Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Virus gevonden in Opstarten bij MSCONFIG [HJT-log]

Anoniem
None
11 antwoorden
  • Hallo,

    Ik was net even aan het bekijken welke bestanden ik niet hoefde bij het opstarten van Windows, en toen kwam ik dit tegen:
    E_SB0
    dus ik google dat bestandje en krijg een hele pagina vol met logjes en virussen…

    Volgens mij is het van mijn printer, maar misschien is het een virus?
    Kan iemand mij helpen?

    Bij voorbaat dank,
    Wietse

    Malwarebytes' Anti-Malware 1.23
    Database version: 1002
    Windows 5.1.2600 Service Pack 3

    11:11:52 26-11-2008
    mbam-log-11-26-2008 (11-11-52).txt

    Scan type: Quick Scan
    Objects scanned: 59153
    Time elapsed: 9 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15:59, on 26-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WTClient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\fxstaller.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE


    End of file - 8264 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:107852adc1]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:107852adc1]

    Klik op 'Fix checked' om de items te verwijderen

    Verwijder volgende bestand met Windows Verkenner :

    C:\WINDOWS\[b:107852adc1]fxstaller.exe[/b:107852adc1]

    Download [b:107852adc1] naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:107852adc1]download Combofix opnieuw[/b:107852adc1].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:107852adc1]
    Dubbelklik op [b:107852adc1]Combofix.exe[/b:107852adc1] om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op [b:107852adc1]Ja[/b:107852adc1] te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:107852adc1]JA[/b:107852adc1] te klikken in het "Query - Recovery Console" venster.
    Klik op [b:107852adc1]OK[/b:107852adc1] en [b:107852adc1]Ja[/b:107852adc1] om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op [b:107852adc1]Ja[/b:107852adc1] om het scannen op malware te starten.
    Tijdens het runnen van de fix, [b:107852adc1]NIET[/b:107852adc1] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:107852adc1]
    Wanneer de fix voltooid is en na herstart, zal de log [b:107852adc1]Combofix.txt[/b:107852adc1] openen.

    Post dit logje in je volgende antwoord, met een nieuw logje van HJT.
  • Hallo KAPE,

    Dankjewel voor de snelle reactie, hier de logjes:

    ComboFix 08-11-26.03 - user 2008-11-26 17:31:42.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2386 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\emMON.exe
    c:\windows\fxstaller.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-26 to 2008-11-26 ))))))))))))))))))))))))))))))
    .

