Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Neppe Anti-Spyware Popups

None
8 antwoorden
  • Hallo, ik heb een probleem met pop-ups die ik krijg die mij vertellen dat ik anti-spyware moet aanschaffen.
    Kan iemand mij helpen>?
    Ik heb met Malware gescant en met HijackThis (daarna) hieronder de logs:

    Malwarebytes' Anti-Malware 1.23
    Database version: 1002
    Windows 5.1.2600 Service Pack 3

    15:25:04 9-11-2008
    mbam-log-11-9-2008 (15-25-04).txt

    Scan type: Quick Scan
    Objects scanned: 87969
    Time elapsed: 22 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    —-

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:26:02, on 9-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CSRLT.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\WTClient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE
    O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [enactinfo] C:\WINDOWS\system32\uxubuzyb.exe
    O4 - HKCU\..\Run: [dbcmd] C:\WINDOWS\system32\slwnivkz.exe
    O4 - HKLM\..\Policies\Explorer\Run: [4MoKYOUuyg] C:\Documents and Settings\All Users\Application Data\ehypixsx\spqfkbgz.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE


    End of file - 9096 bytes
  • Download [b:9d6ed5d2c9]Combofix[/color:9d6ed5d2c9][/b:9d6ed5d2c9] naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:9d6ed5d2c9]download Combofix opnieuw[/b:9d6ed5d2c9].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:9d6ed5d2c9]
    Dubbelklik op [b:9d6ed5d2c9]Combofix.exe[/b:9d6ed5d2c9] om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:9d6ed5d2c9]JA[/b:9d6ed5d2c9] te klikken in het "Query - Recovery Console" venster.
    Klik op [b:9d6ed5d2c9]OK[/b:9d6ed5d2c9] en [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] om het scannen op malware te starten.
    Tijdens het runnen van de fix, [b:9d6ed5d2c9]NIET[/b:9d6ed5d2c9] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9d6ed5d2c9]
    Wanneer de fix voltooid is en na herstart, zal de log [b:9d6ed5d2c9]Combofix.txt[/b:9d6ed5d2c9] openen.

    Post dit logje in je volgende antwoord.
  • Dankuwel

    ComboFix 08-11-07.01 - user 2008-11-09 19:26:25.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2189 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\$@ndr@(K)\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    c:\documents and settings\Eveline\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    c:\program files\SAV
    c:\program files\SAV\sav.ooo
    c:\program files\SAV\sav0.dat
    c:\program files\SAV\sav1.dat
    c:\windows\sglt01.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))
    .

    2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d——– c:\documents and settings\All Users\Application Data\ALM
    2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d——– c:\documents and settings\tom\Application Data\Download Manager
    2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d——– c:\documents and settings\tom\Application Data\dvdcss
    2008-11-04 13:27 . 2008-11-09 19:17 <DIR> dr-h—– c:\documents and settings\user\Onlangs geopend
    2008-11-03 16:55 . 2008-11-07 17:20 97 –a—— c:\windows\WirelessFTP.INI
    2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d——– c:\program files\Albumprinter Pro Editor
    2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor
    2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d——– c:\documents and settings\tom\Application Data\Winamp
    2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d——– c:\program files\Winamp
    2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d——– c:\documents and settings\user\Application Data\Winamp
    2008-11-02 12:30 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll
    2008-10-25 17:07 . 2008-10-25 17:07 <DIR> d——– c:\documents and settings\tom\Application Data\Windows Live Writer
    2008-10-24 15:20 . 2008-10-15 17:37 337,408 —–c— c:\windows\system32\dllcache
    etapi32.dll
    2008-10-19 18:47 . 2008-10-19 18:47 <DIR> d——– c:\documents and settings\$@ndr@(K)\Application Data\Real
    2008-10-16 14:51 . 2008-10-16 14:51 <DIR> d——– c:\program files\DivX
    2008-10-16 10:36 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2008-10-16 10:36 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2008-10-16 10:36 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2008-10-16 10:36 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2008-10-16 10:36 . 2008-09-15 16:28 1,846,528 —–c— c:\windows\system32\dllcache\win32k.sys
    2008-10-16 10:36 . 2008-09-08 11:41 333,824 —–c— c:\windows\system32\dllcache\srv.sys
    2008-10-13 16:06 . 2008-10-15 13:33 <DIR> d——– c:\program files\Common Files\logishrd
    2008-10-13 10:03 . 2008-10-13 10:03 <DIR> d——– c:\documents and settings\user\Application Data\dvdcss
    2008-10-11 16:57 . 2008-10-11 16:57 <DIR> d——– c:\documents and settings\user\Application Data\Skype

