Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

SideBySide adware of virus

None
20 antwoorden
  • Hallo forum,
    ik krijg steeds de SideBySide sleutels in mijn register, ook als ik ze verwijder. Ik heb een Hijackthiss logje gemaakt waarvan kopie. Kan mischien Juisterr er even naar kijkek, ik zie wat sleutels waar staat file is missing?? Kunnen die er uit.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:41:36, on 30-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard
    hksrv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\van Buuren\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1_01-windows-i586.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
    hksrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe


    End of file - 10002 bytes
  • Ik kan hier nog aan toevoegen dat het in het register verschijnt als ik de activ X van Adobe installeer. Die heb ik dus nu maar verwijderd
  • Download [b:f24f9727ce]ATF cleaner[/b:f24f9727ce] (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:f24f9727ce]Select All[/b:f24f9727ce].
    Klik op de knop [b:f24f9727ce]Empty Selected[/b:f24f9727ce].

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:f24f9727ce]Select All[/b:f24f9727ce].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords")
    Klik op de knop [b:f24f9727ce]Empty Selected[/b:f24f9727ce].

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij [b:f24f9727ce]Select All[/b:f24f9727ce].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:f24f9727ce]Empty Selected[/b:f24f9727ce].
    Ga naar het tabblad "Main" en klik op de knop [b:f24f9727ce]Exit[/b:f24f9727ce] om het programma af te sluiten.

    De file missing lekker laten staan, bugje van HJT.
  • Bedankt, heb instructies uitgevoerd en hoop nu maar het beste ervan.

    Gek is dat Norton Antivirus 2007 dit niet ontdekt en als ik handmatig het register opschoonde het na een paar dagen weer terug kwam??

    Maar nu zou het gedaan moeten zijn. Dus niets te maken met Active Adobe??

    :D
  • [quote:855e51d5ad="Edouard"]
    Gek is dat Norton Antivirus 2007 dit niet ontdekt ?

    :D[/quote:855e51d5ad]

    nee dat vind ik niet gek! :-?
  • Ware het niet dat wij het volgende kunnenlezen op Symantic, je zou zeggen dat ze er zelf op filteren in hun antivirus / adware programma??

    Symantec Security Responsehttp://www.symantec.com/security_response/index.jsp Adware.SideBySideUpdated: February 13, 2007 11:45:39 AM
    Type: Adware
    Publisher: sidebysidesearch.com
    Risk Impact: Low
    File Names: sbss.exe
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
    SUMMARYBehavior
    Adware.SideBySide directs web searches to sidebysidesearch.com, and displays pop-up ads.
    Symptoms
    Your Symantec program detects Adware.SideBySide.
    Transmission
    The SideBySideSearch installer must be executed.
    ProtectionVirus Definitions (LiveUpdate™ Weekly) July 6, 2005
    Virus Definitions (Intelligent Updater) July 6, 2005
    TECHNICAL DETAILS
    When Adware.SideBySide is executed, it performs the following actions:

    Creates the following files:


    %ProgramFiles%\sbss\sbss.exe
    %ProgramFiles%\sbss\Stop sbss.lnk
    %ProgramFiles%\sbss\Uninstall sbss.exe

    Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.


    Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\sbss
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sbss


    Adds the value:

    "sbss Launcher" = "%ProgramFiles%\sbss\sbss.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


    Adds the values:

    "DisplayName" = "sbss"
    "NoModify" = "0x00000001"
    "UninstallString" = "C:\Program Files\sbss\Uninstall sbss.exe"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sbss


    Adds the values:

    "InstalledTo" = "C:\Program Files\sbss"
    "LogURL" = "www.sidebysidesearch.com
    extvantage"
    "mQuery" = "0x00000000"
    "mGUID" = "{47A2A948-AB0A-4C20-A89F-6E847EDA7314}"
    "mADCODE" = "2089!ascentive"
    "startupflags" = "0x00000001"
    "InstalledVN" = "0x00002710"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\sbss


    Monitors the user's online activity, sends keyword searches to sidebysidesearch.com, then displays a pop-up window displaying the search results retrieved from sidebysidesearch.com.


    Displays pop-up ads.


    REMOVAL
    The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

    Update the definitions.
    Restart the computer in Safe mode.
    Run a full system scan.
    Delete the values added to the registry.

    For specific details on each of these steps, read the following instructions.

