Vraag & Antwoord

Beveiliging & privacy

Virus gevonden in Opstarten bij MSCONFIG [HJT-log]

Anoniem
None
11 antwoorden
 • Hallo,

  Ik was net even aan het bekijken welke bestanden ik niet hoefde bij het opstarten van Windows, en toen kwam ik dit tegen:
  E_SB0
  dus ik google dat bestandje en krijg een hele pagina vol met logjes en virussen…

  Volgens mij is het van mijn printer, maar misschien is het een virus?
  Kan iemand mij helpen?

  Bij voorbaat dank,
  Wietse

  Malwarebytes' Anti-Malware 1.23
  Database version: 1002
  Windows 5.1.2600 Service Pack 3

  11:11:52 26-11-2008
  mbam-log-11-26-2008 (11-11-52).txt

  Scan type: Quick Scan
  Objects scanned: 59153
  Time elapsed: 9 minute(s), 30 second(s)

  Memory Processes Infected: 0
  Memory Modules Infected: 0
  Registry Keys Infected: 0
  Registry Values Infected: 1
  Registry Data Items Infected: 0
  Folders Infected: 0
  Files Infected: 0

  Memory Processes Infected:
  (No malicious items detected)

  Memory Modules Infected:
  (No malicious items detected)

  Registry Keys Infected:
  (No malicious items detected)

  Registry Values Infected:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

  Registry Data Items Infected:
  (No malicious items detected)

  Folders Infected:
  (No malicious items detected)

  Files Infected:
  (No malicious items detected)  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 11:15:59, on 26-11-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16735)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\PROGRA~1\AVG\AVG8\avgfws8.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\WINDOWS\system32\IoctlSvc.exe
  C:\Program Files\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\Drivers\WTSRV.EXE
  C:\PROGRA~1\AVG\AVG8\avgam.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\ehome\ehtray.exe
  C:\WINDOWS\eHome\ehmsas.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\WINDOWS\system32\WTClient.exe
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\WINDOWS\system32\WISPTIS.EXE
  C:\WINDOWS\fxstaller.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
  O4 - HKLM\..\Run: [WTClient] WTClient.exe
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
  O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
  O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE


  End of file - 8264 bytes
 • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

  [b:107852adc1]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:107852adc1]

  Klik op 'Fix checked' om de items te verwijderen

  Verwijder volgende bestand met Windows Verkenner :

  C:\WINDOWS\[b:107852adc1]fxstaller.exe[/b:107852adc1]

  Download [b:107852adc1] naar je Bureaublad.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:107852adc1]download Combofix opnieuw[/b:107852adc1].
  Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:107852adc1]
  Dubbelklik op [b:107852adc1]Combofix.exe[/b:107852adc1] om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op [b:107852adc1]Ja[/b:107852adc1] te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:107852adc1]JA[/b:107852adc1] te klikken in het "Query - Recovery Console" venster.
  Klik op [b:107852adc1]OK[/b:107852adc1] en [b:107852adc1]Ja[/b:107852adc1] om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op [b:107852adc1]Ja[/b:107852adc1] om het scannen op malware te starten.
  Tijdens het runnen van de fix, [b:107852adc1]NIET[/b:107852adc1] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:107852adc1]
  Wanneer de fix voltooid is en na herstart, zal de log [b:107852adc1]Combofix.txt[/b:107852adc1] openen.

  Post dit logje in je volgende antwoord, met een nieuw logje van HJT.
 • Hallo KAPE,

  Dankjewel voor de snelle reactie, hier de logjes:

  ComboFix 08-11-26.03 - user 2008-11-26 17:31:42.3 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2386 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\user\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\windows\emMON.exe
  c:\windows\fxstaller.exe

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-10-26 to 2008-11-26 ))))))))))))))))))))))))))))))
  .