    2008-11-26 10:36 . 2008-11-26 10:37 1,393 –a—— c:\windows\imsins.BAK
    2008-11-25 22:02 . 2008-11-25 22:02 <DIR> dr-h—– c:\documents and settings\Eveline\Onlangs geopend
    2008-11-25 21:55 . 2008-11-25 21:55 <DIR> dr-h—– c:\documents and settings\tom\Onlangs geopend
    2008-11-25 19:05 . 2008-11-25 19:05 <DIR> d——– c:\documents and settings\tom\Application Data\Philips
    2008-11-25 19:04 . 2008-11-25 19:20 <DIR> d——– c:\documents and settings\All Users\Application Data\ArcSoft
    2008-11-25 17:48 . 2008-11-25 17:48 <DIR> d——– c:\program files\Windows Media Connect 2
    2008-11-25 17:46 . 2008-11-25 17:46 <DIR> d——– c:\windows\system32\LogFiles
    2008-11-25 17:46 . 2008-11-25 17:53 <DIR> d——– c:\windows\system32\drivers\UMDF
    2008-11-25 17:34 . 2008-11-25 17:34 <DIR> d——– c:\windows\system32\URTTEMP
    2008-11-25 14:14 . 2008-11-25 14:15 <DIR> d——– c:\documents and settings\Femke\Application Data\Winamp
    2008-11-24 21:19 . 2008-11-25 19:20 54,156 –ah—– c:\windows\QTFont.qfn
    2008-11-24 21:19 . 2008-11-24 21:19 1,409 –a—— c:\windows\QTFont.for
    2008-11-23 22:01 . 2008-11-23 22:01 <DIR> d——– c:\documents and settings\Femke\Application Data\vlc
    2008-11-23 22:00 . 2008-11-23 22:00 <DIR> d——– c:\documents and settings\Femke\Application Data\dvdcss
    2008-11-23 18:26 . 2008-11-23 18:26 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-11-23 18:26 . 2008-11-23 18:26 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-11-23 18:18 . 2008-11-23 18:18 <DIR> d——– c:\program files\Common Files\Motorola Shared
    2008-11-23 18:18 . 2006-11-13 14:45 1,419,232 –a—— c:\windows\system32\wdfcoinstaller01005.dll
    2008-11-23 18:18 . 2007-02-27 14:31 21,504 –a—— c:\windows\system32\drivers\motmodem.sys
    2008-11-23 18:17 . 2008-11-23 18:17 92,064 –a—— c:\documents and settings\tom\mqdmmdm.sys
    2008-11-23 18:17 . 2008-11-23 18:17 79,328 –a—— c:\documents and settings\tom\mqdmserd.sys
    2008-11-23 18:17 . 2008-11-23 18:17 66,656 –a—— c:\documents and settings\tom\mqdmbus.sys
    2008-11-23 18:17 . 2008-11-23 18:17 25,600 –a—— c:\documents and settings\tom\usbsermptxp.sys
    2008-11-23 18:17 . 2008-11-23 18:17 22,768 –a—— c:\documents and settings\tom\usbsermpt.sys
    2008-11-23 18:17 . 2008-11-23 18:17 9,232 –a—— c:\documents and settings\tom\mqdmmdfl.sys
    2008-11-23 18:17 . 2008-11-23 18:17 6,208 –a—— c:\documents and settings\tom\mqdmcmnt.sys
    2008-11-23 18:17 . 2008-11-23 18:17 5,936 –a—— c:\documents and settings\tom\mqdmwhnt.sys
    2008-11-23 18:17 . 2008-11-23 18:17 4,048 –a—— c:\documents and settings\tom\mqdmcr.sys
    2008-11-23 15:52 . 2008-11-23 15:52 <DIR> d——– c:\documents and settings\Femke\Application Data\InstallShield
    2008-11-23 15:36 . 2008-11-23 15:52 <DIR> d——– c:\program files\Avanquest update
    2008-11-23 15:36 . 2008-04-13 20:45 26,112 –a—— c:\windows\system32\drivers\usbser.sys
    2008-11-23 15:36 . 2008-04-13 20:45 26,112 –a–c— c:\windows\system32\dllcache\usbser.sys
    2008-11-23 15:36 . 2003-12-26 09:22 24,192 -ra—— c:\windows\system32\drivers\OLD1F.tmp
    2008-11-23 15:35 . 2008-11-23 18:20 <DIR> d——– c:\program files\Motorola Phone Tools
    2008-11-23 15:35 . 2008-11-23 16:40 <DIR> d——– c:\documents and settings\All Users\Application Data\BVRP Software
    2008-11-23 15:35 . 2008-11-23 16:30 25,600 –a—— c:\documents and settings\Femke\usbsermptxp.sys
    2008-11-23 15:35 . 2008-11-23 16:30 22,768 –a—— c:\windows\system32\drivers\usbsermpt.sys
    2008-11-23 15:35 . 2008-11-23 16:30 22,768 –a—— c:\documents and settings\Femke\usbsermpt.sys
    2008-11-23 01:57 . 2008-11-26 17:29 <DIR> dr-h—– c:\documents and settings\user\Onlangs geopend
    2008-11-21 20:21 . 2008-11-21 20:21 125 –a—— c:\windows\Sprekver.ini
    2008-11-21 20:21 . 2008-11-21 20:21 48 –a—— c:\windows\Exkatern.ini
    2008-11-20 17:46 . 2008-11-23 21:56 <DIR> dr-h—– c:\documents and settings\Femke\Onlangs geopend
    2008-11-20 14:13 . 2008-11-20 14:15 <DIR> d——– c:\program files\Common Files\Ahead
    2008-11-13 19:04 . 2008-11-15 16:20 <DIR> d——– c:\documents and settings\All Users\Application Data\TrackMania
    2008-11-13 14:13 . 2008-11-13 14:13 <DIR> d——– c:\documents and settings\$@ndr@(K)\Application Data\Skype
    2008-11-13 13:35 . 2008-09-04 18:17 1,106,944 —–c— c:\windows\system32\dllcache\msxml3.dll
    2008-11-13 13:35 . 2008-10-24 12:21 455,296 —–c— c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 22:20 . 2005-05-26 15:34 2,297,552 –a—— c:\windows\system32\d3dx9_26.dll
    2008-11-10 23:31 . 2008-11-10 23:31 <DIR> d——– c:\documents and settings\tom\Application Data\Thinstall
    2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d——– c:\documents and settings\All Users\Application Data\ALM
    2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d——– c:\documents and settings\tom\Application Data\Download Manager
    2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d——– c:\documents and settings\tom\Application Data\dvdcss
    2008-11-03 16:55 . 2008-11-07 17:20 97 –a—— c:\windows\WirelessFTP.INI
    2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d——– c:\program files\Albumprinter Pro Editor