    1. To update the definitions
    To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

    2. To restart the computer in Safe mode
    Shut down the computer, and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode. For instructions, read "How to start the computer in Safe Mode."

    3. To run the scan
    Start your Symantec antivirus program, and then run a full system scan.

    If any files are detected as Adware.SideBySide, and depending on which software version you are using, you may see one or more of the following options:

    Note: This applies only to versions of Norton AntiVirus that support Security Risk detection. If you are running a version of Symantec AntiVirus Corporate Edition that supports Security Risk detection, and Security Risk detection has been enabled, you will see only a message box that gives the results of the scan. If you have questions about this situation, contact your network administrator.

    Exclude (Not recommended)
    If you click this button, it will set the threat so that it is no longer detectable. That is, the antivirus program will keep the security risk on your computer and will no longer detect it to remove from your computer.

    Ignore or Skip
    This option tells the scanner to ignore the threat for this scan only. It will be detected again the next time that you run a scan.

    Cancel
    This option is new to Norton AntiVirus 2005. It is used when Norton AntiVirus 2005 has determined that it cannot delete a security risk. This Cancel option tells the scanner to ignore the threat for this scan only; the threat will be detected again the next time that you run a scan.

    To delete the security risk
    Click its file name (under the Filename column).
    In the Item Information box that appears, write down the full path and file name.
    Use Windows Explorer to locate and delete the file.


    Delete
    This option attempts to delete the detected files. In some cases, the scanner will not be able to do this.
    If you see the message "Delete Failed" (or similar message), manually delete the file.
    Click the file name of the threat that is under the Filename column.
    In the Item Information box that appears, write down the full path and file name.
    Use Windows Explorer to locate and delete the file.


    4. To delete the values from the registry
    WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

    Click Start > Run.


    Type regedit

    Then click OK.


    Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


    In the right pane, delete the value:

    "sbss Launcher" = "%ProgramFiles%\sbss\sbss.exe"


    Delete the following subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\sbss
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sbss


    Exit the Registry Editor.


    Site Map · Legal Notices · Privacy Policy · Site Feedback · Contact Us · Global Sites · License Agreements
    ©1995 - 2007 Symantec Corporation
  • Ik ben er nu achter dat de SideBySide wordt gestart door de Gizmoplugin, een gratis belprogramma.

    Ik heb nu ook de registersleutels van Gizmo verwijderd, het programma was al weg, maar de sleutels dus niet. Nu maar hopen dat SideBySide voorgoed weg is.
  • Eens kijken of we het vinden kunnen.

    Download [b:552de97c3c]ComboScan[/b:552de97c3c][/color:552de97c3c] naar je [b:552de97c3c]Bureaublad[/b:552de97c3c] (by Deckard).[list:552de97c3c]
    [*:552de97c3c][b:552de97c3c]Sluit[/b:552de97c3c] alle toepassingen en vensters.
    [*:552de97c3c][b:552de97c3c]Dubbelklik[/b:552de97c3c] op [b:552de97c3c]Comboscan.exe[/b:552de97c3c] om het te activeren, en volg de aanwijzingen.
    [*:552de97c3c]Wanneer de scan volledig is, zal een tekstbestand - [b:552de97c3c]ComboScan.txt[/b:552de97c3c] - openen.
    [*:552de97c3c]Kopiëer [b:552de97c3c](Ctrl+A gevolgd door Ctrl+C)[/b:552de97c3c] en plak [b:552de97c3c](Ctrl+V)[/b:552de97c3c] de inhoud van [b:552de97c3c]ComboScan.txt[/b:552de97c3c] in je volgende antwoord.
    [/list:u:552de97c3c][b:552de97c3c]Opmerking:[/b:552de97c3c][/color:552de97c3c] Sommige firewalls [b:552de97c3c]kunnen[/b:552de97c3c] waarschuwen dat [b:552de97c3c]sigcheck.exe[/b:552de97c3c] probeert verbinding te maken met het internet
    - zorg dat [b:552de97c3c]sigcheck.exe[/b:552de97c3c] toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus Comboscan als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de Comboscan je Antivirus even uit te schakelen)
  • Zie hier Comboscan, ondanks de verwijdering van Gizmosleutels, was SideBySide toch weer verschenen. Maar misschien met deze truc ??

    ComboScan v20070306.20 run by van Buuren on 2007-04-02 at 08:52:06
    Computer is in Normal Mode.
    ——————————————————————————–

    – System Restore ————————————————————–

    Successfully created ComboScan Restore Point.


