Vraag & Antwoord

Beveiliging & privacy

Neppe Anti-Spyware Popups

8 antwoorden
  • Hallo, ik heb een probleem met pop-ups die ik krijg die mij vertellen dat ik anti-spyware moet aanschaffen. Kan iemand mij helpen>? Ik heb met Malware gescant en met HijackThis (daarna) hieronder de logs: Malwarebytes' Anti-Malware 1.23 Database version: 1002 Windows 5.1.2600 Service Pack 3 15:25:04 9-11-2008 mbam-log-11-9-2008 (15-25-04).txt Scan type: Quick Scan Objects scanned: 87969 Time elapsed: 22 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:26:02, on 9-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CSRLT.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\WTClient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [enactinfo] C:\WINDOWS\system32\uxubuzyb.exe O4 - HKCU\..\Run: [dbcmd] C:\WINDOWS\system32\slwnivkz.exe O4 - HKLM\..\Policies\Explorer\Run: [4MoKYOUuyg] C:\Documents and Settings\All Users\Application Data\ehypixsx\spqfkbgz.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE -- End of file - 9096 bytes
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:9d6ed5d2c9][color=blue:9d6ed5d2c9]Combofix[/color:9d6ed5d2c9][/b:9d6ed5d2c9][/url] naar je Bureaublad. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:9d6ed5d2c9]download Combofix opnieuw[/b:9d6ed5d2c9]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:9d6ed5d2c9] Dubbelklik op [b:9d6ed5d2c9]Combofix.exe[/b:9d6ed5d2c9] om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Volg de instructies, aanvaard de disclaimer door op [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] te klikken. Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:9d6ed5d2c9]JA[/b:9d6ed5d2c9] te klikken in het "Query - Recovery Console" venster. Klik op [b:9d6ed5d2c9]OK[/b:9d6ed5d2c9] en [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] om automatisch de Recovery Console te laten installeren. Klik na afloop terug op [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] om het scannen op malware te starten. Tijdens het runnen van de fix, [b:9d6ed5d2c9]NIET[/b:9d6ed5d2c9] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9d6ed5d2c9] Wanneer de fix voltooid is en na herstart, zal de log [b:9d6ed5d2c9]Combofix.txt[/b:9d6ed5d2c9] openen. Post dit logje in je volgende antwoord.
  • Dankuwel ComboFix 08-11-07.01 - user 2008-11-09 19:26:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2189 [GMT 1:00] Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\$@ndr@(K)\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML c:\documents and settings\Eveline\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML c:\program files\SAV c:\program files\SAV\sav.ooo c:\program files\SAV\sav0.dat c:\program files\SAV\sav1.dat c:\windows\sglt01.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))) . 2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM 2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d-------- c:\documents and settings\tom\Application Data\Download Manager 2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d-------- c:\documents and settings\tom\Application Data\dvdcss 2008-11-04 13:27 . 2008-11-09 19:17 <DIR> dr-h----- c:\documents and settings\user\Onlangs geopend 2008-11-03 16:55 . 2008-11-07 17:20 97 --a------ c:\windows\WirelessFTP.INI 2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d-------- c:\program files\Albumprinter Pro Editor 2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor 2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d-------- c:\documents and settings\tom\Application Data\Winamp 2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d-------- c:\program files\Winamp 2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d-------- c:\documents and settings\user\Application Data\Winamp 2008-11-02 12:30 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2008-10-25 17:07 . 2008-10-25 17:07 <DIR> d-------- c:\documents and settings\tom\Application Data\Windows Live Writer 2008-10-24 15:20 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-19 18:47 . 2008-10-19 18:47 <DIR> d-------- c:\documents and settings\$@ndr@(K)\Application Data\Real 2008-10-16 14:51 . 2008-10-16 14:51 <DIR> d-------- c:\program files\DivX 2008-10-16 10:36 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 10:36 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 10:36 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 10:36 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-16 10:36 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-16 10:36 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-13 16:06 . 2008-10-15 13:33 <DIR> d-------- c:\program files\Common Files\logishrd 2008-10-13 10:03 . 2008-10-13 10:03 <DIR> d-------- c:\documents and settings\user\Application Data\dvdcss 2008-10-11 16:57 . 2008-10-11 16:57 <DIR> d-------- c:\documents and settings\user\Application Data\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 18:16 --------- d-----w c:\program files\SPAMfighter 2008-11-09 11:02 887,565 ----a-w c:\windows\system32\CSRLT.EXE 2008-11-09 11:02 887,565 ----a-w c:\windows\MSBLT.EXE 2008-11-05 18:16 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-11-05 18:16 50,968 ----a-w c:\windows\system32\avgfwdx.dll 2008-11-05 18:16 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys 2008-10-30 05:52 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-10-21 08:48 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-15 18:46 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-08 10:41 --------- d-----w c:\program files\K-Lite Codec Pack 2008-10-06 14:00 --------- d-----w c:\documents and settings\user\Application Data\EPSON 2008-09-27 12:34 --------- d-----w c:\program files\Windows Live 2008-09-27 12:32 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-09-27 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-09-23 18:16 --------- d-----w c:\program files\Microsoft Works 2008-09-22 19:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-22 18:43 --------- d-----w c:\program files\Microsoft.NET 2008-09-19 15:47 --------- d-----w c:\documents and settings\Femke\Application Data\EPSON 2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-15 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\ehypixsx 2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-15 07:35 --------- d-----w c:\documents and settings\tom\Application Data\Skype 2008-09-15 06:21 --------- d-----w c:\documents and settings\tom\Application Data\DAEMON Tools 2008-09-15 06:05 --------- d-----w c:\documents and settings\tom\Application Data\skypePM 2008-09-13 11:25 --------- d-----w c:\program files\Yahoo! 