10-16 09:56 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
2009-09-11 11:21 . 2009-09-11 11:20 ——– d—–w- c:\program files\iPhone-configuratieprogramma
2009-09-11 11:20 . 2009-09-11 11:19 ——– d—–w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 11:20 . 2009-09-11 11:19 ——– d—–w- c:\program files\iTunes
2009-09-11 11:19 . 2009-09-11 11:19 ——– d—–w- c:\program files\iPod
2009-09-11 11:19 . 2009-06-12 09:54 ——– d—–w- c:\program files\Common Files\Apple
2009-09-11 11:19 . 2009-09-11 11:18 ——– d—–w- c:\programdata\Apple Computer
2009-09-11 11:18 . 2009-09-11 11:18 ——– d—–w- c:\program files\Bonjour
2009-09-11 11:18 . 2009-09-11 11:18 ——– d—–w- c:\program files\QuickTime
2009-09-09 08:55 . 2009-09-05 13:21 ——– d—–w- c:\program files\Norton 360
2009-09-09 08:55 . 2007-12-07 13:31 ——– d—–w- c:\program files\Common Files\Symantec Shared
2009-09-09 08:46 . 2009-09-05 13:18 ——– d—–w- c:\program files\Symantec
2009-09-09 08:46 . 2009-09-05 13:18 806 —-a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-09 08:46 . 2009-09-05 13:18 124464 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-09 08:46 . 2009-09-05 13:18 10635 —-a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-07 19:50 . 2008-10-21 14:52 ——– d—–w- c:\programdata\Symantec
2009-09-05 13:45 . 2009-08-17 17:48 ——– d—–w- c:\users\deDeurs\AppData\Roaming\Symantec
2009-09-05 12:33 . 2009-09-05 12:35 2908916 —-a-w- c:\program files\Norton_Removal_Tool.exe
2009-09-05 12:24 . 2009-09-05 12:24 ——– d—–w- c:\program files\CCleaner
2009-09-05 12:23 . 2006-11-02 16:06 670308 —-a-w- c:\windows\system32\perfh013.dat
2009-09-05 12:23 . 2006-11-02 16:06 127900 —-a-w- c:\windows\system32\perfc013.dat
2009-09-05 11:09 . 2008-10-21 14:44 ——– d—–w- c:\programdata\Symantec Temporary Files
2009-09-05 11:09 . 2009-08-19 07:36 ——– d—–w- c:\program files\Norton 360(67)
2009-09-05 10:58 . 2009-08-14 18:17 ——– d—–w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-05 10:56 . 2009-09-05 10:56 ——– d—–w- c:\program files\Norton 360(6)
2009-09-05 10:56 . 2009-08-14 18:02 ——– d—–w- c:\programdata\NortonInstaller
2009-09-05 10:43 . 2009-08-14 18:04 ——– d—–w- c:\programdata\Norton
2009-09-04 11:41 . 2009-10-16 09:56 60928 —-a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 21:04 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:04 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 06:52 . 2009-08-27 06:52 ——– d—–w- c:\programdata\Office Genuine Advantage
2009-08-27 05:22 . 2009-10-16 09:56 916480 —-a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 09:56 109056 —-a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 09:56 71680 —-a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 09:56 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2009-08-19 08:13 . 2009-08-19 07:33 124464 —-a-w- c:\windows\system32\drivers\SYMEVENT(75).SYS
2009-08-14 16:27 . 2009-09-09 08:52 904776 —-a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 08:52 17920 —-a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 08:52 9728 —-a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 08:52 17920 —-a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 08:52 11264 —-a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 08:52 27136 —-a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 08:52 19968 —-a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 08:52 8704 —-a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 08:52 10240 —-a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 08:52 30720 —-a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 08:52 105984 —-a-w- c:\windows\system32\netiohlp.dll
2009-08-03 13:07 . 2009-08-03 13:07 403816 —-a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 —-a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 —-a-w- c:\windows\system32\OGAEXEC.exe
2009-08-03 11:36 . 2009-08-16 19:39 38160 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-16 19:39 19096 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 10:31 . 2009-08-03 10:31 4582682 —-a-w- c:\program files\gmail-backup-0.107.exe
2009-07-25 23:36 . 2008-06-06 17:03 98240 —-a-w- c:\users\deDeurs\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-25 00:41 . 2009-03-25 00:41 1766443 —-a-w- c:\program files\dixmlsetup.exe
2008-12-05 00:14 . 2008-12-05 00:14 318904 —-a-w- c:\program files\wmpfirefoxplugin.exe
2008-11-25 00:30 . 2008-11-25 00:29 27288880 —-a-w- c:\program files\QuickTimeInstaller.exe
2008-10-21 14:44 . 2008-10-21 14:44 4212 —-a-w- c:\program files\ReadMe.txt
2008-06-08 00:21 . 2008-06-08 00:21 7554048 —-a-w- c:\program files\WindowsVistaUpgradeAdvisor.msi
2008-06-30 11:44 . 2009-08-19 08:20 324976 —-a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
@=“{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}”
2006-12-03 16:03 2854912 —-a-w- c:\program files\Protector Suite QL\farchns.dll
@=“{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}”
2006-12-03 16:03 2854912 —-a-w- c:\program files\Protector Suite QL\farchns.dll
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe”