    – Last 5 Restore Point(s) –
    16: 2007-04-02 06:52:13 UTC - RP16 - ComboScan Restore Point
    15: 2007-04-01 13:48:05 UTC - RP15 - Controlepunt van systeem
    14: 2007-03-31 13:02:53 UTC - RP14 - Controlepunt van systeem
    13: 2007-03-30 12:43:47 UTC - RP13 - Removed Microsoft Money System Pack
    12: 2007-03-30 12:42:50 UTC - RP12 - Removed Microsoft Money


    – First Restore Point –
    1: 2007-03-21 08:49:47 UTC - RP1 - Controlepunt van systeem


    Performed disk cleanup.


    – HijackThis Clone ————————————————————

    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-04-02 08:52:54
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.0.5730.11)

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\APPS\ActivBoard
    hksrv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Logitech\iTouch\iTouch.exe
    C:\Program Files\MouseWare\system\EM_EXEC.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\APPS\ActivBoard\MMKeybd.exe
    C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\APPS\ActivBoard\Traymon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\APPS\ActivBoard\osd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\van Buuren\Bureaublad\comboscan.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS
    etwork diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: Verbindingsproblemen vaststellen… - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS
    etwork diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1094718441921
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.1_01) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1_01-windows-i586.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37879.225474537
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
    O23 - Service: Application Layer Gateway-service (ALG) - C:\WINDOWS\system32\alg.exe
    O23 - Service: Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    O23 - Service: ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    O23 - Service: Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    O23 - Service: Indexing-service (CiSvc) - C:\WINDOWS\system32\cisvc.exe
    O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
    O23 - Service: COM+-systeemtoepassing (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    O23 - Service: Services voor cryptografie (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    O23 - Service: DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
    O23 - Service: DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
    O23 - Service: Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService
    O23 - Service: Service voor het rapporteren van fouten (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Event Log (Eventlog) - C:\WINDOWS\system32\services.exe
    O23 - Service: COM+-gebeurtenissysteem (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Compatibiliteit voor Snelle gebruikerswisseling (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Google Updater Service (gusvc) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    O23 - Service: Help en ondersteuning (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: HID Input Service (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    O23 - Service: COM-service voor IMAPI cd-branders (ImapiService) - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
    O23 - Service: Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService
    O23 - Service: Machine Debug Manager (MDM) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
    O23 - Service: Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
    O23 - Service: Network DDE (NetDDE) - C:\WINDOWS\system32
    etdde.exe
    O23 - Service: Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32
    etdde.exe
    O23 - Service: Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Netropa NHK Server (nhksrv) - C:\APPS\ActivBoard
    hksrv.exe
    O23 - Service: Network Location Awareness (NLA) (Nla) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Verwisselbare opslag (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    O23 - Service: Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    O23 - Service: Planner voor Automatische LiveUpdate - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IPSEC-services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Verbindingsbeheer voor RAS (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Helpsessiebeheer voor Extern bureaublad (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Routing and Remote Access (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe
    O23 - Service: Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
    O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
    O23 - Service: Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Smart Card (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
    O23 - Service: Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: SmartLinkService (SLService) - slserv.exe
    O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
    O23 - Service: System Restore-service (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: SSDP Discovery-service (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalService
    O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvc
    O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{EE095DD3-1D83-4961-8911-DC75DD441C22}
    O23 - Service: Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
    O23 - Service: Symantec AppCore Service (SymAppCore) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
    O23 - Service: Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
    O23 - Service: Thema's (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    O23 - Service: Universele Plug en Play-apparaathost (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalService
    O23 - Service: Uninterruptible Power Supply (UPS) - C:\WINDOWS\system32\ups.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
    O23 - Service: Volume Shadow Copy (VSS) - C:\WINDOWS\system32\vssvc.exe
    O23 - Service: Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
    O23 - Service: Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    O23 - Service: Serienummerservice voor draagbare media (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: WMI-prestatieadapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
    O23 - Service: Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Automatische updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    O23 - Service: Wireless Zero Configuration-service (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
    O23 - Service: Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