2008-09-13 09:31 --------- d-----w c:\program files\DAEMON Tools Lite 2008-09-13 09:24 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-09-13 09:24 --------- d-----w c:\documents and settings\user\Application Data\DAEMON Tools 2008-09-13 09:22 --------- d-----w c:\documents and settings\user\Application Data\Ahead 2008-08-26 17:15 964,495,904 ----a-w C:\OutPut2A.bin 2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-25 15:33 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-08-14 13:27 2,149,888 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:27 2,028,544 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-28 98304] "CSRLT.EXE"="c:\windows\system32\CSRLT.EXE" [2008-11-09 887565] "RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe] "WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "f:\\D\\Games\\Steam\\steam.exe"= "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hl.exe"= "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hlds.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2005-05-13 17920] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632] R1 NVHelper;NVHelper;c:\windows\system32\drivers\NVHelper.SYS [2004-02-24 111689] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2005-05-13 13824] R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792] S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208] S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2005-01-21 73344] S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2007-01-29 361728] S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-01-29 39680] S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2007-02-23 18560] *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKCU-Run-enactinfo - c:\windows\system32\uxubuzyb.exe HKCU-Run-dbcmd - c:\windows\system32\slwnivkz.exe HKLM-Explorer_Run-4MoKYOUuyg - c:\documents and settings\All Users\Application Data\ehypixsx\spqfkbgz.exe . ------- Bijkomende Scan ------- . FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kenezww4.default\ FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-09 19:28:08 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-11-09 19:29:03 ComboFix-quarantined-files.txt 2008-11-09 18:28:52 Pre-Run: 9.118.191.616 bytes beschikbaar Post-Run: 14,263,959,552 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 186 --- E O F --- 2008-10-24 23:16:52
  • Heeft U ook een nieuw gemaakt HJT logje ter controle.
  • Hallo, Ik krijg nog steeds popups van een bestandje, gewoon witte schermpjes met in de balk explore. Als ik bij ctrl alt delete CSRLT.EXE afsluit, gebeurt dit niet meer, heb je misschien iets om dit te fixen? ligt het misschien aan deze?: O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE MVG Wietse Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:19, on 10-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WTClient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe C:\Documents and Settings\tom\Bureaublad\Keygen Illustrator CS3\Keygen Activation Illustrator CS3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 8590 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:9b0090df2f][b:9b0090df2f][color=blue:9b0090df2f] File:: c:\windows\system32\CSRLT.EXE c:\windows\MSBLT.EXE [/color:9b0090df2f][/b:9b0090df2f][/list:u:9b0090df2f]Sla dit op op je Bureaublad als [b:9b0090df2f]CFScript.txt[/b:9b0090df2f] Sleep [b:9b0090df2f]CFScript.txt[/b:9b0090df2f] in [b:9b0090df2f]ComboFix.exe[/b:9b0090df2f] zoals getoond in onderstaand voorbeeld : [img:9b0090df2f]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:9b0090df2f] Dit zal [b:9b0090df2f]ComboFix[/b:9b0090df2f] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:9b0090df2f]Combofix.txt[/b:9b0090df2f] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Hier zijn de logjes: ComboFix 08-11-10.01 - user 2008-11-11 16:34:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2412 [GMT 1:00] Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\user\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\MSBLT.EXE c:\windows\system32\CSRLT.EXE . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\MSBLT.EXE c:\windows\sglt01.exe c:\windows\system32\CSRLT.EXE . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))) . 2008-11-10 23:31 . 2008-11-10 23:31 <DIR> d-------- c:\documents and settings\tom\Application Data\Thinstall 2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM 2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d-------- c:\documents and settings\tom\Application Data\Download Manager 2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d-------- c:\documents and settings\tom\Application Data\dvdcss 2008-11-04 13:27 . 2008-11-11 16:32 <DIR> dr-h----- c:\documents and settings\user\Onlangs geopend 2008-11-03 16:55 . 2008-11-07 17:20 97 --a------ c:\windows\WirelessFTP.INI 2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d-------- c:\program files\Albumprinter Pro Editor 2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor 2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d-------- c:\documents and settings\tom\Application Data\Winamp 2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d-------- c:\program files\Winamp 2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d-------- c:\documents and settings\user\Application Data\Winamp 2008-11-02 12:30 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2008-10-25 17:07 . 