Vraag & Antwoord

Beveiliging & privacy

V-vendetta.com

Anoniem
None
34 antwoorden
  • Een tijdje geleden had ik een melding van GData: Virus gevonden
    V-vendetta.com.
    Ten eerste vond ik het een wat vreemde benaming voor een virus en ten tweede bood GData geen opties om um in quarantaine te zetten of te verwijderen of zoiets.
    Heb gezocht naar middelen om um kwijt te raken, o.a. gegoogled maar kwam er niet uit.
    Eigenlijk bij toeval ontdekte ik in Program Files (nou weet ik niet meer welke van de twee:Program Filesx86 of Win 7's eigen Program Files) een map met een wat rare naam voor wat je van Program Files gewend bent: sw_updater met daarin een gelijknamige .exe file die zich niet liet benaderen.
    Ik kom wel es bij een collega om um te helpen pc's te installeren en ben nu lerende Windows 7 te installeren.(valt me wel op dat Win7 bij de installatie eigenlijk hetzelfde bedoelt als XP maar het ff anders formuleert)
    en daar was dus net een pc 'fresh from the horses mouth' geïnstalleerd, dus ik dacht: ff kijken in Program Files of die sw_updater er ook in staat. Nee dus. Nou toen wist ik genoeg. Heb thuis dus mn eigen opgestart en kon toen wel die sw_updater verwijderen.
    Sindsdien ben ik ook de melding van GData kwijt. Ik vermoed dat dat wel es verband met elkaar zou kunnen hebben gehad.
    Groetenissen,
    Margreet.
  • http://www.idealsoftware.nl/MBAM/ :roll: Toch even laten scannen en een log posten bij beveiliging. ( Wel eerst Mbam updaten)

    http://free.antivirus.com/hijackthis/ Ook een log maken en posten bij beveiliging. Een expert kan je dan welliicht verder helpen.
  • Hallo Dragon,
    Ik post eerst ff t logje van MBAM:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4287

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    7-7-2010 9:14:19
    mbam-log-2010-07-07 (09-14-19).txt

    Scantype: Snelle scan
    Objecten gescand: 134216
    Verstreken tijd: 4 minuut/minuten, 14 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
  • Uh…hebben jullie problemen met de servers ofzo? Ik probeer mn hijackthislogje te plakken hier (had um eerst in kladblok gezet met wat eigen woorden erbij, maar krijg um niet geplakt hier…
    Groetenissen,
    Margreet.
  • Nog ff weer proberen, hier is dus mn HijackThis logje:

    Van MBAM was een snelle scan.
    Wat de HijackThis betreft: kreeg eerst een foutmelding:
    For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.
    If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
    notepad C:\Windows\System32\drivers\etc\hosts and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts'(with quotes), and reboot.
    For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.

    Dat heb ik dus gedaan in mn Windows 7 en dit is het resultaat:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:26:49, on 7-7-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Users\Margreet Bontekoe\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nederland.fm/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: 60.12.193.37 auto.search.msn.com
    O1 - Hosts: 60.12.193.37 auto.search.msn.es
    O1 - Hosts: 60.12.193.37 ie.search.msn.com
    O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [sw_updater] "C:\Program Files (x86)\sw_updater\updater.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: G Data Schedule (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe
    O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: G Data Persoonlijke Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe
    O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Windows Activation Technologies-service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9639 bytes

    Groetenissen,
    Margreet
  • Misschien ffiess opnieuw posten bij beveiliging?
  • Hallo Margreet - doe het volgende:

    Download [b:59294e8a61]Dr.Web CureIt[/b:59294e8a61] en plaats het op je bureaublad: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Dubbelklik op cureit.exe, en klik daarna op [b:59294e8a61]Start[/b:59294e8a61] om het programma een snelle scan te laten uitvoeren.
    Deze snelle scan zal de bestanden scannen die momenteel in het geheugen geladen zijn.
    Wordt er wat gevonden, dan laat je CureIt dit repareren.
    - Verschijnt er een venster met een aanbieding tot kopen met 50% korting, dan klik je deze weg met het kruisje.
    Daarna zal het hoofdvenster zichtbaar worden.
    - Kies bovenaan in het menu [b:59294e8a61]Optie[/b:59294e8a61] voor [b:59294e8a61]Taal[/b:59294e8a61] en wijzig deze naar [b:59294e8a61]Dutch (Nederlands)[/b:59294e8a61], indien deze anders ingesteld staat.
    - In het menu Opties kies je voor Instellingen veranderen (F9).
    Op het tabblad "Scan" haal je het vinkje weg bij [b:59294e8a61]Heuristic Analyse[/b:59294e8a61].
    Druk op [b:59294e8a61]Toepassen[/b:59294e8a61].
    Op het tabblad "Bestandstypen" moet bij Scan mode geselecteerd zijn: [b:59294e8a61]Alle bestanden[/b:59294e8a61].
    Op het tabblad "Acties" stel je het volgende in bij Malware:
    -Adware: [b:59294e8a61]Verplaats[/b:59294e8a61]
    -Dialers: [b:59294e8a61]Verplaats[/b:59294e8a61]
    -Jokes: [b:59294e8a61]Rapportage[/b:59294e8a61]
    -Riskware: [b:59294e8a61]Rapportage[/b:59294e8a61]
    -Hacktools: [b:59294e8a61]Verplaats[/b:59294e8a61]
    Nog steeds op het tabblad "Acties" stel je het volgende in bij Objecten:
    - Geïnfecteerde objecten: [b:59294e8a61]Repareer[/b:59294e8a61]
    - Onrepareerbare: [b:59294e8a61]Verplaats[/b:59294e8a61]
    - Verdachte objecten: [b:59294e8a61]Rapportage[/b:59294e8a61]
    Haal dan het vinkje weg bij: [b:59294e8a61]Prompt bij actie[/b:59294e8a61].
    Druk op [b:59294e8a61]Toepassen[/b:59294e8a61].
    Druk daarna op [b:59294e8a61]OK[/b:59294e8a61].
    Terug in het hoofdvenster kan je selecteren welke scan je wil uitvoeren.
    - Selecteer [b:59294e8a61]Volledige scan[/b:59294e8a61]
    Klik op de [b:59294e8a61]groene pijl[/b:59294e8a61] aan de rechterkant om de scan te starten.
    Indien de geïnfecteerde bestanden niet kunnen gedesinfecteerd worden, zullen deze verplaatst worden naar de map %userprofile%\DoctorWeb\[b:59294e8a61]Quarantine[/b:59294e8a61].
    - Als de scan klaar is kies je in het menu voor [b:59294e8a61]Bestand[/b:59294e8a61] voor [b:59294e8a61]Rapportagelijst opslaan[/b:59294e8a61] en sla je de log op op je bureaublad.
    - Sluit daarna Dr.Web Cureit.