    – File Associations ———————————————————–

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


    – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

    3S 61883 (61883-eenheidsapparaat) - C:\WINDOWS\system32\drivers\61883.sys
    2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - C:\WINDOWS\system32\drivers\AegisP.sys
    1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
    0R agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\agpcpq.sys
    3R ALCXWDM (Service for Avance AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    0R alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\alim1541.sys
    0R amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\amdagp.sys
    1R AmdK7 (Stuurprogramma voor AMD K7-processor) - C:\WINDOWS\system32\drivers\amdk7.sys
    3R Arp1394 (1394 ARP-clientprotocol) - C:\WINDOWS\system32\drivers\arp1394.sys
    2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
    3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
    3S Avc (AVC-apparaat) - C:\WINDOWS\system32\drivers\avc.sys
    3S BCM42RLY - C:\WINDOWS\system32\bcm42rly.sys
    0R cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
    3S CCDECODE (Closed Caption-decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
    3S cmudau (C-Media USB Sound Interface) - C:\WINDOWS\system32\drivers\cmudau.sys
    3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
    0R dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
    1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    3R FETNDIS (VIA Rhine Family Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\fetnd5b.sys
    3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    3S hidusb (Microsoft HID Class-stuurprogramma) - C:\WINDOWS\system32\drivers\hidusb.sys
    3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
    3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
    3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
    1R kbdhid (Stuurprogramma voor toetsenbord-HID) - C:\WINDOWS\system32\drivers\kbdhid.sys
    3R LCcFltr (Logitech USB Filter Driver) - C:\WINDOWS\system32\drivers\LCcfltr.sys
    3R LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
    3R LHidUsb (Logitech USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHidUsb.sys
    3R LKbdFlt2 (Logitech Keyboard Class Filter Driver) - C:\WINDOWS\system32\drivers\lkbdflt2.sys
    3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\lmouflt2.sys
    2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
    3R MODEMCSA (Unimodem Streaming-filterapparaat) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
    3R mouhid (Stuurprogramma voor muis-HID) - C:\WINDOWS\system32\drivers\mouhid.sys
    3S MSDV (Microsoft DV Camera and VCR) - C:\WINDOWS\system32\drivers\msdv.sys
    1R msikbd2k (Multimedia Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\Msikbd2k.sys
    3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma) - C:\WINDOWS\system32\drivers\mstee.sys
    3R Mtlmnt5 - C:\WINDOWS\system32\drivers\mtlmnt5.sys
    3S Mtlstrm - C:\WINDOWS\system32\drivers\mtlstrm.sys
    3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers
    abtsfec.sys
    3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070401.018\NAVENG.SYS
    3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070401.018\NAVEX15.SYS
    3S NdisIP (Microsoft TV/Video-verbinding) - C:\WINDOWS\system32\drivers
    disip.sys
    3R NIC1394 (1394-stuurprogramma) - C:\WINDOWS\system32\drivers
    ic1394.sys
    3S NtMtlFax - C:\WINDOWS\system32\drivers
    tmtlfax.sys
    0R ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
    0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
    3S RecAgent - C:\WINDOWS\system32\drivers\recagent.sys
    3R RT73 (Sitecom Wireless Network USB Adapter RT73 Turbo G Driver) - C:\WINDOWS\system32\drivers\rt73.sys
    3S sermouse (Stuurprogramma voor seriële muis) - C:\WINDOWS\system32\drivers\sermouse.sys
    0R sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\sisagp.sys
    3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
    3R Slntamr (SmartLink AMR_PCI Driver) - C:\WINDOWS\system32\drivers\slntamr.sys
    3S SlNtHal - C:\WINDOWS\system32\drivers\slnthal.sys
    3R SlWdmSup - C:\WINDOWS\system32\drivers\slwdmsup.sys
    3S SONYPVU1 (Sony USB-filterstuurrapparaat (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
    1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    3R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
    3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
    1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
    3S ssm_bus (Samsung Mobile USB Device II 1.0 driver (WDM)) - C:\WINDOWS\system32\drivers\ssm_bus.sys
    3S ssm_mdfl (Samsung Mobile USB Modem II 1.0 Filter) - C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    3S ssm_mdm (Samsung Mobile USB Modem II 1.0 Drivers) - C:\WINDOWS\system32\drivers\ssm_mdm.sys
    3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
    3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
    3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
    3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
    3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070330.003\SymIDSCo.sys
    3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
    3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
    1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
    3S usbaudio (Stuurprogramma voor USB-audio (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
    3R usbccgp (Microsoft generiek hoofd-USB-stuurprogramma) - C:\WINDOWS\system32\drivers\usbccgp.sys
    3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
    3S usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
    3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
    3S usbscan (Stuurprogramma voor USB-scanner) - C:\WINDOWS\system32\drivers\usbscan.sys
    3S USBSTOR (Stuurprogramma voor USB-massaopslag) - C:\WINDOWS\system32\drivers\usbstor.sys
    3S V90drv - C:\WINDOWS\system32\DRIVERS\v90drv.sys (not found)
    1R vcsmpdrv - C:\WINDOWS\system32\drivers\vcsmpdrv.sys
    0R viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\viaagp.sys
    0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
    3S wceusbsh (Windows CE USB Serial Host Driver) - C:\WINDOWS\system32\drivers\wceusbsh.sys
    4S WS2IFSL (Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
    3S WSTCODEC (World Standard Teletext-codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
    3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
    3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


    – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–

    2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
    2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
    3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
    3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
    3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    2R nhksrv (Netropa NHK Server) - C:\Apps\ActivBoard
    hksrv.exe
    3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    2R Planner voor Automatische LiveUpdate - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    3S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
    2R SLService (SmartLinkService) - slserv.exe
    3R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
    2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
    2R VCSSecS (Virtual CD v4 Security service (SDK - Version)) - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe


    – Scheduled Tasks ————————————————————-

    2007-03-21 14:23:41 564 –a—— C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - van Buuren.job<NORTON~1.JOB>


    – Files created between 2007-03-02 and 2007-04-02 —————————–

    2007-03-29 15:55:22 0 d——– C:\Documents and Settings\All Users\Application Data\Adobe
    2007-03-21 11:10:47 28672 –a—— C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-03-15 18:04:21 0 d——– C:\WINDOWS\SxsCaPendDel<SXSCAP~1>


    – Find3M Report —————————————————————

    2007-04-01 12:16:00 0 d——– C:\Documents and Settings\van Buuren\Application Data\Skype
    2007-04-01 12:15:09 0 d——– C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
    2007-03-29 15:56:45 0 d——– C:\Program Files\Common Files\Adobe
    2007-03-28 11:36:41 0 d——– C:\Documents and Settings\van Buuren\Application Data\OfficeUpdate12<OFFICE~1>
    2007-03-25 10:56:27 367286 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-03-25 10:56:27 54464 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-03-21 14:23:12 0 d——– C:\Program Files\Norton AntiVirus<NORTON~1>
    2007-03-21 14:20:08 0 d——– C:\Program Files\Symantec
    2007-03-21 14:20:07 48776 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-03-21 14:11:22 0 d——– C:\Documents and Settings\van Buuren\Application Data\Symantec
    2007-03-18 15:00:48 0 d——– C:\Documents and Settings\van Buuren\Application Data\Adobe
    2007-03-04 15:13:29 0 d—s—- C:\Documents and Settings\van Buuren\Application Data\Microsoft<MICROS~1>
    2007-02-27 14:59:53 0 d——– C:\Program Files\Google
    2007-02-20 14:41:46 0 d——– C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
    2007-02-13 13:10:41 0 d——– C:\Program Files\Java Web Start<JAVAWE~1>
    2007-02-13 13:10:20 0 d——– C:\Program Files\Java
    2007-02-13 13:10:20 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-02-06 12:39:42 0 d——– C:\Documents and Settings\van Buuren\Application Data\Apple Computer<APPLEC~1>
    2007-02-04 20:12:48 0 d——– C:\Program Files\TRUST 640U SILVERLINE HEADSET USB<TRUST6~1>
    2007-02-03 20:27:02 0 d——– C:\Program Files\Skype
    2007-02-03 20:27:02 0 d——– C:\Program Files\Common Files\Skype
    2007-01-29 10:58:06 60416 —–n— C:\WINDOWS\system32\tzchange.exe
    2007-01-23 16:15:22 676224 –a—— C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL>
    2007-01-12 10:27:42 232960 –a—— C:\WINDOWS\system32\webcheck.dll
    2007-01-12 10:27:42 51712 —–n— C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
    2007-01-12 10:27:42 458752 —–n— C:\WINDOWS\system32\msfeeds.dll
    2007-01-12 10:27:42 6054400 –a—— C:\WINDOWS\system32\ieframe.dll
    2007-01-09 20:47:38 242320 –a—— C:\WINDOWS\system32\SymRedir.dll
    2007-01-09 20:47:38 624784 –a—— C:\WINDOWS\system32\SymNeti.dll
    2007-01-08 20:04:54 105984 –a—— C:\WINDOWS\system32\url.dll
    2007-01-08 20:04:08 102400 –a—— C:\WINDOWS\system32\occache.dll
    2007-01-08 20:02:04 266752 –a—— C:\WINDOWS\system32\iertutil.dll
    2007-01-08 20:02:04 44544 –a—— C:\WINDOWS\system32\iernonce.dll
    2007-01-08 20:02:02 384000 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2007-01-08 20:02:02 383488 —–n— C:\WINDOWS\system32\ieapfltr.dll
    2007-01-08 20:02:02 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2007-01-08 20:02:02 230400 –a—— C:\WINDOWS\system32\ieaksie.dll
    2007-01-08 20:02:02 153088 –a—— C:\WINDOWS\system32\ieakeng.dll
    2007-01-08 20:00:48 124928 –a—— C:\WINDOWS\system32\advpack.dll
    2007-01-08 19:08:14 56832 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2007-01-08 19:08:10 13824 –a—— C:\WINDOWS\system32\ieudinit.exe