  2008-11-26 10:36 . 2008-11-26 10:37 1,393 –a—— c:\windows\imsins.BAK
  2008-11-25 22:02 . 2008-11-25 22:02 <DIR> dr-h—– c:\documents and settings\Eveline\Onlangs geopend
  2008-11-25 21:55 . 2008-11-25 21:55 <DIR> dr-h—– c:\documents and settings\tom\Onlangs geopend
  2008-11-25 19:05 . 2008-11-25 19:05 <DIR> d——– c:\documents and settings\tom\Application Data\Philips
  2008-11-25 19:04 . 2008-11-25 19:20 <DIR> d——– c:\documents and settings\All Users\Application Data\ArcSoft
  2008-11-25 17:48 . 2008-11-25 17:48 <DIR> d——– c:\program files\Windows Media Connect 2
  2008-11-25 17:46 . 2008-11-25 17:46 <DIR> d——– c:\windows\system32\LogFiles
  2008-11-25 17:46 . 2008-11-25 17:53 <DIR> d——– c:\windows\system32\drivers\UMDF
  2008-11-25 17:34 . 2008-11-25 17:34 <DIR> d——– c:\windows\system32\URTTEMP
  2008-11-25 14:14 . 2008-11-25 14:15 <DIR> d——– c:\documents and settings\Femke\Application Data\Winamp
  2008-11-24 21:19 . 2008-11-25 19:20 54,156 –ah—– c:\windows\QTFont.qfn
  2008-11-24 21:19 . 2008-11-24 21:19 1,409 –a—— c:\windows\QTFont.for
  2008-11-23 22:01 . 2008-11-23 22:01 <DIR> d——– c:\documents and settings\Femke\Application Data\vlc
  2008-11-23 22:00 . 2008-11-23 22:00 <DIR> d——– c:\documents and settings\Femke\Application Data\dvdcss
  2008-11-23 18:26 . 2008-11-23 18:26 0 –ah—– c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
  2008-11-23 18:26 . 2008-11-23 18:26 0 –ah—– c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
  2008-11-23 18:18 . 2008-11-23 18:18 <DIR> d——– c:\program files\Common Files\Motorola Shared
  2008-11-23 18:18 . 2006-11-13 14:45 1,419,232 –a—— c:\windows\system32\wdfcoinstaller01005.dll
  2008-11-23 18:18 . 2007-02-27 14:31 21,504 –a—— c:\windows\system32\drivers\motmodem.sys
  2008-11-23 18:17 . 2008-11-23 18:17 92,064 –a—— c:\documents and settings\tom\mqdmmdm.sys
  2008-11-23 18:17 . 2008-11-23 18:17 79,328 –a—— c:\documents and settings\tom\mqdmserd.sys
  2008-11-23 18:17 . 2008-11-23 18:17 66,656 –a—— c:\documents and settings\tom\mqdmbus.sys
  2008-11-23 18:17 . 2008-11-23 18:17 25,600 –a—— c:\documents and settings\tom\usbsermptxp.sys
  2008-11-23 18:17 . 2008-11-23 18:17 22,768 –a—— c:\documents and settings\tom\usbsermpt.sys
  2008-11-23 18:17 . 2008-11-23 18:17 9,232 –a—— c:\documents and settings\tom\mqdmmdfl.sys
  2008-11-23 18:17 . 2008-11-23 18:17 6,208 –a—— c:\documents and settings\tom\mqdmcmnt.sys
  2008-11-23 18:17 . 2008-11-23 18:17 5,936 –a—— c:\documents and settings\tom\mqdmwhnt.sys
  2008-11-23 18:17 . 2008-11-23 18:17 4,048 –a—— c:\documents and settings\tom\mqdmcr.sys
  2008-11-23 15:52 . 2008-11-23 15:52 <DIR> d——– c:\documents and settings\Femke\Application Data\InstallShield
  2008-11-23 15:36 . 2008-11-23 15:52 <DIR> d——– c:\program files\Avanquest update