    [b:59294e8a61]Herstart je computer.[/b:59294e8a61]
    Dit moet je zeker uitvoeren, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen of verwijderen na een herstart.

    Als de computer opnieuw gestart is, kopieer en plak je de inhoud van de log die je eerder hebt opgeslagen op je bureaublad, in je volgende post.
    Post ook een nieuwe hijackthislog.
  • Abraham is toch wel een toppertje! :wink:
  • [quote:fa1883ec34="The Dragon"]Abraham is toch wel een toppertje! :wink:[/quote:fa1883ec34]

    Een [b:fa1883ec34]toppertje[/b:fa1883ec34]?

    Maar toch bedankt voor het compliment.
  • Graag gedaan kerel.
  • Uhm…bij het plaatsen van mn verslag van CureIt kreeg ik steeds een foutmelding: Internet Explorer reageert niet. Aangezien het een nogal lang verslag was probeer ik het eerst met een korter verslag: die van HijackThis:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:54:26, on 14-7-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    C:\Users\Margreet Bontekoe\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nederland.fm/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: 60.12.193.37 auto.search.msn.com
    O1 - Hosts: 60.12.193.37 auto.search.msn.es
    O1 - Hosts: 60.12.193.37 ie.search.msn.com
    O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [sw_updater] "C:\Program Files (x86)\sw_updater\updater.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: G Data Schedule (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe
    O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: G Data Persoonlijke Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe
    O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Windows Activation Technologies-service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9883 bytes
  • Helaas….de log van CureIt krijg ik niet gepost hier…krijg steeds: Internet Explorer reageert niet. Is het mogelijk dat de log te lang is en ik hier maar een bepaald aantal tekens mag posten?
    Groetenissen,
    Margreet.
  • Oh, voordat ik het vergeet: dr Web heeft 0 virussen gevonden, verplaatst, of in quanrantaine gezet
    Groetenissen,
    Margreet.
  • Hallo Margreet, doe het volgende, want HijackThis kan nog steeds niet goed omgaan met 64-bits versies van Windows:

    [b:63ca9446fc][/b:63ca9446fc]
    [list:63ca9446fc][*:63ca9446fc] Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
    [*:63ca9446fc] klik\Dubbelklik op [b:63ca9446fc]RSIT.exe[/b:63ca9446fc] om het tool te starten.
    [*:63ca9446fc] Klik op [b:63ca9446fc]Continue[/b:63ca9446fc] in het disclaimer venster.
    [*:63ca9446fc] Nadat de scan beëindigd is, zullen twee logs openen.
    [*:63ca9446fc] Post aansluitend de inhoud van [b:63ca9446fc]log.txt[/b:63ca9446fc] (deze zal gemaximaliseerd zijn) en dito van [b:63ca9446fc]info.txt[/b:63ca9446fc] (deze zal geminimaliseerd zijn)[/list:u:63ca9446fc]

    [b:63ca9446fc]Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt overigens nog het volgende:[/b:63ca9446fc]
    [list:63ca9446fc][*:63ca9446fc] Dan dient RSIT in compatibiliteitsmodus uitgevoerd te worden.
    [*:63ca9446fc] Middels rechtsklik op [b:63ca9446fc]RSIT.exe[/b:63ca9446fc] kies je voor [b:63ca9446fc]Eigenschappen[/b:63ca9446fc]
    [*:63ca9446fc] klik nu op de tab [b:63ca9446fc]Compatibiliteit[/b:63ca9446fc]
    [*:63ca9446fc] Vink [b:63ca9446fc]Dit programma uitvoeren in compatibiliteitsmodus voor[/b:63ca9446fc] aan en kies vervolgens voor [b:63ca9446fc]Windows XP (Service Pack 3)[/b:63ca9446fc][/list:u:63ca9446fc]

    RSIT produceert een behoorlijk groot log, dus het gebeuren, dat het log moet splitsen en in twee of meerdere keren moet posten.
  • Hier volgt de info tekst:
    info.txt logfile of random's system information tool 1.08 2010-07-15 20:48:59