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-09 18:16 ——— d—–w c:\program files\SPAMfighter
    2008-11-09 11:02 887,565 —-a-w c:\windows\system32\CSRLT.EXE
    2008-11-09 11:02 887,565 —-a-w c:\windows\MSBLT.EXE
    2008-11-05 18:16 90,632 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2008-11-05 18:16 50,968 —-a-w c:\windows\system32\avgfwdx.dll
    2008-11-05 18:16 29,208 —-a-w c:\windows\system32\drivers\avgfwdx.sys
    2008-10-30 05:52 98,440 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-21 08:48 ——— d—–w c:\program files\Microsoft Silverlight
    2008-10-15 18:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-10-08 10:41 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-10-06 14:00 ——— d—–w c:\documents and settings\user\Application Data\EPSON
    2008-09-27 12:34 ——— d—–w c:\program files\Windows Live
    2008-09-27 12:32 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2008-09-27 12:30 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-23 18:16 ——— d—–w c:\program files\Microsoft Works
    2008-09-22 19:10 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-09-22 18:43 ——— d—–w c:\program files\Microsoft.NET
    2008-09-19 15:47 ——— d—–w c:\documents and settings\Femke\Application Data\EPSON
    2008-09-16 00:12 200,704 —-a-w c:\windows\system32\ssldivx.dll
    2008-09-16 00:12 1,044,480 —-a-w c:\windows\system32\libdivx.dll
    2008-09-15 19:02 ——— d—–w c:\documents and settings\All Users\Application Data\ehypixsx
    2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
    2008-09-15 07:35 ——— d—–w c:\documents and settings\tom\Application Data\Skype
    2008-09-15 06:21 ——— d—–w c:\documents and settings\tom\Application Data\DAEMON Tools
    2008-09-15 06:05 ——— d—–w c:\documents and settings\tom\Application Data\skypePM
    2008-09-13 11:25 ——— d—–w c:\program files\Yahoo!
    2008-09-13 09:31 ——— d—–w c:\program files\DAEMON Tools Lite
    2008-09-13 09:24 717,296 —-a-w c:\windows\system32\drivers\sptd.sys
    2008-09-13 09:24 ——— d—–w c:\documents and settings\user\Application Data\DAEMON Tools
    2008-09-13 09:22 ——— d—–w c:\documents and settings\user\Application Data\Ahead
    2008-08-26 17:15 964,495,904 —-a-w C:\OutPut2A.bin
    2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-08-25 15:33 10,520 —-a-w c:\windows\system32\avgrsstx.dll
    2008-08-14 13:27 2,149,888 —-a-w c:\windows\system32
    toskrnl.exe
    2008-08-14 13:27 2,028,544 —-a-w c:\windows\system32
    tkrnlpa.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736]
    "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-28 98304]
    "CSRLT.EXE"="c:\windows\system32\CSRLT.EXE" [2008-11-09 887565]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe]
    "WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= c:\windows\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "f:\\D\\Games\\Steam\\steam.exe"=
    "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hl.exe"=
    "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hlds.exe"=
    "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\winver.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2005-05-13 17920]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632]
    R1 NVHelper;NVHelper;c:\windows\system32\drivers\NVHelper.SYS [2004-02-24 111689]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704]
    R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
    R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2005-05-13 13824]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
    S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2005-01-21 73344]
    S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
    S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
    S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2007-02-23 18560]

    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    HKCU-Run-enactinfo - c:\windows\system32\uxubuzyb.exe
    HKCU-Run-dbcmd - c:\windows\system32\slwnivkz.exe
    HKLM-Explorer_Run-4MoKYOUuyg - c:\documents and settings\All Users\Application Data\ehypixsx\spqfkbgz.exe


    .
    ——- Bijkomende Scan ——-
    .
    FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kenezww4.default\
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0
    pctrl.1.0.30716.0.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0
    pctrl.dll
    FF -: plugin - c:\program files\Yahoo!\Common
    pyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-09 19:28:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-11-09 19:29:03
    ComboFix-quarantined-files.txt 2008-11-09 18:28:52