2008-10-25 17:07 <DIR> d-------- c:\documents and settings\tom\Application Data\Windows Live Writer 2008-10-24 15:20 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-19 18:47 . 2008-10-19 18:47 <DIR> d-------- c:\documents and settings\$@ndr@(K)\Application Data\Real 2008-10-16 14:51 . 2008-10-16 14:51 <DIR> d-------- c:\program files\DivX 2008-10-16 10:36 . 2008-08-14 14:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 10:36 . 2008-08-14 14:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 10:36 . 2008-08-14 14:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 10:36 . 2008-08-14 14:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-16 10:36 . 2008-09-15 16:28 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-16 10:36 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-13 16:06 . 2008-10-15 13:33 <DIR> d-------- c:\program files\Common Files\logishrd 2008-10-13 10:03 . 2008-10-13 10:03 <DIR> d-------- c:\documents and settings\user\Application Data\dvdcss 2008-10-11 16:57 . 2008-10-11 16:57 <DIR> d-------- c:\documents and settings\user\Application Data\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 15:30 --------- d-----w c:\program files\SPAMfighter 2008-11-05 18:16 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-11-05 18:16 50,968 ----a-w c:\windows\system32\avgfwdx.dll 2008-11-05 18:16 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys 2008-10-30 05:52 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-10-21 08:48 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-15 18:46 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-08 10:41 --------- d-----w c:\program files\K-Lite Codec Pack 2008-10-06 14:00 --------- d-----w c:\documents and settings\user\Application Data\EPSON 2008-09-27 12:34 --------- d-----w c:\program files\Windows Live 2008-09-27 12:32 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-09-27 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-09-23 18:16 --------- d-----w c:\program files\Microsoft Works 2008-09-22 19:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-22 18:43 --------- d-----w c:\program files\Microsoft.NET 2008-09-19 15:47 --------- d-----w c:\documents and settings\Femke\Application Data\EPSON 2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-15 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\ehypixsx 2008-09-15 15:28 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-15 07:35 --------- d-----w c:\documents and settings\tom\Application Data\Skype 2008-09-15 06:21 --------- d-----w c:\documents and settings\tom\Application Data\DAEMON Tools 2008-09-15 06:05 --------- d-----w c:\documents and settings\tom\Application Data\skypePM 2008-09-13 11:25 --------- d-----w c:\program files\Yahoo! 2008-09-13 09:31 --------- d-----w c:\program files\DAEMON Tools Lite 2008-09-13 09:24 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-09-13 09:24 --------- d-----w c:\documents and settings\user\Application Data\DAEMON Tools 2008-09-13 09:22 --------- d-----w c:\documents and settings\user\Application Data\Ahead 2008-08-26 17:15 964,495,904 ----a-w C:\OutPut2A.bin 2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-25 15:33 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-08-14 13:27 2,149,888 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:27 2,028,544 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-09_19.28.26,92 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-02 11:00:00 1,609,168 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-11-11 06:26:11 1,609,168 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-11-09 16:03:06 59,498 ----a-w c:\windows\system32\perfc009.dat + 2008-11-11 15:32:33 59,498 ----a-w c:\windows\system32\perfc009.dat - 2008-11-09 16:03:06 77,370 ----a-w c:\windows\system32\perfc013.dat + 2008-11-11 15:32:33 77,370 ----a-w c:\windows\system32\perfc013.dat - 2008-11-09 16:03:06 395,640 ----a-w c:\windows\system32\perfh009.dat + 2008-11-11 15:32:33 395,640 ----a-w c:\windows\system32\perfh009.dat - 2008-11-09 16:03:06 458,858 ----a-w c:\windows\system32\perfh013.dat + 2008-11-11 15:32:33 458,858 ----a-w c:\windows\system32\perfh013.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-28 98304] "RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe] "WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "f:\\D\\Games\\Steam\\steam.exe"= "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hl.exe"= "f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hlds.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2005-05-13 17920] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632] R1 NVHelper;NVHelper;c:\windows\system32\drivers\NVHelper.SYS [2004-02-24 111689] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968] R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2005-05-13 13824] R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792] S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208] S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2005-01-21 73344] S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2007-01-29 361728] S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-01-29 39680] S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2007-02-23 18560] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-CSRLT.EXE - c:\windows\system32\CSRLT.EXE ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 16:38:02 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\docume~1\user\LOCALS~1\Temp\RGI6.tmp Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** . Voltooingstijd: 2008-11-11 16:38:56 ComboFix-quarantined-files.txt 2008-11-11 15:38:49 ComboFix2.txt 2008-11-09 18:29:04 Pre-Run: 13.662.085.120 bytes beschikbaar Post-Run: 13,673,598,976 bytes beschikbaar 180 --- E O F --- 2008-10-24 23:16:52 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:41:25, on 11-11-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WTClient.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE -- End of file - 8336 bytes
  • Nice, Nog problemen ?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.