    ======Uninstall list======

    Aangifte inkomstenbelasting 2009–>D:\Belastingaangifte 2009\2009\ib2009u.exe
    Adobe Flash Player 10 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
    Adobe Shockwave Player 11.5–>"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    CloneCD–>"C:\Program Files (x86)\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files (x86)\SlySoft\CloneCD"
    CrossLoop 2.60–>"C:\Program Files (x86)\CrossLoop\unins000.exe"
    EVEREST Ultimate Edition–>"C:\Windows\EVEREST Ultimate Edition\uninstall.exe" "/U:C:\Program Files (x86)\EVEREST Ultimate Edition\Uninstall\uninstall.xml"
    File Scavenger 3.2–>"C:\Program Files (x86)\File Scavenger 3.2\unins000.exe"
    Foxit Creator–>C:\Program Files (x86)\Foxit Software\PDF Creator\uninstall.exe
    Foxit Reader–>C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
    Free Audio CD Burner version 1.3–>"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
    Free YouTube to MP3 Converter version 3.5–>"D:\Free YouTube to MP3 Converter\unins000.exe"
    G Data TotalCare–>MsiExec.exe /I{C8D55041-A13C-4620-8DF4-9C5A9C16908D}
    Google Toolbar for Internet Explorer–>"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
    Google Toolbar for Internet Explorer–>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Updater–>"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall
    High-Definition Video Playback 10–>MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E}
    ImgBurn–>"D:\IMGBurn\uninstall.exe"
    Imikimi Plugin–>"C:\Program Files (x86)\Imikimi\uninstall.exe"
    Java(TM) 6 Update 20–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
    Junk Mail filter update–>MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
    Malwarebytes' Anti-Malware–>"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
    Messenger Plus! Live–>"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
    Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-002A-0413-1000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00BA-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
    Microsoft Office Access MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007–>"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007–>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
    Microsoft Office Groove MUI (Dutch) 2007–>MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
    Microsoft Office Live Add-in 1.5–>MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
    Microsoft Office OneNote MUI (Dutch) 2007–>MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proofing (Dutch) 2007–>MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Publisher MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
    Microsoft Office Shared MUI (Dutch) 2007–>MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
    Microsoft Office Word MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
    Microsoft Primary Interoperability Assemblies 2005–>MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
    Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148–>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    Nero 10 Menu TemplatePack Basic–>MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604}
    Nero 10 Movie ThemePack Basic–>MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}
    Nero BackItUp 10 Help (CHM)–>MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}
    Nero BackItUp 10–>MsiExec.exe /X{68AB6930-5BFF-4FF6-923B-516A91984FE6}
    Nero Burning ROM 10–>MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB}
    Nero BurningROM 10 Help (CHM)–>MsiExec.exe /X{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}
    Nero BurnRights 10 Help (CHM)–>MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00}
    Nero Control Center 10–>MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
    Nero ControlCenter 10 Help (CHM)–>MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
    Nero Core Components 10–>MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
    Nero CoverDesigner 10 Help (CHM)–>MsiExec.exe /X{C3273C55-E1E4-41FF-8D69-0158090DB8D8}
    Nero DiscSpeed 10 Help (CHM)–>MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC}
    Nero DiscSpeed 10–>MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C}
    Nero Dolby Files 10–>MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97}
    Nero Express 10 Help (CHM)–>MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98}
    Nero Express 10–>MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7}
    Nero InfoTool 10 Help (CHM)–>MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E}
    Nero MediaHub 10 Help (CHM)–>MsiExec.exe /X{F467862A-D9CA-47ED-8D81-B4B3C9399272}
    Nero MediaHub 10–>MsiExec.exe /X{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}
    Nero Multimedia Suite 10–>MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD}
    Nero Recode 10 Help (CHM)–>MsiExec.exe /X{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}
    Nero RescueAgent 10 Help (CHM)–>MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7}
    Nero RescueAgent 10–>MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023}
    Nero SoundTrax 10 Help (CHM)–>MsiExec.exe /X{16987E99-C95C-4513-9239-7B44A0A71DB5}
    Nero StartSmart 10 Help (CHM)–>MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}
    Nero StartSmart 10–>MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}
    Nero Update–>MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
    Nero Vision 10 Help (CHM)–>MsiExec.exe /X{329411A0-19F3-4740-874F-17400B126F27}
    Nero Vision 10–>MsiExec.exe /X{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}
    Nero WaveEditor 10 Help (CHM)–>MsiExec.exe /X{7A295D8F-484B-4FFB-89AB-C1FD497591FE}
    Nero WaveEditor 10–>MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230}
    neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Picasa 3–>"D:\Picasa\Picasa3\Uninstall.exe"
    Samsung CLP-300 Series SmartPanel–>C:\Program Files (x86)\SAMSUNG\Samsung CLP-300 Series SmartPanel\Install\Setup.exe /R
    Samsung CLP-300 Series–>C:\Program Files (x86)\SAMSUNG\Samsung CLP-300 Series\Install\Setup.exe /R
    Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB976321)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
    Security Update for 2007 Microsoft Office System (KB982312)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
    Security Update for 2007 Microsoft Office System (KB982331)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
    Security Update for Microsoft Office Access 2007 (KB979440)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
    Security Update for Microsoft Office Access 2007 (KB979440)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
    Security Update for Microsoft Office Excel 2007 (KB982308)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
    Security Update for Microsoft Office InfoPath 2007 (KB979441)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
    Security Update for Microsoft Office InfoPath 2007 (KB979441)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
    Security Update for Microsoft Office Outlook 2007 (KB980376)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {48113C06-9BA2-4D54-A731-D1D2C5B3144A}
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
    Security Update for Microsoft Office Publisher 2007 (KB982124)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
    Security Update for Microsoft Office system 2007 (972581)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
    Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office system 2007 (KB974234)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    Security Update for Microsoft Office Word 2007 (KB982135)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
    Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office OneNote 2007 (KB980729)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
    Update for Outlook 2007 Junk Email Filter (kb2202131)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A67392E8-282B-4BEF-8020-EF3DD664DE7B}
    Update voor Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA}
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}
    Update voor Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809}
    VLC media player 1.0.5–>C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
    Watson–>MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
    Windows Live - Hulpprogramma voor uploaden–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Windows Live Call–>MsiExec.exe /I{C20C2630-B3A7-44BA-BDD0-31E256AE490E}
    Windows Live Communications Platform–>MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
    Windows Live Essentials–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
    Windows Live Essentials–>MsiExec.exe /I{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}
    Windows Live Mail–>MsiExec.exe /I{2869F5EA-93C3-48E5-80DF-DB696BC84A91}
    Windows Live Messenger–>MsiExec.exe /X{CC38A00D-7EED-46CE-9281-D1D97B81F22A}
    Windows Media Encoder 9 Series–>msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series–>MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Youtube Downloader HD v. 1.9–>"D:\Youtube Downloader HD\unins000.exe"

    ======Security center information======

    AS: SUPERAntiSpyware (disabled)

    ======System event log======

    Computer Name: MargreetBonteko
    Event Code: 7036
    Message: De Application Experience-service heeft nu de status wordt uitgevoerd.
    Record Number: 59226
    Source Name: Service Control Manager
    Time Written: 20100309215027.866400-000
    Event Type: Informatie
    User:

    Computer Name: MargreetBonteko
    Event Code: 7036
    Message: De Computer Browser-service heeft nu de status gestopt.
    Record Number: 59225
    Source Name: Service Control Manager
    Time Written: 20100309214919.912800-000
    Event Type: Informatie
    User:

    Computer Name: MargreetBonteko
    Event Code: 7036
    Message: De Computer Browser-service heeft nu de status wordt uitgevoerd.
    Record Number: 59224
    Source Name: Service Control Manager
    Time Written: 20100309214913.875600-000
    Event Type: Informatie
    User:

    Computer Name: MargreetBonteko
    Event Code: 7036
    Message: De Computer Browser-service heeft nu de status gestopt.
    Record Number: 59223
    Source Name: Service Control Manager
    Time Written: 20100309214711.899200-000
    Event Type: Informatie
    User:

    Computer Name: MargreetBonteko
    Event Code: 7036
    Message: De Computer Browser-service heeft nu de status wordt uitgevoerd.
    Record Number: 59222
    Source Name: Service Control Manager
    Time Written: 20100309214705.862000-000
    Event Type: Informatie
    User:

    =====Application event log=====

    Computer Name: 37L4247E29-32
    Event Code: 1001
    Message: Foutbucket , type 0
    Naam van gebeurtenis: PnPDriverNotFound
    Antwoord: Niet beschikbaar
    Id van CAB-bestand: 0

    Handtekening van probleem:
    P1: x64
    P2: ACPI\ATK0110
    P3:
    P4:
    P5:
    P6:
    P7:
    P8:
    P9:
    P10:

    Bijgevoegde bestanden:
    C:\Windows\Temp\DMIC715.tmp.log.xml

    Deze bestanden zijn mogelijk hier beschikbaar:
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_7b90e53f6497da36d01d2c8167badd7549330a6_cab_0471c7a1

    Analysesymbool:
    Opnieuw zoeken naar oplossing: 0nRapport-id: fcec10c0-c559-11de-aba1-001e8c38a0a5
    Rapportstatus: 4
    Record Number: 5
    Source Name: Windows Error Reporting
    Time Written: 20091030134156.000000-000
    Event Type: Informatie
    User:

    Computer Name: 37L4247E29-32
    Event Code: 5617
    Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd
    Record Number: 4
    Source Name: Microsoft-Windows-WMI
    Time Written: 20091030134102.000000-000
    Event Type: Informatie
    User:

    Computer Name: 37L4247E29-32
    Event Code: 5615
    Message: De Windows Management Instrumentation-service is gestart
    Record Number: 3
    Source Name: Microsoft-Windows-WMI
    Time Written: 20091030134058.000000-000
    Event Type: Informatie
    User:

    Computer Name: 37L4247E29-32
    Event Code: 1531
    Message: De User Profile-service is gestart.