    Pre-Run: 9.118.191.616 bytes beschikbaar
    Post-Run: 14,263,959,552 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    186 — E O F — 2008-10-24 23:16:52
  • Heeft U ook een nieuw gemaakt HJT logje ter controle.
  • Hallo,
    Ik krijg nog steeds popups van een bestandje, gewoon witte schermpjes met in de balk explore.
    Als ik bij ctrl alt delete CSRLT.EXE afsluit, gebeurt dit niet meer, heb je misschien iets om dit te fixen?
    ligt het misschien aan deze?:
    O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE

    MVG
    Wietse

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:30:19, on 10-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WTClient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
    C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
    C:\Documents and Settings\tom\Bureaublad\Keygen Illustrator CS3\Keygen Activation Illustrator CS3.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE
    O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
    O24 - Desktop Component 0: Privacy Protection - (no file)


    End of file - 8590 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:9b0090df2f][b:9b0090df2f]

    File::
    c:\windows\system32\CSRLT.EXE
    c:\windows\MSBLT.EXE

    [/color:9b0090df2f][/b:9b0090df2f][/list:u:9b0090df2f]Sla dit op op je Bureaublad als [b:9b0090df2f]CFScript.txt[/b:9b0090df2f]


    Sleep [b:9b0090df2f]CFScript.txt[/b:9b0090df2f] in [b:9b0090df2f]ComboFix.exe[/b:9b0090df2f] zoals getoond in onderstaand voorbeeld :

    [img:9b0090df2f]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:9b0090df2f]

    Dit zal [b:9b0090df2f]ComboFix[/b:9b0090df2f] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:9b0090df2f]Combofix.txt[/b:9b0090df2f] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Hier zijn de logjes:

    ComboFix 08-11-10.01 - user 2008-11-11 16:34:35.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2412 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\user\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\MSBLT.EXE
    c:\windows\system32\CSRLT.EXE
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\MSBLT.EXE
    c:\windows\sglt01.exe
    c:\windows\system32\CSRLT.EXE

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))
    .

    2008-11-10 23:31 . 2008-11-10 23:31 <DIR> d——– c:\documents and settings\tom\Application Data\Thinstall
    2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d——– c:\documents and settings\All Users\Application Data\ALM
    2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d——– c:\documents and settings\tom\Application Data\Download Manager
    2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d——– c:\documents and settings\tom\Application Data\dvdcss
    2008-11-04 13:27 . 2008-11-11 16:32 <DIR> dr-h—– c:\documents and settings\user\Onlangs geopend
    2008-11-03 16:55 . 2008-11-07 17:20 97 –a—— c:\windows\WirelessFTP.INI
    2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d——– c:\program files\Albumprinter Pro Editor
    2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor
    2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d——– c:\documents and settings\tom\Application Data\Winamp
    2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d——– c:\program files\Winamp
    2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d——– c:\documents and settings\user\Application Data\Winamp
    2008-11-02 12:30 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll
    2008-10-25 17:07 . 2008-10-25 17:07 <DIR> d——– c:\documents and settings\tom\Application Data\Windows Live Writer
    2008-10-24 15:20 . 2008-10-15 17:37 337,408 —–c— c:\windows\system32\dllcache
    etapi32.dll
    2008-10-19 18:47 . 2008-10-19 18:47 <DIR> d——– c:\documents and settings\$@ndr@(K)\Application Data\Real
    2008-10-16 14:51 . 2008-10-16 14:51 <DIR> d——– c:\program files\DivX
    2008-10-16 10:36 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2008-10-16 10:36 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2008-10-16 10:36 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2008-10-16 10:36 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2008-10-16 10:36 . 2008-09-15 16:28 1,846,528 —–c— c:\windows\system32\dllcache\win32k.sys
    2008-10-16 10:36 . 2008-09-08 11:41 333,824 —–c— c:\windows\system32\dllcache\srv.sys
    2008-10-13 16:06 . 2008-10-15 13:33 <DIR> d——– c:\program files\Common Files\logishrd
    2008-10-13 10:03 . 2008-10-13 10:03 <DIR> d——– c:\documents and settings\user\Application Data\dvdcss
    2008-10-11 16:57 . 2008-10-11 16:57 <DIR> d——– c:\documents and settings\user\Application Data\Skype

