Vraag & Antwoord

Beveiliging & privacy

svp controle, onverklaarbare vastlopers

9 antwoorden
  • Win 7 , atomatische updates, maar zaak loopt meest rare momenten vast. Ook Inet hangt af en toe. MBAM geeft geen infecties dus maar HJT logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:51:30, on 4-9-2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10507 bytes
  • Hallo Anjo, ik zie dat het een 64-bit versie van Windows 7 betreft. Heb je deze Windows 7 nieuw met PC gekocht - of in een bestaande PC geïnstalleerd? En heb je vooraf de Windows Upgrade Advisor gebruikt? Op welke manier wordt het vastlopen gekenmerkt? Bevriezen van beeld? Doe in ieder geval het volgende: [url=http://images.malwareremoval.com/random/RSIT.exe][color=#0000FF:0f4a6c216a]download RSIT naar jouw bureaublad[/color:0f4a6c216a][/url] [list:0f4a6c216a][*:0f4a6c216a] Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren! [*:0f4a6c216a] klik\Dubbelklik op RSIT.exe om het tool te starten. [*:0f4a6c216a] Klik op Continue in het disclaimer venster. [*:0f4a6c216a] Nadat de scan beëindigd is, zullen twee logs openen. [*:0f4a6c216a] Post log.txt (deze zal gemaximaliseerd zijn) en dito info.txt (deze zal geminimaliseerd zijn)[/list:u:0f4a6c216a] [b:0f4a6c216a]Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt overigens nog het volgende:[/b:0f4a6c216a] [list:0f4a6c216a][*:0f4a6c216a] Dan dient RSIT in compatibiliteitsmodus uitgevoerd te worden. [*:0f4a6c216a] Middels rechtsklik op RSIT.exe kies je voor Eigenschappen [*:0f4a6c216a] klik nu op de tab Compatibiliteit [*:0f4a6c216a] Vink Dit programma uitvoeren in compatibiliteitsmodus voor aan en kies vervolgens voor Windows XP (Service Pack 3)[/list:u:0f4a6c216a]
  • Nieuwe PC met legale Win7 Prof. Advisor geeft alles ok , mogelijke upgrade naar ultimate, maar die draait op laptop log info.txt logfile of random's system information tool 1.08 2010-09-04 16:10:24 ======Uninstall list====== -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" -->"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter" Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex Adobe Reader 9.3.4 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A93000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D} AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD" AutoUnpack 4.4.4-->"C:\Program Files (x86)\AutoUnpack\unins000.exe" CameraHelperMsi-->MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3} Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45} CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe" CloneDVD 5.0.0.1-->"C:\Program Files (x86)\CloneDVD5\unins000.exe" CloneDVD2-->"C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\CloneDVD2" CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012} CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016} CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013} CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017} CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019} CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010} CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A} CorelDRAW Graphics Suite X4 - Lang NL-->MsiExec.exe /I{A6C27FFF-75EF-4B5B-A64E-F9E128994908} CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014} CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181} CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73} CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\Uninst.exe CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10} CorelDRAW(R) Graphics Suite X4-->C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{691FAD36-EC97-46FA-9F96-4CA91C126ECA}" "1043" "0" DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF} DriverMax 5-->"C:\Program Files (x86)\Innovative Solutions\DriverMax\unins000.exe" erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} F-Secure PSC Prerequisites-->MsiExec.exe /I{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3} GetDataBack for FAT-->"C:\Program Files (x86)\Runtime Software\GetDataBack\Uninstall.exe" "C:\Program Files (x86)\Runtime Software\GetDataBack\install.log" -u GetDataBack for NTFS-->"C:\Program Files (x86)\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files (x86)\Runtime Software\GetDataBack for NTFS\install.log" -u Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} HydraVision-->MsiExec.exe /X{FB6DE932-24CA-D1C0-2FD8-1DFCE4A33CC5} ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe" Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619} Logitech-webcamsoftware-->"C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=NLD /guid="{D40EB009-0499-459c-A8AF-C9C110766215}" LWS Facebook-->MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB} LWS Gallery-->MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD} LWS Help_main-->MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9} LWS Launcher-->MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6} LWS Motion Detection-->MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA} LWS Pictures And Video-->MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967} LWS Video Mask Maker-->MsiExec.exe /I{EED027B7-0DB6-404B-8F45-6DFEE34A0441} LWS Webcam Software-->MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189} LWS WLM Plugin-->MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D} LWS YouTube