    Record Number: 2
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20091030134052.543200-000
    Event Type: Informatie
    User: NT AUTHORITY\SYSTEM

    Computer Name: 37L4247E29-32
    Event Code: 4625
    Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
    Record Number: 1
    Source Name: Microsoft-Windows-EventSystem
    Time Written: 20091030134052.000000-000
    Event Type: Informatie
    User:

    =====Security event log=====

    Computer Name: MargreetBonteko
    Event Code: 4624
    Message: Er is een account aangemeld.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: MARGREETBONTEKO$
    Accountdomein: WORKGROUP
    Aanmeldings-id: 0x3e7

    Aanmeldingstype: 2

    Nieuwe aanmelding:
    Beveiligings-id: S-1-5-21-456329589-3279974428-3109879471-1001
    Accountnaam: Margreet Bontekoe
    Accountdomein: MargreetBonteko
    Aanmeldings-id: 0x13d3b
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Procesgegevens:
    Proces-id: 0x278
    Naam proces: C:\Windows\System32\winlogon.exe

    Netwerkgegevens:
    Naam van werkstation: MARGREETBONTEKO
    Netwerkadres van bron: 127.0.0.1
    Poort van bron: 0

    Gedetailleerde verificatiegegevens:
    Aanmeldingsproces: User32
    Verificatiepakket: Negotiate
    Doorgezette services: -
    Pakketnaam (alleen NTLM): -
    Sleutellengte: 0

    Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

    De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

    In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

    Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

    In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

    De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
    - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
    - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
    - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
    - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
    Record Number: 4506
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091129114927.476000-000
    Event Type: Controle geslaagd
    User:

    Computer Name: MargreetBonteko
    Event Code: 4648
    Message: Poging tot aanmelden met expliciete referenties.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: MARGREETBONTEKO$
    Accountdomein: WORKGROUP
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Account waarvan de referenties zijn gebruikt:
    Accountnaam: Margreet Bontekoe
    Accountdomein: MargreetBonteko
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Doelserver:
    Naam van doelserver: localhost
    Aanvullende gegevens: localhost

    Procesgegevens:
    Proces-id: 0x278
    Procesnaam: C:\Windows\System32\winlogon.exe

    Netwerkgegevens:
    Netwerkadres: 127.0.0.1
    Poort: 0

    Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
    Record Number: 4505
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091129114927.476000-000
    Event Type: Controle geslaagd
    User:

    Computer Name: MargreetBonteko
    Event Code: 4672
    Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7

    Bevoegdheden: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 4504
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091129114923.045600-000
    Event Type: Controle geslaagd
    User:

    Computer Name: MargreetBonteko
    Event Code: 4624
    Message: Er is een account aangemeld.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: MARGREETBONTEKO$
    Accountdomein: WORKGROUP
    Aanmeldings-id: 0x3e7

    Aanmeldingstype: 5

    Nieuwe aanmelding:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7
    Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

    Procesgegevens:
    Proces-id: 0x1ec
    Naam proces: C:\Windows\System32\services.exe

    Netwerkgegevens:
    Naam van werkstation:
    Netwerkadres van bron: -
    Poort van bron: -

    Gedetailleerde verificatiegegevens:
    Aanmeldingsproces: Advapi
    Verificatiepakket: Negotiate
    Doorgezette services: -
    Pakketnaam (alleen NTLM): -
    Sleutellengte: 0

    Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

    De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

    In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

    Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

    In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

    De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
    - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
    - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
    - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
    - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
    Record Number: 4503
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091129114923.045600-000
    Event Type: Controle geslaagd
    User:

    Computer Name: MargreetBonteko
    Event Code: 4672
    Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

    Onderwerp:
    Beveiligings-id: S-1-5-18
    Accountnaam: SYSTEM
    Accountdomein: NT AUTHORITY
    Aanmeldings-id: 0x3e7

    Bevoegdheden: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 4502
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091129114923.030000-000
    Event Type: Controle geslaagd
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=AMD64
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
    "NUMBER_OF_PROCESSORS"=4
    "PROCESSOR_LEVEL"=16
    "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD
    "PROCESSOR_REVISION"=0203
    "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

    —————–EOF—————–
  • En dit is zn 'HijackThis' log:
    Logfile of random's system information tool 1.08 (written by random/random)
    Run by Margreet Bontekoe at 2010-07-15 20:48:45
    Microsoft Windows 7 Home Premium Service Pack 3
    System drive C: has 25 GB (47%) free of 53 GB
    Total RAM: 4094 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:48:54, on 15-7-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    C:\Users\Margreet Bontekoe\Desktop\RSIT.exe
    C:\Program Files (x86)\trend micro\Margreet Bontekoe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nederland.fm/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [sw_updater] "C:\Program Files (x86)\sw_updater\updater.exe"
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: G Data Schedule (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe
    O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: G Data Persoonlijke Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe
    O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Windows Activation Technologies-service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9681 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Google Software Updater.job
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
    G Data WebFilter - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll [2009-09-07 594504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-27 814648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-22 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0124123D-61B4-456f-AF86-78C53A0790C5} - G Data WebFilter - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll [2009-09-07 594504]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
    "sw_updater"=C:\Program Files (x86)\sw_updater\updater.exe []
    "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe [2009-09-24 1124424]
    "G DATA AntiVirus Trayapplication"=C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe [2010-01-06 951880]
    "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
    "Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-09-11 614400]
    "NBAgent"=C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-04-03 1234216]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
    "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-30 39408]
    "RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe []

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "LogonHoursAction"=2
    "DontDisplayLogonHoursWarnings"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=5
    "ConsentPromptBehaviorUser"=3
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableLinkedConnections"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoActiveDesktop"=1
    "NoActiveDesktopChanges"=1
    "ForceActiveDesktopOn"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 months======