  2008-11-23 15:36 . 2008-04-13 20:45 26,112 –a—— c:\windows\system32\drivers\usbser.sys
  2008-11-23 15:36 . 2008-04-13 20:45 26,112 –a–c— c:\windows\system32\dllcache\usbser.sys
  2008-11-23 15:36 . 2003-12-26 09:22 24,192 -ra—— c:\windows\system32\drivers\OLD1F.tmp
  2008-11-23 15:35 . 2008-11-23 18:20 <DIR> d——– c:\program files\Motorola Phone Tools
  2008-11-23 15:35 . 2008-11-23 16:40 <DIR> d——– c:\documents and settings\All Users\Application Data\BVRP Software
  2008-11-23 15:35 . 2008-11-23 16:30 25,600 –a—— c:\documents and settings\Femke\usbsermptxp.sys
  2008-11-23 15:35 . 2008-11-23 16:30 22,768 –a—— c:\windows\system32\drivers\usbsermpt.sys
  2008-11-23 15:35 . 2008-11-23 16:30 22,768 –a—— c:\documents and settings\Femke\usbsermpt.sys
  2008-11-23 01:57 . 2008-11-26 17:29 <DIR> dr-h—– c:\documents and settings\user\Onlangs geopend
  2008-11-21 20:21 . 2008-11-21 20:21 125 –a—— c:\windows\Sprekver.ini
  2008-11-21 20:21 . 2008-11-21 20:21 48 –a—— c:\windows\Exkatern.ini
  2008-11-20 17:46 . 2008-11-23 21:56 <DIR> dr-h—– c:\documents and settings\Femke\Onlangs geopend
  2008-11-20 14:13 . 2008-11-20 14:15 <DIR> d——– c:\program files\Common Files\Ahead
  2008-11-13 19:04 . 2008-11-15 16:20 <DIR> d——– c:\documents and settings\All Users\Application Data\TrackMania
  2008-11-13 14:13 . 2008-11-13 14:13 <DIR> d——– c:\documents and settings\$@ndr@(K)\Application Data\Skype
  2008-11-13 13:35 . 2008-09-04 18:17 1,106,944 —–c— c:\windows\system32\dllcache\msxml3.dll
  2008-11-13 13:35 . 2008-10-24 12:21 455,296 —–c— c:\windows\system32\dllcache\mrxsmb.sys
  2008-11-12 22:20 . 2005-05-26 15:34 2,297,552 –a—— c:\windows\system32\d3dx9_26.dll
  2008-11-10 23:31 . 2008-11-10 23:31 <DIR> d——– c:\documents and settings\tom\Application Data\Thinstall
  2008-11-08 13:00 . 2008-11-08 13:00 <DIR> d——– c:\documents and settings\All Users\Application Data\ALM
  2008-11-08 11:33 . 2008-11-08 12:29 <DIR> d——– c:\documents and settings\tom\Application Data\Download Manager
  2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d——– c:\documents and settings\tom\Application Data\dvdcss
  2008-11-03 16:55 . 2008-11-07 17:20 97 –a—— c:\windows\WirelessFTP.INI
  2008-11-03 11:49 . 2008-11-03 11:50 <DIR> d——– c:\program files\Albumprinter Pro Editor
  2008-11-03 11:49 . 2008-11-03 11:49 <DIR> d——– c:\documents and settings\All Users\Application Data\Albumprinter Pro Editor
  2008-11-02 20:03 . 2008-11-02 20:04 <DIR> d——– c:\documents and settings\tom\Application Data\Winamp
  2008-11-02 12:30 . 2008-11-02 12:30 <DIR> d——– c:\program files\Winamp
  2008-11-02 12:30 . 2008-11-02 12:44 <DIR> d——– c:\documents and settings\user\Application Data\Winamp
  2008-11-02 12:30 . 2007-03-08 00:51 129,784 ——— c:\windows\system32\pxafs.dll

