[OPGELOST] trojans

[jantje02]

ComboFix 09-07-01.01 - Administrator 02-07-2009 11:00.11 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.296 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))))

.

2009-07-02 09:05 . 2009-07-02 09:05 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2009-06-27 09:53 . 2009-06-27 09:53 -------- d-----w- c:\documents and settings\Administrator\.jagex_cache_32

2009-06-27 08:03 . 2009-06-27 08:03 -------- d-----w- C:\.jagex_cache_32

2009-06-26 12:40 . 2009-06-26 12:40 34 ----a-w- c:\documents and settings\Naam\jagex_runescape_preferences.dat

2009-06-26 12:14 . 2009-02-13 08:13 -------- d--h--w- c:\documents and settings\Naam\Netwerkprinteromgeving

2009-06-26 12:14 . 2009-02-13 08:13 -------- d-----r- c:\documents and settings\Naam\Menu Start

2009-06-26 12:14 . 2009-02-13 07:17 -------- d--h--w- c:\documents and settings\Naam\Sjablonen

2009-06-24 11:08 . 2009-06-24 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit

2009-06-24 11:08 . 2009-06-27 08:43 -------- d-----w- c:\program files\SwiftKit

2009-06-13 17:53 . 2009-06-13 17:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss

2009-06-11 15:32 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-11 15:32 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-02 09:07 . 2009-02-28 21:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-07-02 09:07 . 2009-02-14 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-07-02 09:06 . 2009-03-15 11:36 679968 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-02 09:06 . 2009-03-15 11:36 4452 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-02 09:06 . 2009-03-15 11:36 2999840 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-02 09:06 . 2009-03-15 11:36 25564 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-02 08:22 . 2009-02-13 13:56 34 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat

2009-07-02 06:30 . 2009-03-26 12:32 -------- d-----w- c:\program files\Common Files\Real

2009-07-02 06:27 . 2009-03-03 15:25 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-02 06:23 . 2009-02-21 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2009-07-01 17:55 . 2009-03-08 09:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-06-26 12:15 . 2009-06-26 12:15 -------- d-----w- c:\documents and settings\Naam\Application Data\URSoft

2009-06-24 09:56 . 2009-02-24 09:21 -------- d-----w- c:\program files\Utorrent

2009-06-23 16:46 . 2009-05-15 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\MessengerDiscovery 2

2009-06-13 11:07 . 2009-04-28 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-12 13:03 . 2009-02-13 13:19 78296 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-11 16:54 . 2009-02-17 16:52 -------- d-----w- c:\program files\Windows Desktop Search

2009-06-06 12:25 . 2009-03-08 09:30 -------- d-----w- c:\program files\CCleaner

2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll

2009-05-18 15:33 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-05-18 15:33 . 2009-03-15 11:46 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-05-18 15:33 . 2009-03-15 11:46 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-05-15 16:28 . 2009-05-15 16:28 -------- d-----w- c:\program files\Maxis

2009-05-15 16:04 . 2009-05-15 16:04 -------- d-----w- c:\program files\MessengerDiscovery 2

2009-05-13 05:06 . 2002-12-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-12 14:39 . 2009-03-14 13:23 -------- d-----w- c:\program files\MessengerDiscovery

2009-05-12 13:12 . 2009-02-13 14:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2009-05-12 13:09 . 2009-05-09 10:28 -------- d-----w- c:\program files\Privacy Guardian

2009-05-10 12:09 . 2009-04-26 13:02 -------- d-----w- c:\program files\SopCast

2009-05-10 10:37 . 2009-05-10 09:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager

2009-05-07 15:34 . 2002-12-31 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-04 13:15 . 2009-05-04 13:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\MiniDm

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2009-05-01 11:56 . 2009-05-01 11:56 39424 ----a-w- c:\windows\zipinst.exe

2009-05-01 11:06 . 2002-12-31 12:00 537198 ----a-w- c:\windows\system32\perfh013.dat

2009-05-01 11:06 . 2002-12-31 12:00 101340 ----a-w- c:\windows\system32\perfc013.dat

2009-04-19 19:51 . 2002-12-31 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:55 . 2002-12-31 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-05 16:41 . 2002-12-31 12:00 219136 ----a-w- c:\windows\system32\uxtheme(2).dll

2009-04-05 14:05 . 2009-04-05 14:04 47864 ----a-w- c:\documents and settings\School.GOT2BE-3B3BB2DE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-04 13:44 . 2009-02-27 07:58 1878888 ----a-w- c:\program files\install_flash_player.exe

2009-04-04 13:00 . 2009-04-04 13:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe

2009-04-04 12:59 . 2009-04-04 12:59 2028 ----a-w- c:\program files\Adobe Downloads wordt hervat.lnk

.

((((((((((((((((((((((((((((( SnapShot@2009-07-02_07.04.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-02 09:07 . 2009-07-02 09:07 16384 c:\windows\Temp\Perflib_Perfdata_194.dat

+ 2009-06-11 15:56 . 2009-07-02 08:22 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

- 2009-06-11 15:56 . 2009-07-01 20:29 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

+ 2009-06-11 15:56 . 2009-07-02 08:22 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll

- 2009-06-11 15:56 . 2009-07-01 20:29 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartupFaster"="c:\program files\Startup Faster\startuploader.exe" [2008-09-07 1402080]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-15 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Utorrent\\utorrent.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"c:\\Program Files\\Utorrent\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\lcmp-svr.exe"=

"c:\\Program Files\\Rockstar Games\\Midnight Club II Demo\\mc2_demo.exe"=

"c:\\Program Files\\IEPro\\MiniDM.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29-1-2008 18:29 33808]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15-3-2009 14:07 210216]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13-3-2008 19:02 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30-4-2008 18:06 24592]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4-4-2009 14:59 33176]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Block This Image (ABP)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Toevoegen aan de Banner Ad Blokker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xxqwj5g.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl)

FF - prefs.js: browser.startup.homepage - Google

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-07-02 11:07

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1425521274-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,df,50,98,31,4f,5b,4a,91,17,45,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1944)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\UPHClean\uphclean.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

c:\program files\Java\jre6\bin\jusched.exe

c:\program files\Startup Faster\SFAgent.exe

.

**************************************************************************

.

Voltooingstijd: 2009-07-02 11:14 - machine werd herstart

ComboFix-quarantined-files.txt 2009-07-02 09:14

ComboFix2.txt 2009-07-02 08:06

ComboFix3.txt 2009-07-02 07:09

ComboFix4.txt 2009-05-14 05:23

Pre-Run: 13.597.249.536 bytes beschikbaar

Post-Run: 13.621.772.288 bytes beschikbaar

194 --- E O F --- 2009-06-24 12:27

---------- Post added at 09:22 ---------- Previous post was at 09:20 ----------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:16:06, on 2-7-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Startup Faster\sfAgent.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: StartupFaster

O4 - Global Startup: StartupFaster

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Toevoegen aan de Banner Ad Blokker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Statistieken bescherming internetverkeer - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234729934546

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5560/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7919 bytes

[kape]

Ziet er prima uit. Tijd om Kaspersky er weer eens op los te laten.

[jantje02]

Niks aan de hand, dankjewel! Kan het zo zijn dat mijn passwords van computer zijn 'gestolen'?

[kape]

Moeilijk te zeggen ... lijkt me niet, maar absolute zekerheid daarover kan ik je niet geven. Misschien toch maar de meest essentiële paswoorden - indien mogelijk - wijzigen uit voorzorg.

[kape]

Bij gebrek aan reactie sluiten we dit topic af. Mocht je dit onderwerp willen heropenen, neem dan contact op met één van de moderators.