    2010-07-15 20:48:45 —-D—- C:\rsit
    2010-07-15 20:48:45 —-D—- C:\Program Files (x86)\trend micro
    2010-07-14 03:00:52 —-SHD—- C:\Config.Msi
    2010-07-11 13:17:32 —-D—- C:\Program Files (x86)\EVEREST Ultimate Edition
    2010-07-07 08:55:33 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Malwarebytes
    2010-07-07 08:55:11 —-A—- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
    2010-07-07 08:55:09 —-D—- C:\ProgramData\Malwarebytes
    2010-07-07 08:55:09 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-07-02 22:55:54 —-D—- C:\Program Files (x86)\Nero
    2010-07-02 20:13:08 —-A—- C:\Windows\SysWOW64\D3DCompiler_42.dll
    2010-07-02 20:12:39 —-A—- C:\Windows\SysWOW64\D3DX9_42.dll
    2010-07-02 20:12:12 —-A—- C:\Windows\SysWOW64\D3DX9_40.dll
    2010-07-02 20:11:46 —-A—- C:\Windows\SysWOW64\d3dx9_35.dll
    2010-07-02 20:11:23 —-A—- C:\Windows\SysWOW64\d3dx9_34.dll
    2010-06-25 23:48:15 —-A—- C:\Windows\SysWOW64\PerfStringBackup.INI
    2010-06-25 21:23:41 —-D—- C:\Program Files (x86)\SAMSUNG
    2010-06-23 11:44:13 —-A—- C:\Windows\SysWOW64\PresentationHostProxy.dll
    2010-06-23 11:44:13 —-A—- C:\Windows\SysWOW64\PresentationHost.exe
    2010-06-23 11:44:13 —-A—- C:\Windows\SysWOW64\netfxperf.dll
    2010-06-23 11:44:13 —-A—- C:\Windows\SysWOW64\mscoree.dll
    2010-06-23 11:44:13 —-A—- C:\Windows\SysWOW64\dfshim.dll
    2010-06-23 11:03:32 —-A—- C:\Windows\SysWOW64\ntdll.dll
    2010-06-23 11:03:01 —-A—- C:\Windows\SysWOW64\CPFilters.dll
    2010-06-22 00:11:31 —-D—- C:\ProgramData\Sun
    2010-06-22 00:11:30 —-D—- C:\Program Files (x86)\Common Files\Java
    2010-06-21 13:23:39 —-A—- C:\Windows\SysWOW64\msv1_0.dll
    2010-06-21 13:21:03 —-A—- C:\Windows\SysWOW64\asycfilt.dll
    2010-06-21 13:20:52 —-A—- C:\Windows\SysWOW64\vbscript.dll
    2010-06-21 13:20:47 —-A—- C:\Windows\SysWOW64\wmp.dll
    2010-06-21 13:20:47 —-A—- C:\Windows\SysWOW64\CertEnroll.dll
    2010-06-21 13:20:45 —-A—- C:\Windows\SysWOW64\wmploc.DLL
    2010-06-21 13:20:44 —-A—- C:\Windows\SysWOW64\secproc_isv.dll
    2010-06-21 13:20:44 —-A—- C:\Windows\SysWOW64\secproc.dll
    2010-06-21 13:20:43 —-A—- C:\Windows\SysWOW64\secproc_ssp_isv.dll
    2010-06-21 13:20:43 —-A—- C:\Windows\SysWOW64\secproc_ssp.dll
    2010-06-21 13:20:43 —-A—- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
    2010-06-21 13:20:43 —-A—- C:\Windows\SysWOW64\RMActivate_ssp.exe
    2010-06-21 13:20:43 —-A—- C:\Windows\SysWOW64\RMActivate_isv.exe
    2010-06-21 13:20:43 —-A—- C:\Windows\SysWOW64\RMActivate.exe
    2010-06-21 13:20:42 —-A—- C:\Windows\SysWOW64\inetcomm.dll
    2010-06-21 13:20:41 —-A—- C:\Windows\SysWOW64\t2embed.dll
    2010-06-21 13:20:38 —-A—- C:\Windows\SysWOW64\explorer.exe
    2010-06-21 13:20:38 —-A—- C:\Windows\explorer.exe
    2010-06-21 13:20:37 —-A—- C:\Windows\SysWOW64\wow32.dll
    2010-06-21 13:20:37 —-A—- C:\Windows\SysWOW64\user.exe
    2010-06-21 13:20:37 —-A—- C:\Windows\SysWOW64\setup16.exe
    2010-06-21 13:20:37 —-A—- C:\Windows\SysWOW64\ntvdm64.dll
    2010-06-21 13:20:37 —-A—- C:\Windows\SysWOW64\instnm.exe
    2010-06-21 13:20:34 —-A—- C:\Windows\SysWOW64\quartz.dll
    2010-06-21 13:20:33 —-A—- C:\Windows\SysWOW64\tsbyuv.dll
    2010-06-21 13:20:33 —-A—- C:\Windows\SysWOW64\msyuv.dll
    2010-06-21 13:20:33 —-A—- C:\Windows\SysWOW64\msvidc32.dll
    2010-06-21 13:20:33 —-A—- C:\Windows\SysWOW64\msrle32.dll
    2010-06-21 13:20:33 —-A—- C:\Windows\SysWOW64\mciavi32.dll
    2010-06-21 13:20:33 —-A—- C:\Windows\SysWOW64\iyuv_32.dll
    2010-06-21 13:20:33 —-A—- C:\Windows\SysWOW64\avifil32.dll
    2010-06-21 13:20:30 —-A—- C:\Windows\SysWOW64\ntoskrnl.exe
    2010-06-21 13:20:30 —-A—- C:\Windows\SysWOW64\ntkrnlpa.exe
    2010-06-21 13:20:28 —-A—- C:\Windows\SysWOW64\jscript.dll
    2010-06-21 13:20:27 —-A—- C:\Windows\SysWOW64\shell32.dll
    2010-06-21 13:20:26 —-A—- C:\Windows\SysWOW64\sspicli.dll
    2010-06-21 13:20:26 —-A—- C:\Windows\SysWOW64\secur32.dll
    2010-06-21 13:20:24 —-A—- C:\Windows\SysWOW64\psisdecd.dll
    2010-06-21 13:20:20 —-A—- C:\Windows\SysWOW64\msasn1.dll
    2010-06-21 13:20:18 —-A—- C:\Windows\SysWOW64\fontsub.dll
    2010-06-21 13:20:18 —-A—- C:\Windows\SysWOW64\atmlib.dll
    2010-06-21 13:20:18 —-A—- C:\Windows\SysWOW64\atmfd.dll
    2010-06-21 13:20:15 —-A—- C:\Windows\SysWOW64\tzres.dll
    2010-06-21 13:20:11 —-A—- C:\Windows\SysWOW64\mshtml.dll
    2010-06-21 13:20:10 —-A—- C:\Windows\SysWOW64\ieframe.dll
    2010-06-21 13:20:09 —-A—- C:\Windows\SysWOW64\wininet.dll
    2010-06-21 13:20:09 —-A—- C:\Windows\SysWOW64\urlmon.dll
    2010-06-21 13:20:09 —-A—- C:\Windows\SysWOW64\mstime.dll
    2010-06-21 13:20:09 —-A—- C:\Windows\SysWOW64\msfeedsbs.dll
    2010-06-21 13:20:09 —-A—- C:\Windows\SysWOW64\jsproxy.dll
    2010-06-21 13:20:09 —-A—- C:\Windows\SysWOW64\iedkcs32.dll
    2010-06-20 14:19:16 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\SUPERAntiSpyware.com
    2010-06-20 14:19:16 —-D—- C:\ProgramData\SUPERAntiSpyware.com
    2010-06-20 14:19:10 —-D—- C:\ProgramData\!SASCORE
    2010-06-20 14:18:02 —-D—- C:\Windows\Panther
    2010-06-20 14:07:47 —-HD—- C:\$WINDOWS.~Q
    2010-06-20 14:05:23 —-HD—- C:\$INPLACE.~TR
    2010-06-20 13:53:00 —-A—- C:\Windows\SysWOW64\wintrust.dll
    2010-06-20 13:53:00 —-A—- C:\Windows\SysWOW64\cabview.dll
    2010-06-20 13:51:47 —-SHD—- C:\ProgramData\Sjablonen
    2010-06-20 13:51:47 —-SHD—- C:\ProgramData\Menu Start
    2010-06-20 13:51:47 —-SHD—- C:\ProgramData\Favorieten
    2010-06-20 13:51:47 —-SHD—- C:\ProgramData\Documenten
    2010-06-20 13:51:47 —-SHD—- C:\ProgramData\Bureaublad
    2010-06-20 13:23:06 —-SD—- C:\Users\Margreet Bontekoe\AppData\Roaming\Microsoft
    2010-06-20 13:23:06 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Media Center Programs
    2010-06-20 13:19:18 —-D—- C:\Windows\Prefetch
    2010-06-20 11:41:31 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Youtube Downloader HD
    2010-06-19 17:10:58 —-A—- C:\Windows\EVEREST Ultimate Edition Uninstall Log.txt