Plugin-->MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E} Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" MediaMonkey 3.2-->"C:\Program Files (x86)\MediaMonkey\unins000.exe" Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Access MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0015-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0016-0413-0000-0000000FF1CE} Microsoft Office Groove MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00BA-0413-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0044-0413-0000-0000000FF1CE} Microsoft Office OneNote MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00A1-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001A-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0018-0413-0000-0000000FF1CE} Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2010-->MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2010-->MsiExec.exe /X{90140000-002C-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0019-0413-0000-0000000FF1CE} Microsoft Office ScreenTip Language 2010 - English-->MsiExec.exe /X{90140000-00BD-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2010-->MsiExec.exe /X{90140000-006E-0413-0000-0000000FF1CE} Microsoft Office Word MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001B-0413-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 9-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-0180-PZ5K-188L-H7PX-358A-3491-47W5" Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB} Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999} Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3} Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C} Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A} Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139} Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF} Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC} Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F} Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53} Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B} Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2} Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B} Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F} NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8} NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} PixiePack Codec Pack-->MsiExec.exe /I{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} Radiotracker-->MsiExec.exe /I{4319241C-3DAD-42FE-965D-4D580795785C} Scherminfotaal van Microsoft Office 2010 - Nederlands-->MsiExec.exe /X{90140000-00BD-0413-0000-0000000FF1CE} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D} TeamViewer 5-->C:\Program Files (x86)\TeamViewer\Version5\uninstall.exe TomTom HOME 2.7.5.2014-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1043" "0" Update for Microsoft Outlook Social Connector (KB983403)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3D462F23-F81B-4740-B4B4-ED2A07E9AC23}" "1043" "0" Update voor Microsoft Outlook Social Connector (KB983403)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0413-0000-0000000FF1CE}" "{5B72E0A9-5AEB-413E-B6DE-C2857DC1E8E3}" "1043" "0" UseNeXT-->"Z:\UseNext2\UseNeXT\unins000.exe" VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe Windows 7 Upgrade Advisor-->MsiExec.exe /I{0DC66F25-C58F-40d3-86BC-CA29C6D99BF8} Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214} Windows Live Call-->MsiExec.exe /I{C20C2630-B3A7-44BA-BDD0-31E256AE490E} Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3} Windows Live Mail-->MsiExec.exe /I{2869F5EA-93C3-48E5-80DF-DB696BC84A91} Windows Live Messenger-->MsiExec.exe /X{CC38A00D-7EED-46CE-9281-D1D97B81F22A} Windows Live Movie Maker-->MsiExec.exe /X{32061277-9F45-4C3B-8299-D106D5A502ED} Windows Live Photo Gallery-->MsiExec.exe /X{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59} Windows Live Sync-->MsiExec.exe /X{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D} Windows Live Toolbar-->MsiExec.exe /X{41DFDD57-21B7-4C48-8C75-FFB35696CA8B} Windows Live Writer-->MsiExec.exe /X{35CA031C-D3CD-4A28-8D9B-C71466C4F045} Ziggo uitgebreide internetbeveiliging-->"C:\Program Files (x86)\Internetbeveiliging\FSGUI\PostInstall.exe" /tUnInstall ======System event log====== Computer Name: 37L4247E29-32 Event Code: 7036 Message: De Cryptographic Services-service heeft nu de status stopped. Record Number: 5 Source Name: Service Control Manager Time Written: 20090714051424.262212-000 Event Type: Informatie User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: De Windows Modules Installer-service heeft nu de status stopped. Record Number: 4 Source Name: Service Control Manager Time Written: 20090714051424.168612-000 Event Type: Informatie User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: De Software Protection-service heeft nu de status stopped. Record Number: 3 Source Name: Service Control Manager Time Written: 20090714051424.059412-000 Event Type: Informatie User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: De Windows Event Log-service heeft nu de status stopped. Record Number: 2 Source Name: Service Control Manager Time Written: 20090714051424.012612-000 Event Type: Informatie User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: De Volume Shadow Copy-service heeft nu de status stopped. Record Number: 1 Source Name: Service Control Manager Time Written: 20090714051423.934612-000 Event Type: Informatie User: =====Application event log===== Computer Name: 37L4247E29-32 Event Code: 900 Message: De Software Protection-service wordt gestart. Record Number: 5 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100704095107.000000-000 Event Type: Informatie User: Computer Name: 37L4247E29-32 Event Code: 5617 Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20100704094910.000000-000 Event Type: Informatie User: Computer Name: 37L4247E29-32 Event Code: 5615 Message: De Windows Management Instrumentation-service is gestart Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20100704094903.000000-000 Event Type: Informatie User: Computer Name: 37L4247E29-32 Event Code: 1531 Message: De User Profile-service is gestart. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100704094856.718750-000 Event Type: Informatie User: NT AUTHORITY\SYSTEM Computer Name: 37L4247E29-32 Event Code: 4625 Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20100704094857.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: 37L4247E29-32 Event Code: 4735 Message: Er is een lokale groep met beveiliging gewijzigd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: 37L4247E29-32$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Groep: Beveiligings-id: S-1-5-32-551 Naam van groep: Back-upoperators Domein van groep: Builtin Gewijzigde kenmerken: SAM-accountnaam: - SID-geschiedenis: - Aanvullende gegevens: Bevoegdheden: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100704094833.093750-000 Event Type: Controle geslaagd User: Computer Name: 37L4247E29-32 Event Code: 4731 Message: Er is een lokale groep met beveiliging gemaakt. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: 37L4247E29-32$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Nieuwe groep: Beveiligings-id: S-1-5-32-551 Naam van groep: Back-upoperators Domein van groep: Builtin Kenmerken: SAM-accountnaam: Back-upoperators SID-geschiedenis: - Aanvullende gegevens: Bevoegdheden: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100704094833.062500-000 Event Type: Controle geslaagd User: Computer Name: 37L4247E29-32 Event Code: 4902 Message: De tabel voor controlebeleid per gebruiker is gemaakt. Aantal elementen: 0 Beleids-id: 0x304a5 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100704094832.328125-000 Event Type: Controle geslaagd User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-0-0 Accountnaam: - Accountdomein: - Aanmeldings-id: 0x0 Aanmeldingstype: 0 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x4 Naam proces: Netwerkgegevens: Naam van werkstation: - Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: - Verificatiepakket: - Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100704094828.984375-000 Event Type: Controle geslaagd User: Computer Name: 37L4247E29-32 Event Code: 4608 Message: Windows wordt opgestart. Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100704094828.796875-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 -----------------EOF----------------- Logfile of random's system information tool 1.08 (written by random/random) Run by Anjo at 2010-09-04 16:10:22 Microsoft Windows 7 Professional System drive C: has 149 GB (63%) free of 238 GB Total RAM: 4095 MB (64% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:10:23, on 4-9-2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe C:\Program Files (x86)\Internetbeveiliging\Common\FSLAUNCH.EXE C:\Users\Anjo\Desktop\RSIT.exe C:\Program Files (x86)\Trend Micro\HijackThis\Anjo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12408 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}] Browsing Protection Class - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll [2010-09-04 570088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll [2010-09-04 570088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2010-05-07 165208] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-10-01 98304] "BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "F-Secure Manager"=C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE [2009-08-05 199264] "F-Secure TNB"=C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe [2009-08-05 2349664] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168] "DriverMax"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928] "DriverMax_RESTART"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928] "AnyDVD"=C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2010-07-27 4455360] C:\Users\Anjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-09-04 16:10:22 ----D---- C:\rsit 2010-09-04 16:07:10 ----D---- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor 2010-09-04 13:53:39 ----D---- C:\Program Files (x86)\MediaMonkey 2010-09-04 12:39:31 ----A---- C:\Windows\SysWOW64\drivers\fsbts.sys 2010-09-04 12:39:01 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2010-09-04 12:38:35 ----D---- C:\Program Files (x86)\Internetbeveiliging 2010-09-04 12:38:08 ----D---- C:\ProgramData\fssg 2010-09-04 12:37:31 ----D---- C:\ProgramData\f-secure 2010-09-04 11:27:42 ----D---- C:\Program Files (x86)\Trend Micro 2010-09-02 15:36:29 ----D---- C:\Users\Anjo\AppData\Roaming\vlc 2010-09-02 15:06:10 ----D---- C:\ProgramData\Fighters 2010-08-25 18:57:19 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-08-17 21:58:21 ----D---- C:\Program Files (x86)\CCleaner 2010-08-17 14:36:06 ----D---- C:\ProgramData\Symantec 2010-08-17 14:36:06 ----D---- C:\ProgramData\Norton 2010-08-17 14:36:05 ----D---- C:\ProgramData\NortonInstaller 2010-08-17 12:49:58 ----D---- C:\Program Files (x86)\AutoUnpack 2010-08-17 11:53:18 ----D---- C:\Users\Anjo\AppData\Roaming\Google 2010-08-17 11:07:20 ----D---- C:\Windows\SysWOW64\Adobe 2010-08-16 20:46:03 ----D---- C:\Program Files (x86)\Runtime Software 2010-08-11 09:20:08 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-11 09:20:07 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-11 09:20:06 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-11 09:20:05 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-11 09:20:04 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-11 09:20:04 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-11 09:20:00 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-11 09:19:58 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-08-11 09:19:58 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-08-11 09:19:57 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-10 17:41:07 ----D---- C:\ProgramData\Adobe 2010-08-10 17:41:05 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-08-10 17:41:05 ----D---- C:\Program Files (x86)\Adobe 2010-08-10 17:40:17 ----D---- C:\ProgramData\Google 2010-08-10 17:40:17 ----D---- C:\Program Files (x86)\Google ======List of files/folders modified in the last 1 months====== 2010-09-04 16:10:23 ----D---- C:\Windows\Temp 2010-09-04 16:07:50 ----D---- C:\Windows\System32 2010-09-04 16:07:11 ----SHD---- C:\Windows\Installer 2010-09-04 16:07:10 ----RD---- C:\Program Files (x86) 2010-09-04 16:07:03 ----SHD---- C:\System Volume Information 2010-09-04 16:06:37 ----D---- C:\Windows\Prefetch 2010-09-04 16:05:56 ----D---- C:\Users\Anjo\AppData\Roaming\Skype 2010-09-04 16:03:17 ----D---- C:\Windows\SysWOW64\logishrd 2010-09-04 15:32:55 ----D---- C:\Windows 2010-09-04 12:39:31 ----D---- C:\Windows\SysWOW64\drivers 2010-09-04 12:39:12 ----D---- C:\Windows\SysWOW64 2010-09-04 12:39:12 ----D---- C:\Windows\inf 2010-09-04 12:38:08 ----HD---- C:\ProgramData 2010-09-04 08:36:42 ----D---- C:\Windows\winsxs 2010-09-03 13:23:43 ----D---- C:\Users\Anjo\AppData\Roaming\UseNeXT 2010-09-02 15:59:29 ----D---- C:\Users\Anjo\AppData\Roaming\dvdcss 2010-09-02 15:32:14 ----D---- C:\Windows\Tasks 2010-09-02 15:13:42 ----D---- C:\Windows\Minidump 2010-09-02 15:05:40 ----RD---- C:\Program Files 2010-08-31 10:06:23 ----D---- C:\Windows\AppCompat 2010-08-31 10:06:23 ----D---- C:\Program Files (x86)\TomTom HOME 2 2010-08-31 10:06:23 ----D---- C:\Program Files (x86)\Common Files\logishrd 2010-08-31 10:06:11 ----D---- C:\Windows\registration 2010-08-31 10:06:01 ----D---- C:\Windows\Microsoft.NET 2010-08-31 10:05:12 ----RSD---- C:\Windows\assembly 2010-08-29 20:11:19 ----SD---- C:\Users\Anjo\AppData\Roaming\Microsoft 2010-08-29 20:06:53 ----RSD---- C:\Windows\Fonts 2010-08-26 10:22:57 ----D---- C:\Windows\AppPatch 2010-08-17 21:59:02 ----D---- C:\Windows\debug 2010-08-17 11:36:09 ----D---- C:\Windows\SysWOW64\Macromed 2010-08-17 11:07:21 ----D---- C:\Windows\Downloaded Program Files 2010-08-11 09:29:03 ----D---- C:\Windows\SysWOW64\migration 2010-08-11 09:29:03 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-11 09:21:56 ----D---- C:\ProgramData\Microsoft Help 2010-08-10 17:41:51 ----D---- C:\Users\Anjo\AppData\Roaming\Adobe 2010-08-10 17:41:05 ----D---- C:\Program Files (x86)\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [] R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-07-22 125888] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2010-09-04 190120] R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [] R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [] R3 LVUVC64;Logitech Webcam Pro 9000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [] R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [] R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [] R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [] R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [] S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [] S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [] S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [] S3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x64.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe [2009-08-05 215648] R2 FSMA;F-Secure Management Agent; C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE [2009-08-05 186976] R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-05-18 935208] R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe [2010-09-04 844384] S3 FSORSPClient;F-Secure ORSP Client; C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2010-09-04 58024] S3 fsssvc;De service Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF-----------------
  • Hallo Anjo, je hebt naast de F-secure Firewall en de hopelijk gede-activeerde Windows firewall nog een andere firewall aktief! Namelijk: de NVIDIA nForce hardware firewall - dit is een buggy firewall van NVidia, welke nutteloos en overbodig is - maar wel voor conflicten kan zorgen! Ga daarom naar [b:4acd5da861]Start\Configuratiescherm\Programma’s en onderdelen[/b:4acd5da861] en verwijder daar de NVIDIA nForce-netwerkcontroller. Ik ben benieuwd of hiermee je probleem ook verdwenen zal zijn.