    – Registry Dump —————————————————————


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SoundMan"="SOUNDMAN.EXE"
    "zBrowser Launcher"="C:\\Logitech\\iTouch\\iTouch.exe"
    "EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "ATIPTA"="C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "ACTIVBOARD"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
    "VCSPlayer"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
    "CleanEasyImg"="c:\\apps\\easydvd\\cleanall.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Money Express"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
    "inimapping"="0"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    – End of ComboScan: finished at 2007-04-02 at 08:53:23 ————————
  • En nog meer van Comboscan

    ComboScan v20070306.20 run by van Buuren on 2007-04-02 at 08:52:06
    Supplementary logfile - please post this as an attachment with your post.
    ——————————————————————————–

    – System Information ———————————————————-

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: Dutch

    CPU 0: AMD Athlon™ XP 2700+
    Percentage of Memory in Use: 53%
    Physical Memory (total/avail): 511.49 MiB / 235.63 MiB
    Pagefile Memory (total/avail): 1246.18 MiB / 973.52 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1977.33 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 112.53 GiB total, 97.63 GiB free.
    Q: is CDROM (No Media)
    R: is CDROM (No Media)


    – Security Center ————————————————————-

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.
    AntivirusOverride is set.

    FW: Norton AntiVirus v2007 (Symantec Corporation)
    AV: Norton AntiVirus v2007 (Symantec Corporation) Disabled[/color:20b6191100]


    – Environment Variables ——————————————————-

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\van Buuren\Application Data
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=SN029055220023
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\van Buuren
    LOGONSERVER=\\SN029055220023
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0801
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\VANBUU~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\VANBUU~1\LOCALS~1\Temp
    USERDOMAIN=SN029055220023
    USERNAME=van Buuren
    USERPROFILE=C:\Documents and Settings\van Buuren
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    – User Profiles —————————————————————

    van Buuren [i:20b6191100](admin)[/i:20b6191100]