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-11-26 16:23 ——— d—–w c:\program files\SPAMfighter
  2008-11-25 18:20 ——— d—–w c:\documents and settings\tom\Application Data\ArcSoft
  2008-11-25 18:04 ——— d–h–w c:\program files\InstallShield Installation Information
  2008-11-25 18:04 ——— d—–w c:\program files\Common Files\ArcSoft
  2008-11-25 18:04 ——— d—–w c:\program files\ArcSoft
  2008-11-25 18:03 ——— d—–w c:\program files\Philips
  2008-11-23 12:48 ——— d—–w c:\documents and settings\Femke\Application Data\Ahead
  2008-11-20 13:13 ——— d—–w c:\program files\Nero
  2008-11-20 13:05 ——— d—–w c:\documents and settings\All Users\Application Data\Nero
  2008-11-05 18:16 90,632 —-a-w c:\windows\system32\drivers\avgtdix.sys
  2008-11-05 18:16 50,968 —-a-w c:\windows\system32\avgfwdx.dll
  2008-11-05 18:16 29,208 —-a-w c:\windows\system32\drivers\avgfwdx.sys
  2008-10-30 05:52 98,440 —-a-w c:\windows\system32\drivers\avgldx86.sys
  2008-10-25 16:07 ——— d—–w c:\documents and settings\tom\Application Data\Windows Live Writer
  2008-10-24 11:21 455,296 —-a-w c:\windows\system32\drivers\mrxsmb.sys
  2008-10-21 08:48 ——— d—–w c:\program files\Microsoft Silverlight
  2008-10-16 13:51 ——— d—–w c:\program files\DivX
  2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
  2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
  2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
  2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
  2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
  2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
  2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
  2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
  2008-10-16 13:06 268,648 —-a-w c:\windows\system32\mucltui.dll
  2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
  2008-10-15 12:33 ——— d—–w c:\program files\Common Files\logishrd
  2008-10-13 09:03 ——— d—–w c:\documents and settings\user\Application Data\dvdcss
  2008-10-11 15:57 ——— d—–w c:\documents and settings\user\Application Data\Skype
  2008-10-08 10:41 ——— d—–w c:\program files\K-Lite Codec Pack
  2008-10-06 14:00 ——— d—–w c:\documents and settings\user\Application Data\EPSON
  2008-09-30 15:43 1,286,152 —-a-w c:\windows\system32\msxml4.dll
  2008-09-27 12:34 ——— d—–w c:\program files\Windows Live
  2008-09-27 12:32 ——— dcsh–w c:\program files\Common Files\WindowsLiveInstaller
  2008-09-27 12:30 ——— d—–w c:\documents and settings\All Users\Application Data\WLInstaller
  2008-09-16 00:12 200,704 —-a-w c:\windows\system32\ssldivx.dll
  2008-09-16 00:12 1,044,480 —-a-w c:\windows\system32\libdivx.dll
  2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
  2008-09-10 01:16 1,307,648 —-a-w c:\windows\system32\msxml6.dll
  2008-09-04 17:17 1,106,944 —-a-w c:\windows\system32\msxml3.dll
  2008-08-26 17:15 964,495,904 —-a-w C:\OutPut2A.bin
  2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
  "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-23 1235736]
  "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
  "RTHDCPL"="RTHDCPL.EXE" [2008-07-24 c:\windows\RTHDCPL.exe]
  "SkyTel"="SkyTel.EXE" [2008-07-24 c:\windows\SkyTel.exe]
  "WTClient"="WTClient.exe" [2007-04-11 c:\windows\system32\WTClient.exe]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=avgrsstx.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "VIDC.MJPG"= Pvmjpg30.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
  –a—— 2008-04-17 14:14 98616 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
  ——— 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
  –a—— 2007-08-23 16:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  –a—— 2008-05-28 08:27 570664 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
  –a—— 2004-03-11 00:26 406016 c:\windows\system32\PSDrvCheck.exe