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-11 15:30 ——— d—–w c:\program files\SPAMfighter
    2008-11-05 18:16 90,632 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2008-11-05 18:16 50,968 —-a-w c:\windows\system32\avgfwdx.dll
    2008-11-05 18:16 29,208 —-a-w c:\windows\system32\drivers\avgfwdx.sys
    2008-10-30 05:52 98,440 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-21 08:48 ——— d—–w c:\program files\Microsoft Silverlight
    2008-10-15 18:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-10-08 10:41 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-10-06 14:00 ——— d—–w c:\documents and settings\user\Application Data\EPSON
    2008-09-27 12:34 ——— d—–w c:\program files\Windows Live
    2008-09-27 12:32 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2008-09-27 12:30 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-23 18:16 ——— d—–w c:\program files\Microsoft Works
    2008-09-22 19:10 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-09-22 18:43 ——— d—–w c:\program files\Microsoft.NET
    2008-09-19 15:47 ——— d—–w c:\documents and settings\Femke\Application Data\EPSON
    2008-09-16 00:12 200,704 —-a-w c:\windows\system32\ssldivx.dll
    2008-09-16 00:12 1,044,480 —-a-w c:\windows\system32\libdivx.dll
    2008-09-15 19:02 ——— d—–w c:\documents and settings\All Users\Application Data\ehypixsx
    2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
    2008-09-15 07:35 ——— d—–w c:\documents and settings\tom\Application Data\Skype
    2008-09-15 06:21 ——— d—–w c:\documents and settings\tom\Application Data\DAEMON Tools
    2008-09-15 06:05 ——— d—–w c:\documents and settings\tom\Application Data\skypePM
    2008-09-13 11:25 ——— d—–w c:\program files\Yahoo!
    2008-09-13 09:31 ——— d—–w c:\program files\DAEMON Tools Lite
    2008-09-13 09:24 717,296 —-a-w c:\windows\system32\drivers\sptd.sys
    2008-09-13 09:24 ——— d—–w c:\documents and settings\user\Application Data\DAEMON Tools
    2008-09-13 09:22 ——— d—–w c:\documents and settings\user\Application Data\Ahead
    2008-08-26 17:15 964,495,904 —-a-w C:\OutPut2A.bin
    2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-08-25 15:33 10,520 —-a-w c:\windows\system32\avgrsstx.dll
    2008-08-14 13:27 2,149,888 —-a-w c:\windows\system32
    toskrnl.exe
    2008-08-14 13:27 2,028,544 —-a-w c:\windows\system32
    tkrnlpa.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-09_19.28.26,92 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-02 11:00:00 1,609,168 —-a-w c:\windows\system32\FNTCACHE.DAT
    + 2008-11-11 06:26:11 1,609,168 —-a-w c:\windows\system32\FNTCACHE.DAT
    - 2008-11-09 16:03:06 59,498 —-a-w c:\windows\system32\perfc009.dat
    + 2008-11-11 15:32:33 59,498 —-a-w c:\windows\system32\perfc009.dat
    - 2008-11-09 16:03:06 77,370 —-a-w c:\windows\system32\perfc013.dat
    + 2008-11-11 15:32:33 77,370 —-a-w c:\windows\system32\perfc013.dat
    - 2008-11-09 16:03:06 395,640 —-a-w c:\windows\system32\perfh009.dat
    + 2008-11-11 15:32:33 395,640 —-a-w c:\windows\system32\perfh009.dat
    - 2008-11-09 16:03:06 458,858 —-a-w c:\windows\system32\perfh013.dat
    + 2008-11-11 15:32:33 458,858 —-a-w c:\windows\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736]
    "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-28 98304]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe]
    "WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= c:\windows\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "f:\\D\\Games\\Steam\\steam.exe"=
    "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hl.exe"=
    "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hlds.exe"=
    "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\winver.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2005-05-13 17920]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632]
    R1 NVHelper;NVHelper;c:\windows\system32\drivers\NVHelper.SYS [2004-02-24 111689]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704]
    R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
    R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2005-05-13 13824]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
    S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2005-01-21 73344]
    S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
    S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
    S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2007-02-23 18560]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-CSRLT.EXE - c:\windows\system32\CSRLT.EXE



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-11 16:38:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …


    c:\docume~1\user\LOCALS~1\Temp\RGI6.tmp

    Scan succesvol afgerond
    verborgen bestanden: 1

    **************************************************************************
    .
    Voltooingstijd: 2008-11-11 16:38:56
    ComboFix-quarantined-files.txt 2008-11-11 15:38:49
    ComboFix2.txt 2008-11-09 18:29:04

    Pre-Run: 13.662.085.120 bytes beschikbaar
    Post-Run: 13,673,598,976 bytes beschikbaar

    180 — E O F — 2008-10-24 23:16:52


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:41:25, on 11-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WTClient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE


    End of file - 8336 bytes
  • Nice,

    Nog problemen ?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.