    ======List of files/folders modified in the last 1 months======

    2010-07-15 20:48:53 —-D—- C:\Windows\Temp
    2010-07-15 20:48:45 —-RD—- C:\Program Files (x86)
    2010-07-15 20:04:25 —-D—- C:\Windows\Tasks
    2010-07-15 20:04:06 —-SHD—- C:\System Volume Information
    2010-07-14 13:09:23 —-D—- C:\Windows\System32
    2010-07-14 13:09:23 —-D—- C:\Windows\inf
    2010-07-14 04:27:38 —-D—- C:\Windows\debug
    2010-07-14 03:18:21 —-D—- C:\Windows\winsxs
    2010-07-14 03:16:57 —-SHD—- C:\Windows\Installer
    2010-07-14 03:01:45 —-D—- C:\ProgramData\Microsoft Help
    2010-07-11 13:17:52 —-A—- C:\Windows\EVEREST Ultimate Edition Setup Log.txt
    2010-07-09 22:00:43 —-HD—- C:\ProgramData
    2010-07-09 21:28:25 —-RSD—- C:\Windows\assembly
    2010-07-07 08:55:11 —-D—- C:\Windows\SysWOW64\drivers
    2010-07-03 10:59:00 —-D—- C:\Windows
    2010-07-03 00:16:15 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Nero
    2010-07-02 23:01:02 —-D—- C:\ProgramData\Nero
    2010-07-02 22:56:35 —-D—- C:\Program Files (x86)\Common Files\Nero
    2010-07-02 21:24:48 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\uTorrent
    2010-07-02 21:23:19 —-D—- C:\Program Files (x86)\Common Files\DVDVideoSoft
    2010-07-02 20:13:08 —-D—- C:\Windows\SysWOW64
    2010-07-02 20:11:04 —-D—- C:\Windows\Logs
    2010-06-25 23:59:08 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\vlc
    2010-06-25 23:58:10 —-D—- C:\Temp
    2010-06-25 22:59:38 —-D—- C:\Windows\Downloaded Program Files
    2010-06-25 21:55:44 —-D—- C:\Program Files (x86)\Foxit Software
    2010-06-25 21:30:37 —-D—- C:\Program Files (x86)\Common Files
    2010-06-23 22:03:43 —-D—- C:\Windows\rescache
    2010-06-23 21:44:21 —-D—- C:\Windows\Microsoft.NET
    2010-06-23 11:46:07 —-D—- C:\Windows\ehome
    2010-06-23 11:46:07 —-D—- C:\Windows\AppPatch
    2010-06-22 00:10:20 —-D—- C:\ProgramData\Google
    2010-06-22 00:10:06 —-D—- C:\Program Files (x86)\Google
    2010-06-21 22:29:29 —-D—- C:\Windows\SysWOW64\Wat
    2010-06-21 22:01:31 —-D—- C:\Program Files (x86)\Windows Live
    2010-06-21 21:22:34 —-D—- C:\Program Files (x86)\Messenger Plus! Live
    2010-06-21 20:59:23 —-D—- C:\Program Files (x86)\Windows Media Player
    2010-06-21 20:59:22 —-D—- C:\Program Files (x86)\Windows Mail
    2010-06-21 13:31:50 —-SHD—- C:\$Recycle.Bin
    2010-06-21 13:31:43 —-RD—- C:\Users
    2010-06-21 13:27:16 —-D—- C:\Program Files (x86)\Internet Explorer
    2010-06-21 13:27:14 —-D—- C:\Windows\SysWOW64\nl-NL
    2010-06-21 13:27:13 —-D—- C:\Windows\SysWOW64\migration
    2010-06-20 14:19:08 —-RD—- C:\Program Files
    2010-06-20 14:13:58 —-D—- C:\ProgramData\G DATA
    2010-06-20 14:07:52 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Identities
    2010-06-20 14:07:16 —-D—- C:\Program Files (x86)\Common Files\G DATA
    2010-06-20 14:07:09 —-D—- C:\Program Files (x86)\G Data
    2010-06-20 13:51:47 —-SHD—- C:\Recovery
    2010-06-20 13:50:50 —-D—- C:\Windows\SoftwareDistribution
    2010-06-20 13:43:24 —-D—- C:\Windows\Registration
    2010-06-20 13:33:48 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Zhorn Birthday Reminder
    2010-06-20 13:33:48 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\WinRAR
    2010-06-20 13:33:48 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Uniblue
    2010-06-20 13:33:48 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\UK's Kalender
    2010-06-20 13:33:48 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Talkback
    2010-06-20 13:33:47 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Mozilla
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Macromedia
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Jasc
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\ImgBurn
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\gtk-2.0
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Google
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Foxit
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\DVDVideoSoftIEHelpers
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\dvdcss
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\CleanMyPC Software
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Belastingdienst
    2010-06-20 13:33:43 —-D—- C:\Users\Margreet Bontekoe\AppData\Roaming\Adobe
    2010-06-20 13:28:36 —-D—- C:\Windows\SysWOW64\Macromed
    2010-06-20 13:28:35 —-D—- C:\Windows\SysWOW64\Adobe
    2010-06-20 13:28:18 —-D—- C:\Windows\ShellNew
    2010-06-20 13:28:16 —-D—- C:\Windows\Samsung
    2010-06-20 13:28:16 —-D—- C:\Windows\RegisteredPackages
    2010-06-20 13:28:16 —-D—- C:\Windows\pss
    2010-06-20 13:28:02 —-D—- C:\Windows\LiveKernelReports
    2010-06-20 13:27:53 —-RSD—- C:\Windows\Fonts
    2010-06-20 13:27:53 —-D—- C:\Windows\Help
    2010-06-20 13:27:39 —-D—- C:\Windows\EVEREST Ultimate Edition
    2010-06-20 13:27:35 —-D—- C:\ProgramData\NVIDIA
    2010-06-20 13:27:33 —-SD—- C:\ProgramData\Microsoft
    2010-06-20 13:27:23 —-D—- C:\ProgramData\Messenger Plus!
    2010-06-20 13:27:23 —-D—- C:\ProgramData\Google Updater
    2010-06-20 13:27:23 —-D—- C:\ProgramData\Driver Whiz
    2010-06-20 13:27:16 —-D—- C:\Program Files (x86)\Windows Live SkyDrive
    2010-06-20 13:27:16 —-D—- C:\Program Files (x86)\Windows Live Safety Center
    2010-06-20 13:27:15 —-D—- C:\Program Files (x86)\Win7codecs
    2010-06-20 13:27:11 —-D—- C:\Program Files (x86)\VideoLAN
    2010-06-20 13:27:11 —-D—- C:\Program Files (x86)\uTorrent
    2010-06-20 13:27:09 —-D—- C:\Program Files (x86)\SlySoft
    2010-06-20 13:26:41 —-D—- C:\Program Files (x86)\Microsoft.NET
    2010-06-20 13:26:41 —-D—- C:\Program Files (x86)\Microsoft Works
    2010-06-20 13:26:41 —-D—- C:\Program Files (x86)\Microsoft Visual Studio
    2010-06-20 13:26:39 —-D—- C:\Program Files (x86)\Microsoft Silverlight
    2010-06-20 13:26:39 —-D—- C:\Program Files (x86)\Microsoft Office
    2010-06-20 13:26:19 —-D—- C:\Program Files (x86)\Microsoft
    2010-06-20 13:26:15 —-HD—- C:\Program Files (x86)\InstallShield Installation Information
    2010-06-20 13:26:15 —-D—- C:\Program Files (x86)\Java
    2010-06-20 13:26:15 —-D—- C:\Program Files (x86)\IrfanView
    2010-06-20 13:26:14 —-D—- C:\Program Files (x86)\Imikimi
    2010-06-20 13:26:14 —-D—- C:\Program Files (x86)\HP
    2010-06-20 13:26:13 —-D—- C:\Program Files (x86)\FTDv3.8
    2010-06-20 13:26:11 —-D—- C:\Program Files (x86)\File Scavenger 3.2
    2010-06-20 13:26:11 —-D—- C:\Program Files (x86)\DVDVideoSoft
    2010-06-20 13:26:11 —-D—- C:\Program Files (x86)\CrossLoop
    2010-06-20 13:26:10 —-D—- C:\Program Files (x86)\Common Files\Windows Live
    2010-06-20 13:26:09 —-D—- C:\Program Files (x86)\Common Files\System
    2010-06-20 13:26:05 —-D—- C:\Program Files (x86)\Common Files\microsoft shared
    2010-06-20 13:26:01 —-D—- C:\Program Files (x86)\Common Files\DESIGNER
    2010-06-20 13:26:01 —-D—- C:\Program Files (x86)\Common Files\Ahead