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "DisableNotifications"= 1 (0x1)
  "EnableFirewall"= 0 (0x0)

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\MSN Messenger\\livecall.exe"=
  "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
  "c:\\Program Files\\Messenger\\msmsgs.exe"=
  "c:\\WINDOWS\\system32\\winver.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
  "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
  "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
  "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
  "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
  "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

  R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2008-08-26 17920]
  R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-08-25 12936]
  R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-25 98440]
  R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-25 90632]
  R1 NVHelper;NVHelper;\??\c:\windows\system32\drivers\NVHelper.SYS [2008-07-24 111689]
  R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-25 102712]
  R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704]
  R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
  R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-07-29 184968]
  R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2008-08-26 13824]
  R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-08-25 29208]
  R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-08-29 33792]
  S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-08-25 29208]
  S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2008-07-24 73344]
  S3 USB28xxBGA;USB 2801 Device;c:\windows\system32\DRIVERS\emBDA.sys [2006-09-12 361728]
  S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2006-08-21 39680]
  S3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2008-08-29 18560]

  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
  "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
  .
  .
  ——- Bijkomende Scan ——-
  .
  FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kenezww4.default\
  FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
  FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
  FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-11-26 17:35:27
  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ——————— DLLs Geladen Onder Lopende Processen ———————

  - - - - - - - > 'winlogon.exe'(1068)
  c:\windows\system32\avgrsstx.dll
  c:\windows\system32\Ati2evxx.dll

  - - - - - - - > 'lsass.exe'(1172)
  c:\windows\system32\avgrsstx.dll
  .
  Voltooingstijd: 2008-11-26 17:36:05
  ComboFix-quarantined-files.txt 2008-11-26 16:36:02

  Pre-Run: 3.286.466.560 bytes beschikbaar
  Post-Run: 6,155,137,024 bytes beschikbaar

  217 — E O F — 2008-11-26 09:38:40


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:39:39, on 26-11-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16735)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\PROGRA~1\AVG\AVG8\avgfws8.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\WINDOWS\system32\IoctlSvc.exe
  C:\Program Files\SPAMfighter\sfus.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\Drivers\WTSRV.EXE
  C:\PROGRA~1\AVG\AVG8\avgam.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\WINDOWS\system32\WTClient.exe
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\Program Files\SPAMfighter\SFAgent.exe
  C:\WINDOWS\system32\WISPTIS.EXE
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\WINDOWS\system32\imapi.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
  O4 - HKLM\..\Run: [WTClient] WTClient.exe
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '$@ndr@(K)')
  O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '$@ndr@(K)')
  O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '$@ndr@(K)')
  O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '$@ndr@(K)')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219226297718
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - AppInit_DLLs: avgrsstx.dll
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
  O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
  O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE


  End of file - 8334 bytes
 • Ziet er goed uit. Nog problemen ?
 • Nee hoor, dankuwel!
  Er is wel een ding wat ik nogal raar vind, maar niks met beveiliging of virussen te maken heeft, namelijk onze computer heeft geen CD/DVD branders die lightscribe functie hebben, maar er staat wel een programma voor op de pc dat automatisch opstart…
  Hoe kan ik het eraf halen? (staat nergens bij Software)

  Wietse
 • Heb je het over dit programma : C:\Program Files\Common Files\LightScribe\LSSrvc.exe ???
 • Ja
 • Deze twee items fixen in HJT

  [b:5991d5c2e6]O4 - HKUS\S-1-5-21-1659004503-2052111302-839522115-1005\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '$@ndr@(K)')
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe[/b:5991d5c2e6]

  Dan de vetgedrukte map verwijderen met Windows Verkenner :

  C:\Program Files\Common Files\[b:5991d5c2e6]LightScribe[/b:5991d5c2e6]
 • Als ik [b:93efb92b9a]O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [/b:93efb92b9a]
  fix, blijft die gewoon staan in de lijst…
  En als ik de map verwijder, lukt dat niet want dan krijg ik deze pop-up:
  Kan LSLog.dll niet verwijderen. De toegang is geweigerd.
  Controleer of de schijf tegen schrijven is beveiligd of dat het bestand momenteel in gebruik is.
  [img:93efb92b9a]http://i198.photobucket.com/albums/aa299/yupko/halp-36.jpg[/img:93efb92b9a]
 • In de suggestie om Lightscribe te verwijderen, heb ik helaas - sorry, daarvoor - iets vergeten te melden. Vermits het hier om een service gaat, moet je deze eerst uitschakelen vóór je de bestanden kan verwijderen. Dit kan via Start -> Uitvoeren -> typ msconfig en daar op het tabblad "services" die Lightscribe stopzetten. Daarna zou je (normaal) de suggestie zonder moeite moeten kunnen uitvoeren.
 • Probeer het zo eens.  Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe
  tekst) in een leeg venster:

  [b:bec7d3aa60]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.