“mnu”=“c:\program files\Orange\GLOBAL\Mnu\igomnu.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“Google Update”=“c:\users\deDeurs\AppData\Local\Google\Update\GoogleUpdate.exe”
“ThpSrv”=“c:\windows\system32\thpsrv”
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“TOSDCR”=“c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe”
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE”
“HSON”=“c:\program files\TOSHIBA\TBS\HSON.exe”
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe”
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe”
“NvSvc”=“c:\windows\system32\nvsvc.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“Apoint”=“c:\program files\Apoint2K\Apoint.exe”
“PSQLLauncher”=“c:\program files\Protector Suite QL\launcher.exe”
“TosAutLk”=“c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe”
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe”
“mnu”=“c:\program files\Orange\GLOBAL\Mnu\igomnu.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“itype”=“c:\program files\Microsoft IntelliType Pro\itype.exe”
“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe”
“osCheck”=“c:\program files\Norton 360\osCheck.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“runeip”=“c:\program files\Rising\AntiSpyware\rstray.exe”
“NDSTray.exe”=“NDSTray.exe”
“RtHDVCpl”=“RtHDVCpl.exe” - c:\windows\RtHDVCpl.exe
“DisableCAD”= 1 (0x1)
“EnableUIADesktopToggle”= 0 (0x0)
“EnableLUA”= 0 (0x0)
2006-12-03 15:50 90112 —-a-w- c:\windows\System32\psqlpwd.dll
“AppInit_DLLs”=c:\windows\System32\kmon.dll
Notification Packages REG_MULTI_SZ scecli psqlpwd
@=“Service”
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“VistaSp2”=hex(b):e8,9c,c8,2d,93,1c,ca,01
“EnableFirewall”= 0 (0x0)
“{BC1AC510-F953-4BAA-A888-599063C02059}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{CB321949-5AD5-41CD-8E17-FCB7C2C2A429}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{D32B63B2-C745-4F55-BD5E-721F6F889973}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{F17C9BD6-C797-40CA-9F89-EAE4AE095D94}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“EnableFirewall”= 0 (0x0)
“EnableFirewall”= 0 (0x0)
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090923.001\IDSvix86.sys
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys
— Andere Services/Drivers In Geheugen —
*NewlyCreated* - COMHOST
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Inhoud van de ‘Gedeelde Taken’ map
2009-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2387421007-2111986491-713706511-1000Core.job
- c:\users\deDeurs\AppData\Local\Google\Update\GoogleUpdate.exe
2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2387421007-2111986491-713706511-1000UA.job
- c:\users\deDeurs\AppData\Local\Google\Update\GoogleUpdate.exe
2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{D16355F4-9596-4BC3-845B-101F850C3ECB}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\deDeurs\AppData\Roaming\Mozilla\Firefox\Profiles\53rqcjy5.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\deDeurs\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 00:36
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘lsass.exe’(660)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
- - - - - - - > ‘Explorer.exe’(1720)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
c:\windows\System32\webcheck.dll
.
Voltooingstijd: 2009-10-18 0:39
ComboFix-quarantined-files.txt 2009-10-18 22:39
Pre-Run: 29.423.898.624 bytes beschikbaar
Post-Run: 30.408.347.648 bytes beschikbaar
243 — E O F — 2009-10-17 16:45
———————-HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:45:47, on 19-10-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Rising\AntiSpyware\RSTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\deDeurs\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Orange - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Orange\GLOBAL\Mstbr\mstbr.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Rising PC Doctor - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\Windows\system32\UrlFilter.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Orange - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Orange\GLOBAL\Mstbr\mstbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: “C:\Program Files\Protector Suite QL\launcher.exe” /startup
O4 - HKLM\..\Run: C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: NDSTray.exe
O4 - HKLM\..\Run: c:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
O4 - HKLM\..\Run: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliType Pro\itype.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: “C:\Program Files\Norton 360\osCheck.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\Rising\AntiSpyware\rstray.exe” /startup
O4 - HKCU\..\Run: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: “C:\Users\deDeurs\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O20 - AppInit_DLLs: C:\Windows\System32\kmon.dll,kmon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
–
End of file - 9111 bytes
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