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 amdxata;amdxata; C:\Windows\system32\DRIVERS\amdxata.sys []
    R0 CLFS;@%SystemRoot%\system32\clfs.sys,-100; C:\Windows\System32\CLFS.sys []
    R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys []
    R0 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\system32\drivers\fileinfo.sys []
    R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\Windows\System32\DRIVERS\fvevol.sys []
    R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys []
    R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys []
    R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys []
    R0 msisadrv;msisadrv; C:\Windows\system32\DRIVERS\msisadrv.sys []
    R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
    R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys []
    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
    R0 spldr;Security Processor Loader Driver; C:\Windows\SysWOW64\drivers\spldr.sys []
    R0 vdrvroot;Microsoft Virtual Drive Enumerator-stuurprogramma; C:\Windows\system32\DRIVERS\vdrvroot.sys []
    R0 volmgr;Stuurprogramma voor Volumebeheer; C:\Windows\system32\DRIVERS\volmgr.sys []
    R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys []
    R0 Wdf01000;Kernel Mode Driver Frameworks service; C:\Windows\system32\drivers\Wdf01000.sys []
    R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys []
    R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys []
    R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []
    R1 gdwfpcd;G DATA WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys []
    R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys []
    R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
    R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys []
    R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys []
    R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys []
    R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []
    R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
    R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys []
    R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
    R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys []
    R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys []
    R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys []
    R3 AmdPPM;Stuurprogramma voor AMD-processor; C:\Windows\system32\DRIVERS\amdppm.sys []
    R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys []
    R3 CompositeBus;Stuurprogramma voor Composite Bus Enumerator; C:\Windows\system32\DRIVERS\CompositeBus.sys []
    R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
    R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2006-12-26 40648]
    R3 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys []
    R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys []
    R3 GearAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys []
    R3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys []
    R3 HDAudBus;Microsoft UAA Bus-stuurprogramma voor High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys []
    R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\Windows\system32\DRIVERS\hidusb.sys []
    R3 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys []
    R3 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\Windows\system32\DRIVERS\kbdhid.sys []
    R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
    R3 monitor;Microsoft Monitor Class Function Driver-service; C:\Windows\system32\DRIVERS\monitor.sys []
    R3 mouhid;Stuurprogramma voor muis-HID; C:\Windows\system32\DRIVERS\mouhid.sys []
    R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
    R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys []
    R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
    R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys []
    R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []
    R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys []
    R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys []
    R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys []
    R3 tunnel;Stuurprogramma voor Microsoft IPv6 Tunnel-minipoortadapter; C:\Windows\system32\DRIVERS\tunnel.sys []
    R3 umbus;UMBus Enumerator-stuurprogramma; C:\Windows\system32\DRIVERS\umbus.sys []
    R3 usbccgp;Microsoft algemeen hoofd-USB-stuurprogramma; C:\Windows\system32\DRIVERS\usbccgp.sys []
    R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
    S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
    S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys []
    S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys []
    S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys []
    S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys []
    S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys []
    S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys []
    S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys []
    S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys []
    S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys []
    S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys []
    S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []
    S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys []
    S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys []
    S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []
    S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
    S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys []
    S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys []
    S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys []
    S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys []
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys []
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys []
    S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys []
    S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys []
    S3 cpuz132;cpuz132; \??\C:\Users\MARGRE~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
    S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys []
    S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []
    S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys []
    S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys []
    S3 exfat;exFAT File System Driver; C:\Windows\SysWOW64\drivers\exfat.sys []
    S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
    S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
    S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys []
    S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys []
    S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []
    S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys []
    S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys []
    S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys []
    S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys []
    S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys []
    S3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys []
    S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys []
    S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys []
    S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys []
    S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys []
    S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys []
    S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys []
    S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys []
    S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys []
    S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys []
    S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys []
    S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys []
    S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []
    S3 MsRPC;MsRPC; C:\Windows\SysWOW64\drivers\MsRPC.sys []
    S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []
    S3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys []
    S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []
    S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys []
    S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys []
    S3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x64.sys []
    S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys []
    S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys []
    S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys []
    S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys []
    S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys []
    S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys []
    S3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []
    S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys []
    S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []
    S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys []
    S3 sffdisk;SFF Storage Class-stuurprogramma; C:\Windows\system32\DRIVERS\sffdisk.sys []
    S3 sffp_mmc;Stuurprogramma volgens SFF-opslagprotocol voor MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys []
    S3 sffp_sd;Stuurprogramma volgens SFF-opslagprotocol voor SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys []
    S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys []
    S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys []
    S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys []
    S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys []
    S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys []
    S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys []
    S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys []
    S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys []
    S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []
    S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys []
    S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys []
    S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\Windows\system32\DRIVERS\USBSTOR.SYS []
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys []
    S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys []
    S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []
    S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys []
    S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys []
    S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys []
    S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys []
    S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
    S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
    S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys []
    S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-07 125440]
    R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-12-15 1054792]
    R2 AVKService;G Data Schedule; C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe [2009-08-13 397896]
    R2 AVKWCtl;G Data Bestandssysteembewaker; C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe [2009-11-25 1731504]
    R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
    R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe []
    R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
    R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe []
    R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
    R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    R3 GDFwSvc;G Data Persoonlijke Firewall; C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe [2009-11-25 1664560]
    R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
    R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
    R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
    S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-03 194032]
    S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []
    S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
    S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
    S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2010-05-09 696320]
    S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 127488]
    S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
    S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840]
    S3 G Data Backup Service;G Data Backup Service; C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2009-10-21 865352]
    S3 G Data Tuner Service;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-04-20 918600]
    S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384]
    S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
    S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe []
    S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048]
    S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe []
    S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []
    S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe []
    S3 WatAdminSvc;Windows Activation Technologies-service; C:\Windows\system32\Wat\WatAdminSvc.exe []
    S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
    S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
    S3 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
    S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]