    – Add/Remove Programs ———————————————————

    –> "C:\Program Files\Common Files\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\EasyCrypto\HandyBits EasyCrypto Deluxe.del"
    –> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
    –> C:\WINDOWS\BWUnin-6.1.0.145L.exe -AppId 4448364
    –> C:\WINDOWS\ISUN0413.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    –> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
    –> C:\WINDOWS\System32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
    –> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    –> C:\WINDOWS\uninst.exe -fC:\APPS\Audioneer\NewDJ\DeIsL1.isu -cC:\APPS\Audioneer\NewDJ\_ISREG32.DLL
    –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\setup.exe"
    –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
    –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\SETUP.EXE" -uninst
    –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\SETUP.EXE" -l0013 UNINSTALL
    –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85F49DC5-81F1-11D5-B626-0010B5557563}\Setup.exe" -l0x9
    –> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    –> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Reader 8 - Nederlands –> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A80000000000}
    AppCore –> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    AV –> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
    Beveiligingsupdate for Windows XP (KB923689) –> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB883939) –> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB890046) –> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB893756) –> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896358) –> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896422) –> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896423) –> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896424) –> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896428) –> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB896688) –> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899587) –> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899588) –> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB899591) –> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB900725) –> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB901017) –> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB901214) –> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB902400) –> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB903235) –> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB904706) –> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB905414) –> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB905749) –> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB905915) –> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB908519) –> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB911562) –> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB911567) –> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB911927) –> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB912812) –> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB912919) –> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB913446) –> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB913580) –> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB914388) –> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB914389) –> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917159) –> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917344) –> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917422) –> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB917953) –> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB918118) –> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB918439) –> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB918899) –> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB919007) –> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920213) –> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920214) –> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920670) –> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920683) –> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB920685) –> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB921398) –> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB921883) –> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB922616) –> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB922760) –> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB922819) –> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923191) –> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923414) –> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923694) –> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB923980) –> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924191) –> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924270) –> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924496) –> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB924667) –> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB925454) –> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB925486) –> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB926255) –> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB926436) –> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB927779) –> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB927802) –> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB928255) –> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Beveiligingsupdate voor Windows XP (KB928843) –> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    ccCommon –> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
    Compact Wireless-G USB Adapter –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
    Encarta 98 Encyclopedie –> RunDll32 C:\PROGRA~1\MI50D7~1\ENCART~1\UNENC98.DLL,Uninstall C:\PROGRA~1\MI50D7~1\ENCART~1\SETUP98N\INST98N.LOG
    Engin Go –> MsiExec.exe /I{C826EA4A-5874-487B-8804-733DC6EF62FE}
    Google Earth –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Google Toolbar for Internet Explorer –> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
    het Van Dale Groot woordenboek der Nederlandse taal –> C:\WINDOWS\IsUn0413.exe -f"C:\VanDale\Groot woordenboek der Nederlandse taal\Uninst.isu"
    HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP –> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
    HijackThis 2.0.0 –> "C:\Documents and Settings\van Buuren\Bureaublad\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) –> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix voor Windows XP (KB914440) –> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    HP-software voor foto- en beeldbewerking 2.0 - All-in-One –> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
    HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma –> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
    HP-software voor foto- en beeldbewerking 2.0 - HP psc 2170 –> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
    HP Memories Disc –> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
    hp psc 2170 series –> MsiExec.exe /X{93FB47FB-4FDF-4131-B5FD-7A37883868E7}
    Image Transfer –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
    ImageMixer for Sony –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
    Internet Worm Protection –> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
    iPod for Windows 2005-02-07 –> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1043
    iTunes –> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
    Java 2 Runtime Environment, SE v1.4.1_01 –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}\setup.exe" Anytext
    Java Web Start –> "C:\Program Files\Java Web Start\uninst-javaws.exe"
    KB898458: Beveiligingsupdate voor Step by Step Interactive Training –> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    KB923723: Beveiligingsupdate voor Step by Step Interactive Training –> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    LiveReg (Symantec Corporation) –> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 3.2 (Symantec Corporation) –> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Logitech iTouch-software –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x13 UNINSTALL
    Microsoft ActiveSync 3.7 –> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
    Microsoft Compression Client Pack 1.0 for Windows XP –> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Data Access Components KB870669 –> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    Microsoft Office Standard Editie 2003 –> MsiExec.exe /I{91120413-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 –> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    MicroStaff WINASPI –> C:\MWASPI\uninst.exe
    MSN Messenger 6.2 –> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}
    Norton AntiVirus –> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
    Norton AntiVirus (Symantec Corporation) –> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
    Norton AntiVirus Help –> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
    Norton AntiVirus Parent MSI –> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton AntiVirus SYMLT MSI –> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
    Norton Protection Center –> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
    Pocketwoordenboek Nederlands als tweede taal –> C:\WINDOWS\ISUN0413.EXE -f"C:\VanDale\Pocketwoordenboek als tweede taal\Uninst.isu" -c"C:\VanDale\Pocketwoordenboek als tweede taal\vdssetup.dll"
    PowerDVD –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall
    QuickTime –> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
    Samsung Mobile USB Modem Software –> C:\WINDOWS\system32\Samsung\SSM_Uninstall.exe
    Samsung PC Studio –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x13 -removeonly
    Samsung PC Studio 3 USB Driver Installer –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
    Samsung Samples Installer –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x13 -removeonly
    Sitecom Wireless Network USB Adapter Turbo G WL-172 –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
    Skype 3.0 –> "C:\Program Files\Skype\Phone\unins000.exe"
    Skype Plugin Manager –> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
    Smart Link 56K Voice Modem –> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
    Sonic RecordNow DX –> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
    Sony USB Driver –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    SPBBC 32bit –> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Symantec –> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
    Symantec Network Driver Update –> MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
    Symantec Real Time Storage Protection Component –> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
    Symantec Technical Support Web Controls –> MsiExec.exe /X{5FCDE341-328B-434B-9F21-AF5BADB57852}
    SymNet –> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
    TomTom HOME –> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0013 -removeonly -removeonly
    TRUST 640U SILVERLINE HEADSET USB –> C:\WINDOWS\CmiUSB2Uninstall.exe C:\Program Files\TRUST 640U SILVERLINE HEADSET USB#TRUST 640U SILVERLINE HEADSET USB
    Ulead VideoStudio 6 SE DVD –> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5404E185-BD7C-4A72-ABD0-91A411A05726}\SETUP.EXE" -l0x9
    Update voor Windows XP (KB894391) –> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update voor Windows XP (KB896727) –> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
    Update voor Windows XP (KB898461) –> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update voor Windows XP (KB900485) –> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update voor Windows XP (KB904942) –> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Update voor Windows XP (KB908531) –> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update voor Windows XP (KB910437) –> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update voor Windows XP (KB911280) –> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update voor Windows XP (KB916595) –> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update voor Windows XP (KB920872) –> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update voor Windows XP (KB922582) –> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update voor Windows XP (KB929338) –> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
    Update voor Windows XP (KB931836) –> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Van Dale Grote woordenboeken Frans –> C:\WINDOWS\ISUN0413.EXE -f"C:\VanDale\Grote woordenboeken\Frans\Uninst.isu" -c"C:\VanDale\Grote woordenboeken\Frans\setupfnnf.dll"
    Wanadoo ISP first time Signup helper tool component –> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\SGNUP.INF, DefaultUninstall.ntx86
    Windows Media Format 11 runtime –> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