  • Check toch ook even je geheugen met mem86... Ik lees nergens dat dit al gebeurd is en dit kan ook voor instabiliteit e.d. zorgen.
  • memtest geeft geen fouten. netwerkcontroler verwijderd. freeses niet alleen beeld, krijg dan geen enkel respons meer ook taakbeheer wil niet opkomen als Pc echt vastzit.zal nog eens trachten te kijken of ik iets met toolCD van Mobo kan uitvogelen, mss is er een bios update nodig . hoewel ik dat liever niet doe :wink: andere suggesties/ fsecure geeft aantal trojans die ie niet kan verwijderen omdat ie de files niet kan openen, doet een ander progsel dat mss wel/
  • Hoi Anjo, voor de onderstaande tools geldt het opstarten ervan met administratorrechten! En dan het volgende: gebruik nu erst het tool WhoCrashed en sla de gegevens van de scan op in kladblok! Want het tool geeft mogelijk meer info omtrent je systeemproblemen. [url=http://www.resplendence.com/whocrashed]WhoCrashed introductie[/url] [url=http://www.softpedia.com/get/Antivirus/WhoCrashed.shtml]WhoCrashed beschrijving[/url] Download de [i:92d1632fcf]free home edition[/i:92d1632fcf] van [b:92d1632fcf]WhoCrashed[/b:92d1632fcf] naar je bureaublad via [url=http://www.resplendence.com/downloads]klik hier[/url] [img:92d1632fcf]http://i65.servimg.com/u/f65/11/35/67/12/whocra10.png[/img:92d1632fcf] en installeer het tool via klikken/dubbelklikken op "[b:92d1632fcf]whocrashedSetup.exe[/b:92d1632fcf]" Nadat 'WhoCrashed' is opgestart, klik je op de "[b:92d1632fcf]Analyze[/b:92d1632fcf]" knop. Selekteer nu de inhoud van het venster, kopieer dit en post het resultaat in je volgende post. [b:92d1632fcf][url=http://www.idealsoftware.nl/MBAM/][B]Download, installeer en blijf MBAM gebruiken[/b:92d1632fcf] (KLIK)[/url][/B] (klik op de blaue knop om de gratis versie te downloaden!) [list:92d1632fcf][*:92d1632fcf] Al meteen na de installatie wil [b:92d1632fcf]MBAM[/b:92d1632fcf] zijn database opwaarderen – toestaan dus. [*:92d1632fcf] Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:92d1632fcf]Update[/b:92d1632fcf]! [*:92d1632fcf] Start [b:92d1632fcf]MBAM[/b:92d1632fcf] en kies voor [b:92d1632fcf]Snelle Scan[/b:92d1632fcf] [*:92d1632fcf] [b:92d1632fcf]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:92d1632fcf] [*:92d1632fcf] Het scannen kan een tijdje duren, dus wees geduldig. [*:92d1632fcf] Indien de scan voltooid is, klik dan op de knop [b:92d1632fcf]OK[/b:92d1632fcf] [*:92d1632fcf] Klik daarna op de knop [b:92d1632fcf]Bekijk Resultaten[/b:92d1632fcf] om de resultaten te zien. [*:92d1632fcf] Zorg ervoor, dat alles aangevinkt is. [*:92d1632fcf] Vervolgens klik je op: [b:92d1632fcf]Verwijder geselecteerde[/b:92d1632fcf] . [*:92d1632fcf] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:92d1632fcf] Het log wordt automatisch bewaard door [b:92d1632fcf]MBAM[/b:92d1632fcf] en dat kan je terugvinden door op de tab [b:92d1632fcf]Logs[/b:92d1632fcf] te klikken in [b:92d1632fcf]MBAM[/b:92d1632fcf] . [*:92d1632fcf] Indien [b:92d1632fcf]MBAM[/b:92d1632fcf] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:92d1632fcf]OK[/b:92d1632fcf] klikken! [*:92d1632fcf] Daarna zal [b:92d1632fcf]MBAM[/b:92d1632fcf] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:92d1632fcf] Hierna post je de inhoud van het MBAM-log en de gegevens van WhoCrashed
  • :? Mag ik de heren bedanken voor de moeite en t meedenken. Ben ermee gestopt om alles uit te vogelen. Bij controle via taakbeheer bleek mn processor echt continu op 100% te staan. Ben aan een herinstallatie begonnen. THNXX anjo
  • Oké - succes ermee!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.