    —————–EOF—————–
    Ik hoop dat ik het goed gedaan heb zo.
    Groetenissen,
    Margreet.
  • Hallo Margreet, jouw Windows vertoont alle kenmerken van een schoon systeem!
    Eigenlijk had ik ook niets anders verwacht i.v.m. de door jou gebruikte antivirus!

    Wat je nog mag doen: SuperAntispyware deïnstalleren.
    MBAM is namelijk beter!

    Dus hou wel MBAM in jouw Windows!

    Wat je ook nog mag doen:

    [b:ae8e86150b]ga naar de Secunia online test, zodat jouw Windows onder zocht wordt op missende updates,[/b:ae8e86150b] [b:ae8e86150b] en kijk ook hier.[/b:ae8e86150b]
  • Hallo Abraham,
    Ik heb de test gedaan en er bleek een verkeerde versie van FlashPlayer10ActiveX op te staan. Door die versie liep ik risico voor threads.
    En inderdaad, bij de scans die ik doe wekelijks komt steeds in een cookie adware tevoorschijn die adobe flash player gerelateerd is. Dat ben ik niet gewend van Flash Player en heb op hun advies de goede versie geïnstalleerd.
    Ik ga nu bezig MBAM er op te zetten.
    (het valt me de laatste tijd ook wel op dat hij vlotter reageert op commando's)
    Ik hou ook graag mn systeem schoon. En dat is niet alleen softwarematig maar ook eens in de zoveel tijd mn kast van binnen stofvrij maken. Kan een hoop verhitting schelen. En zo kan je jaaaaren plezier hebben van je pc.
    Groetenissen,
    Margreet.
  • Hallo Margreet, tegewoordig is het zo, dat de Adobe Flashplayer ook cookies opslaat.
    Als je dat niet weet, kan dat natuurlijk als onaangenaam overkomen!

    Zie hiervoor http://www.macromedia.com/support/documentation/nl/flashplayer/help/settings_manager07.html

    Wat betreft de totale veiligheid in Windows zijn naast de automatische Windows Update en de bijbehorende update-instelling voor het updaten van Microsoft programma's in Windowseen, een goede antivirus ook de volgende twee ondedelen van het hoogste belang: de Adobe Flasplayer en Java runtime dienen altijd de laatste versie te zijn en ook Adobe Reader dient voorzien te zijn van de nieuwste updates!

    Doe daarom nog dit: een test, om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:d785b87b6b].


    • Klik/dubbelklik op [b:d785b87b6b]SecurityCheck.exe[/b:d785b87b6b] en let op de instrukties in het zwarte vesnter.
    • Een Kladblok document genaamd [b:d785b87b6b]checkup.txt[/b:d785b87b6b] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.

    Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.

    Post de inhoud van [b:d785b87b6b]checkup.txt [/b:d785b87b6b]in je volgende post.
  • Hallo Margreet, tegenwoordig is het zo, dat de Adobe Flashplayer ook cookies opslaat.
    Als je dat niet weet, kan dat natuurlijk als onaangenaam overkomen!

    Zie hiervoor http://www.macromedia.com/support/documentation/nl/flashplayer/help/settings_manager07.html

    Wat betreft de totale veiligheid in Windows zijn naast de automatische Windows Update en de bijbehorende update-instelling voor het updaten van Microsoft programma's in Windows, een goede antivirus ook de volgende twee ondedelen van het hoogste belang: de Adobe Flasplayer en Java runtime dienen altijd de laatste versie te zijn en ook Adobe Reader dient voorzien te zijn van de nieuwste updates!

    Doe daarom nog dit: een test, om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:5fda65ac70].


    • Klik/dubbelklik op [b:5fda65ac70]SecurityCheck.exe[/b:5fda65ac70] en let op de instrukties in het zwarte vesnter.
    • Een Kladblok document genaamd [b:5fda65ac70]checkup.txt[/b:5fda65ac70] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.

    Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.

    Post de inhoud van [b:5fda65ac70]checkup.txt [/b:5fda65ac70]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.