Vraag & Antwoord
Neppe Anti-Spyware Popups
8 antwoorden
- Hallo, ik heb een probleem met pop-ups die ik krijg die mij vertellen dat ik anti-spyware moet aanschaffen.
Kan iemand mij helpen>?
Ik heb met Malware gescant en met HijackThis (daarna) hieronder de logs:
Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 3
15:25:04 9-11-2008
mbam-log-11-9-2008 (15-25-04).txt
Scan type: Quick Scan
Objects scanned: 87969
Time elapsed: 22 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
—-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:02, on 9-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CSRLT.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WTClient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE
O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [enactinfo] C:\WINDOWS\system32\uxubuzyb.exe
O4 - HKCU\..\Run: [dbcmd] C:\WINDOWS\system32\slwnivkz.exe
O4 - HKLM\..\Policies\Explorer\Run: [4MoKYOUuyg] C:\Documents and Settings\All Users\Application Data\ehypixsx\spqfkbgz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
–
End of file - 9096 bytes - Download [b:9d6ed5d2c9] naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:9d6ed5d2c9]download Combofix opnieuw[/b:9d6ed5d2c9].
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:9d6ed5d2c9]
Dubbelklik op [b:9d6ed5d2c9]Combofix.exe[/b:9d6ed5d2c9] om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:9d6ed5d2c9]JA[/b:9d6ed5d2c9] te klikken in het "Query - Recovery Console" venster.
Klik op [b:9d6ed5d2c9]OK[/b:9d6ed5d2c9] en [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op [b:9d6ed5d2c9]Ja[/b:9d6ed5d2c9] om het scannen op malware te starten.
Tijdens het runnen van de fix, [b:9d6ed5d2c9]NIET[/b:9d6ed5d2c9] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:9d6ed5d2c9]
Wanneer de fix voltooid is en na herstart, zal de log [b:9d6ed5d2c9]Combofix.txt[/b:9d6ed5d2c9] openen.
Post dit logje in je volgende antwoord. - Dankuwel
ComboFix 08-11-07.01 - user 2008-11-09 19:26:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2189 [GMT 1:00]
Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\$@ndr@(K)\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Eveline\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\program files\SAV
c:\program files\SAV\sav.ooo
c:\program files\SAV\sav0.dat
c:\program files\SAV\sav1.dat
c:\windows\sglt01.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))
.
2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d——– c:\documents and settings\All Users\Application Data\ALM
2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d——– c:\documents and settings\tom\Application Data\Download Manager
2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d——– c:\documents and settings\tom\Application Data\dvdcss
2008-11-04 13:27 . 2008-11-09 19:17 <DIR> dr-h—– c:\documents and settings\user\Onlangs geopend
2008-11-03 16:55 . 2008-11-07 17:20 97 –a—— c:\windows\WirelessFTP.INI
2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d——– c:\program files\Albumprinter Pro Editor
2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor
2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d——– c:\documents and settings\tom\Application Data\Winamp
2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d——– c:\program files\Winamp
2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d——– c:\documents and settings\user\Application Data\Winamp
2008-11-02 12:30 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll
2008-10-25 17:07 . 2008-10-25 17:07 <DIR> d——– c:\documents and settings\tom\Application Data\Windows Live Writer
2008-10-24 15:20 . 2008-10-15 17:37 337,408 —–c— c:\windows\system32\dllcache\netapi32.dll
2008-10-19 18:47 . 2008-10-19 18:47 <DIR> d——– c:\documents and settings\$@ndr@(K)\Application Data\Real
2008-10-16 14:51 . 2008-10-16 14:51 <DIR> d——– c:\program files\DivX