    2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor
    2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d——– c:\documents and settings\tom\Application Data\Winamp
    2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d——– c:\program files\Winamp
    2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d——– c:\documents and settings\user\Application Data\Winamp
    2008-11-02 12:30 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-26 16:23 ——— d—–w c:\program files\SPAMfighter
    2008-11-25 18:20 ——— d—–w c:\documents and settings\tom\Application Data\ArcSoft
    2008-11-25 18:04 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-11-25 18:04 ——— d—–w c:\program files\Common Files\ArcSoft
    2008-11-25 18:04 ——— d—–w c:\program files\ArcSoft
    2008-11-25 18:03 ——— d—–w c:\program files\Philips
    2008-11-23 12:48 ——— d—–w c:\documents and settings\Femke\Application Data\Ahead
    2008-11-20 13:13 ——— d—–w c:\program files\Nero
    2008-11-20 13:05 ——— d—–w c:\documents and settings\All Users\Application Data\Nero
    2008-11-05 18:16 90,632 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2008-11-05 18:16 50,968 —-a-w c:\windows\system32\avgfwdx.dll
    2008-11-05 18:16 29,208 —-a-w c:\windows\system32\drivers\avgfwdx.sys
    2008-10-30 05:52 98,440 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-25 16:07 ——— d—–w c:\documents and settings\tom\Application Data\Windows Live Writer
    2008-10-24 11:21 455,296 —-a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-21 08:48 ——— d—–w c:\program files\Microsoft Silverlight
    2008-10-16 13:51 ——— d—–w c:\program files\DivX
    2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 —-a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
    2008-10-15 12:33 ——— d—–w c:\program files\Common Files\logishrd
    2008-10-13 09:03 ——— d—–w c:\documents and settings\user\Application Data\dvdcss
    2008-10-11 15:57 ——— d—–w c:\documents and settings\user\Application Data\Skype
    2008-10-08 10:41 ——— d—–w c:\program files\K-Lite Codec Pack
    2008-10-06 14:00 ——— d—–w c:\documents and settings\user\Application Data\EPSON
    2008-09-30 15:43 1,286,152 —-a-w c:\windows\system32\msxml4.dll
    2008-09-27 12:34 ——— d—–w c:\program files\Windows Live
    2008-09-27 12:32 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
    2008-09-27 12:30 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-16 00:12 200,704 —-a-w c:\windows\system32\ssldivx.dll
    2008-09-16 00:12 1,044,480 —-a-w c:\windows\system32\libdivx.dll
    2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
    2008-09-10 01:16 1,307,648 —-a-w c:\windows\system32\msxml6.dll
    2008-09-04 17:17 1,106,944 —-a-w c:\windows\system32\msxml3.dll
    2008-08-26 17:15 964,495,904 —-a-w C:\OutPut2A.bin
    2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736]
    "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe]
    "WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    –a—— 2008-04-17 14:14 98616 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    ——— 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    –a—— 2007-08-23 16:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2008-05-28 08:27 570664 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    –a—— 2004-03-11 00:26 406016 c:\windows\system32\PSDrvCheck.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\winver.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2008-08-26 17920]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-25 98440]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-25 90632]
    R1 NVHelper;NVHelper;\??\c:\windows\system32\drivers\NVHelper.SYS [2008-07-24 111689]
    R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-25 102712]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704]
    R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-07-29 184968]
    R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2008-08-26 13824]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-08-25 29208]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-08-29 33792]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-08-25 29208]
    S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2008-07-24 73344]
    S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2006-09-12 361728]
    S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2006-08-21 39680]
    S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2008-08-29 18560]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    .
    ——- Bijkomende Scan ——-
    .
    FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kenezww4.default\
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0
    pctrl.1.0.30716.0.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0
    pctrl.dll
    FF -: plugin - c:\program files\Yahoo!\Common
    pyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-26 17:35:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(1068)
    c:\windows\system32\avgrsstx.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(1172)
    c:\windows\system32\avgrsstx.dll
    .
    Voltooingstijd: 2008-11-26 17:36:05
    ComboFix-quarantined-files.txt 2008-11-26 16:36:02