    – End of ComboScan: finished at 2007-04-02 at 08:53:23 ————————
  • En hij wordt gestart door :

    GizmoPluginCPL in C:\Windows\system32

    Dat kan ik zien door in eventlog op de foutmelding van SideBySide te klikken.

    Ik neem aan dat ik die gewoon kan wegggooien.
  • Heb ik inmiddels weggegooid, en lijkt voorbij te zijn ???

    Maar misschien nog een advies op de Comborun
  • En is het voorbij??
  • Yes,
    SideBySide laat zich niet meer zien. Had de tip over Gizmo call gratis bellen notabene uit de Elsevier. Die journalist heeft het nu ook.

    Merci aan u allen :D
  • SideBySide vertoonde zich weer, maar nu als een onderdeel van een plugin die behoort bij automatische updates van Itunes van Apple.

    Plugin verwijderd en de registersleutels van deze plugin, tevens opnieuw de SideBySide sleutels verwijderd.

    Je kunt nu alleen geen automatische updates meer krijgen van Itunes, maar sowhat. Ga je ze gewoon manueel updaten.

    Het is jammer dat een programma als Itunes zich ook laat gebruiken door een organisatie als SideBySide.com vanwege reclame doeleinden en opbrengsten.
  • amen
  • Mensen!

    Op: http://www.mazecomputer.com/sxs/help/whatis.htm
    Kunnen jullie precies lezen waarom jullie deze SideBySide sleutels krijgen.
    Dit is namelijk een nieuwe implementatie van Microsoft.

    Programma's gemaakt met Visual C++ 2005 bijv. maken gebruik van deze sleutels waarbij dll's niet meer naar de system32 gekopieerd hoeften.

    Nu jullie die Itunes afkraken, dat is dus flauw!
  • Mogelijk, bij was het een virus, zie ook dit

    http://www.symantec.com/security_response/writeup.jsp?docid=2005-070514-5200-99

    Wel een late reactie ???
  • Ik zie dit forum voor het eerst.
    Tijdens mijn eigen zoektocht, kwam ik er dus achter wat SideBySide dus inhoud.

    Natuurlijk kunnen ook virussen zich hierin nestellen.!
    Maar uiteindelijk is SideBySide de nieuwe methode van Microsoft voor de programmeurs, om hun assemblys kwijt te kunnen. (heel krom gezegt)

    Nadeel is wel van deze techniek is dat je Windows directory nog sneller gaat groeien door alle assemblys. + Het register loopt sneller vol door de verwijzingen naar de assemblys.

    Wat ik zou doen is een complete virusscan van de machine.!
    Maar niet zomaar er al vanuit gaan dat het virussen zijn!
  • Side-by-Side zoals jij het brengt of


    sidebyside zoals ik het had aangegeven.


    Mijn versie is de virus variant, je moet wel op de schrijfwijze letten en kijk toch maar eens op de link van Symantic, die zijn echt niet gek.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.