2008-10-16 10:36 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 10:36 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 10:36 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 10:36 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 10:36 . 2008-09-15 16:28 1,846,528 —–c— c:\windows\system32\dllcache\win32k.sys
2008-10-16 10:36 . 2008-09-08 11:41 333,824 —–c— c:\windows\system32\dllcache\srv.sys
2008-10-13 16:06 . 2008-10-15 13:33 <DIR> d——– c:\program files\Common Files\logishrd
2008-10-13 10:03 . 2008-10-13 10:03 <DIR> d——– c:\documents and settings\user\Application Data\dvdcss
2008-10-11 16:57 . 2008-10-11 16:57 <DIR> d——– c:\documents and settings\user\Application Data\Skype
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 18:16 ——— d—–w c:\program files\SPAMfighter
2008-11-09 11:02 887,565 —-a-w c:\windows\system32\CSRLT.EXE
2008-11-09 11:02 887,565 —-a-w c:\windows\MSBLT.EXE
2008-11-05 18:16 90,632 —-a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-05 18:16 50,968 —-a-w c:\windows\system32\avgfwdx.dll
2008-11-05 18:16 29,208 —-a-w c:\windows\system32\drivers\avgfwdx.sys
2008-10-30 05:52 98,440 —-a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-21 08:48 ——— d—–w c:\program files\Microsoft Silverlight
2008-10-15 18:46 ——— d–h–w c:\program files\InstallShield Installation Information
2008-10-08 10:41 ——— d—–w c:\program files\K-Lite Codec Pack
2008-10-06 14:00 ——— d—–w c:\documents and settings\user\Application Data\EPSON
2008-09-27 12:34 ——— d—–w c:\program files\Windows Live
2008-09-27 12:32 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
2008-09-27 12:30 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-23 18:16 ——— d—–w c:\program files\Microsoft Works
2008-09-22 19:10 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-22 18:43 ——— d—–w c:\program files\Microsoft.NET
2008-09-19 15:47 ——— d—–w c:\documents and settings\Femke\Application Data\EPSON
2008-09-16 00:12 200,704 —-a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 —-a-w c:\windows\system32\libdivx.dll
2008-09-15 19:02 ——— d—–w c:\documents and settings\All Users\Application Data\ehypixsx
2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
2008-09-15 07:35 ——— d—–w c:\documents and settings\tom\Application Data\Skype
2008-09-15 06:21 ——— d—–w c:\documents and settings\tom\Application Data\DAEMON Tools
2008-09-15 06:05 ——— d—–w c:\documents and settings\tom\Application Data\skypePM
2008-09-13 11:25 ——— d—–w c:\program files\Yahoo!
2008-09-13 09:31 ——— d—–w c:\program files\DAEMON Tools Lite
2008-09-13 09:24 717,296 —-a-w c:\windows\system32\drivers\sptd.sys
2008-09-13 09:24 ——— d—–w c:\documents and settings\user\Application Data\DAEMON Tools
2008-09-13 09:22 ——— d—–w c:\documents and settings\user\Application Data\Ahead
2008-08-26 17:15 964,495,904 —-a-w C:\OutPut2A.bin
2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
2008-08-25 15:33 10,520 —-a-w c:\windows\system32\avgrsstx.dll
2008-08-14 13:27 2,149,888 —-a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:27 2,028,544 —-a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-28 98304]
"CSRLT.EXE"="c:\windows\system32\CSRLT.EXE" [2008-11-09 887565]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe]
"WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\D\\Games\\Steam\\steam.exe"=
"f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hl.exe"=
"f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hlds.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2005-05-13 17920]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632]
R1 NVHelper;NVHelper;c:\windows\system32\drivers\NVHelper.SYS [2004-02-24 111689]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2005-05-13 13824]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2005-01-21 73344]
S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2007-02-23 18560]
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-enactinfo - c:\windows\system32\uxubuzyb.exe
HKCU-Run-dbcmd - c:\windows\system32\slwnivkz.exe
HKLM-Explorer_Run-4MoKYOUuyg - c:\documents and settings\All Users\Application Data\ehypixsx\spqfkbgz.exe
.
——- Bijkomende Scan ——-
.
FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kenezww4.default\
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:28:08
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-11-09 19:29:03
ComboFix-quarantined-files.txt 2008-11-09 18:28:52
Pre-Run: 9.118.191.616 bytes beschikbaar
Post-Run: 14,263,959,552 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
186 — E O F — 2008-10-24 23:16:52 - Heeft U ook een nieuw gemaakt HJT logje ter controle.
- Hallo,
Ik krijg nog steeds popups van een bestandje, gewoon witte schermpjes met in de balk explore.
Als ik bij ctrl alt delete CSRLT.EXE afsluit, gebeurt dit niet meer, heb je misschien iets om dit te fixen?
ligt het misschien aan deze?:
O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE
MVG
Wietse
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:19, on 10-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WTClient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Documents and Settings\tom\Bureaublad\Keygen Illustrator CS3\Keygen Activation Illustrator CS3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE
O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)
–
End of file - 8590 bytes - Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:9b0090df2f][b:9b0090df2f]
- Hier zijn de logjes:
ComboFix 08-11-10.01 - user 2008-11-11 16:34:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2412 [GMT 1:00]
Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\user\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\MSBLT.EXE
c:\windows\system32\CSRLT.EXE
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\MSBLT.EXE
c:\windows\sglt01.exe
c:\windows\system32\CSRLT.EXE
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))
.
2008-11-10 23:31 . 2008-11-10 23:31 <DIR> d——– c:\documents and settings\tom\Application Data\Thinstall
2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d——– c:\documents and settings\All Users\Application Data\ALM
2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d——– c:\documents and settings\tom\Application Data\Download Manager
2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d——– c:\documents and settings\tom\Application Data\dvdcss
2008-11-04 13:27 . 2008-11-11 16:32 <DIR> dr-h—– c:\documents and settings\user\Onlangs geopend
2008-11-03 16:55 . 2008-11-07 17:20 97 –a—— c:\windows\WirelessFTP.INI
2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d——– c:\program files\Albumprinter Pro Editor
2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor
2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d——– c:\documents and settings\tom\Application Data\Winamp
2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d——– c:\program files\Winamp
2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d——– c:\documents and settings\user\Application Data\Winamp
2008-11-02 12:30 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll
2008-10-25 17:07 . 2008-10-25 17:07 <DIR> d——– c:\documents and settings\tom\Application Data\Windows Live Writer
2008-10-24 15:20 . 2008-10-15 17:37 337,408 —–c— c:\windows\system32\dllcache\netapi32.dll
2008-10-19 18:47 . 2008-10-19 18:47 <DIR> d——– c:\documents and settings\$@ndr@(K)\Application Data\Real
2008-10-16 14:51 . 2008-10-16 14:51 <DIR> d——– c:\program files\DivX
2008-10-16 10:36 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 10:36 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 10:36 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 10:36 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 10:36 . 2008-09-15 16:28 1,846,528 —–c— c:\windows\system32\dllcache\win32k.sys
2008-10-16 10:36 . 2008-09-08 11:41 333,824 —–c— c:\windows\system32\dllcache\srv.sys
2008-10-13 16:06 . 2008-10-15 13:33 <DIR> d——– c:\program files\Common Files\logishrd
2008-10-13 10:03 . 2008-10-13 10:03 <DIR> d——– c:\documents and settings\user\Application Data\dvdcss
2008-10-11 16:57 . 2008-10-11 16:57 <DIR> d——– c:\documents and settings\user\Application Data\Skype
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 15:30 ——— d—–w c:\program files\SPAMfighter
2008-11-05 18:16 90,632 —-a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-05 18:16 50,968 —-a-w c:\windows\system32\avgfwdx.dll
2008-11-05 18:16 29,208 —-a-w c:\windows\system32\drivers\avgfwdx.sys
2008-10-30 05:52 98,440 —-a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-21 08:48 ——— d—–w c:\program files\Microsoft Silverlight
2008-10-15 18:46 ——— d–h–w c:\program files\InstallShield Installation Information
2008-10-08 10:41 ——— d—–w c:\program files\K-Lite Codec Pack
2008-10-06 14:00 ——— d—–w c:\documents and settings\user\Application Data\EPSON
2008-09-27 12:34 ——— d—–w c:\program files\Windows Live
2008-09-27 12:32 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
2008-09-27 12:30 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-23 18:16 ——— d—–w c:\program files\Microsoft Works
2008-09-22 19:10 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-22 18:43 ——— d—–w c:\program files\Microsoft.NET
2008-09-19 15:47 ——— d—–w c:\documents and settings\Femke\Application Data\EPSON
2008-09-16 00:12 200,704 —-a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 —-a-w c:\windows\system32\libdivx.dll
2008-09-15 19:02 ——— d—–w c:\documents and settings\All Users\Application Data\ehypixsx
2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
2008-09-15 07:35 ——— d—–w c:\documents and settings\tom\Application Data\Skype
2008-09-15 06:21 ——— d—–w c:\documents and settings\tom\Application Data\DAEMON Tools
2008-09-15 06:05 ——— d—–w c:\documents and settings\tom\Application Data\skypePM
2008-09-13 11:25 ——— d—–w c:\program files\Yahoo!