    Pre-Run: 3.286.466.560 bytes beschikbaar
    Post-Run: 6,155,137,024 bytes beschikbaar

    217 — E O F — 2008-11-26 09:38:40


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:39:39, on 26-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WTClient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '$@ndr@(K)')
    O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '$@ndr@(K)')
    O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '$@ndr@(K)')
    O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '$@ndr@(K)')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE


    End of file - 8334 bytes


  • Ziet er goed uit. Nog problemen ?
  • Nee hoor, dankuwel!
    Er is wel een ding wat ik nogal raar vind, maar niks met beveiliging of virussen te maken heeft, namelijk onze computer heeft geen CD/DVD branders die lightscribe functie hebben, maar er staat wel een programma voor op de pc dat automatisch opstart…
    Hoe kan ik het eraf halen? (staat nergens bij Software)

    Wietse
  • Heb je het over dit programma : C:\Program Files\Common Files\LightScribe\LSSrvc.exe ???
  • Ja
  • Deze twee items fixen in HJT

    [b:5991d5c2e6]O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '$@ndr@(K)')
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe[/b:5991d5c2e6]

    Dan de vetgedrukte map verwijderen met Windows Verkenner :

    C:\Program Files\Common Files\[b:5991d5c2e6]LightScribe[/b:5991d5c2e6]
  • Als ik [b:93efb92b9a]O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [/b:93efb92b9a]
    fix, blijft die gewoon staan in de lijst…
    En als ik de map verwijder, lukt dat niet want dan krijg ik deze pop-up:
    Kan LSLog.dll niet verwijderen. De toegang is geweigerd.
    Controleer of de schijf tegen schrijven is beveiligd of dat het bestand momenteel in gebruik is.
    [img:93efb92b9a]http://i198.photobucket.com/albums/aa299/yupko/halp-36.jpg[/img:93efb92b9a]
  • In de suggestie om Lightscribe te verwijderen, heb ik helaas - sorry, daarvoor - iets vergeten te melden. Vermits het hier om een service gaat, moet je deze eerst uitschakelen vóór je de bestanden kan verwijderen. Dit kan via Start -> Uitvoeren -> typ msconfig en daar op het tabblad "services" die Lightscribe stopzetten. Daarna zou je (normaal) de suggestie zonder moeite moeten kunnen uitvoeren.
  • Probeer het zo eens.



    Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe
    tekst) in een leeg venster:

    [b:bec7d3aa60]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.