2008-09-13 09:31 ——— d—–w c:\program files\DAEMON Tools Lite
2008-09-13 09:24 717,296 —-a-w c:\windows\system32\drivers\sptd.sys
2008-09-13 09:24 ——— d—–w c:\documents and settings\user\Application Data\DAEMON Tools
2008-09-13 09:22 ——— d—–w c:\documents and settings\user\Application Data\Ahead
2008-08-26 17:15 964,495,904 —-a-w C:\OutPut2A.bin
2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
2008-08-25 15:33 10,520 —-a-w c:\windows\system32\avgrsstx.dll
2008-08-14 13:27 2,149,888 —-a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:27 2,028,544 —-a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-09_19.28.26,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-02 11:00:00 1,609,168 —-a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-11 06:26:11 1,609,168 —-a-w c:\windows\system32\FNTCACHE.DAT
- 2008-11-09 16:03:06 59,498 —-a-w c:\windows\system32\perfc009.dat
+ 2008-11-11 15:32:33 59,498 —-a-w c:\windows\system32\perfc009.dat
- 2008-11-09 16:03:06 77,370 —-a-w c:\windows\system32\perfc013.dat
+ 2008-11-11 15:32:33 77,370 —-a-w c:\windows\system32\perfc013.dat
- 2008-11-09 16:03:06 395,640 —-a-w c:\windows\system32\perfh009.dat
+ 2008-11-11 15:32:33 395,640 —-a-w c:\windows\system32\perfh009.dat
- 2008-11-09 16:03:06 458,858 —-a-w c:\windows\system32\perfh013.dat
+ 2008-11-11 15:32:33 458,858 —-a-w c:\windows\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-28 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe]
"WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\D\\Games\\Steam\\steam.exe"=
"f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hl.exe"=
"f:\\D\\Games\\Steam\\steamapps\\sorrowbearer\\counter-strike\\hlds.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2005-05-13 17920]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632]
R1 NVHelper;NVHelper;c:\windows\system32\drivers\NVHelper.SYS [2004-02-24 111689]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-07-29 184968]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2005-05-13 13824]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2005-01-21 73344]
S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2007-02-23 18560]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-CSRLT.EXE - c:\windows\system32\CSRLT.EXE
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 16:38:02
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
c:\docume~1\user\LOCALS~1\Temp\RGI6.tmp
Scan succesvol afgerond
verborgen bestanden: 1
**************************************************************************
.
Voltooingstijd: 2008-11-11 16:38:56
ComboFix-quarantined-files.txt 2008-11-11 15:38:49
ComboFix2.txt 2008-11-09 18:29:04
Pre-Run: 13.662.085.120 bytes beschikbaar
Post-Run: 13,673,598,976 bytes beschikbaar
180 — E O F — 2008-10-24 23:16:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:25, on 11-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WTClient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
–
End of file - 8336 bytes - Nice,
Nog problemen ?
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.