Vraag & Antwoord
svp controle, onverklaarbare vastlopers
9 antwoorden
- Win 7 , atomatische updates, maar zaak loopt meest rare momenten vast. Ook Inet hangt af en toe. MBAM geeft geen infecties dus maar HJT logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:30, on 4-9-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 10507 bytes - Hallo Anjo, ik zie dat het een 64-bit versie van Windows 7 betreft.
Heb je deze Windows 7 nieuw met PC gekocht - of in een bestaande PC geïnstalleerd?
En heb je vooraf de Windows Upgrade Advisor gebruikt?
Op welke manier wordt het vastlopen gekenmerkt? Bevriezen van beeld?
Doe in ieder geval het volgende:
[list:0f4a6c216a][*:0f4a6c216a] Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
[*:0f4a6c216a] klik\Dubbelklik op RSIT.exe om het tool te starten.
[*:0f4a6c216a] Klik op Continue in het disclaimer venster.
[*:0f4a6c216a] Nadat de scan beëindigd is, zullen twee logs openen.
[*:0f4a6c216a] Post log.txt (deze zal gemaximaliseerd zijn) en dito info.txt (deze zal geminimaliseerd zijn)[/list:u:0f4a6c216a]
[b:0f4a6c216a]Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt overigens nog het volgende:[/b:0f4a6c216a]
[list:0f4a6c216a][*:0f4a6c216a] Dan dient RSIT in compatibiliteitsmodus uitgevoerd te worden.
[*:0f4a6c216a] Middels rechtsklik op RSIT.exe kies je voor Eigenschappen
[*:0f4a6c216a] klik nu op de tab Compatibiliteit
[*:0f4a6c216a] Vink Dit programma uitvoeren in compatibiliteitsmodus voor aan en kies vervolgens voor Windows XP (Service Pack 3)[/list:u:0f4a6c216a] - Nieuwe PC met legale Win7 Prof.
Advisor geeft alles ok , mogelijke upgrade naar ultimate, maar die draait op laptop
log
info.txt logfile of random's system information tool 1.08 2010-09-04 16:10:24
======Uninstall list======
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
–>"C:\Program Files (x86)\Internetbeveiliging\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
Adobe Flash Player 10 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Reader 9.3.4 - Nederlands–>MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A93000000001}
Adobe Shockwave Player 11.5–>"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advertising Center–>MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AnyDVD–>"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
AutoUnpack 4.4.4–>"C:\Program Files (x86)\AutoUnpack\unins000.exe"
CameraHelperMsi–>MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
Catalyst Control Center - Branding–>MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
CCleaner–>"C:\Program Files (x86)\CCleaner\uninst.exe"
CloneDVD 5.0.0.1–>"C:\Program Files (x86)\CloneDVD5\unins000.exe"
CloneDVD2–>"C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\CloneDVD2"
CorelDRAW Graphics Suite X4 - Capture–>MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content–>MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw–>MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters–>MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav–>MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA–>MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM–>MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang NL–>MsiExec.exe /I{A6C27FFF-75EF-4B5B-A64E-F9E128994908}
CorelDRAW Graphics Suite X4 - PP–>MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA–>MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW Graphics Suite X4–>MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension–>c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension–>MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
CorelDRAW(R) Graphics Suite X4–>C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
Definition update for Microsoft Office 2010 (KB982726)–>"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{691FAD36-EC97-46FA-9F96-4CA91C126ECA}" "1043" "0"
DolbyFiles–>MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
DriverMax 5–>"C:\Program Files (x86)\Innovative Solutions\DriverMax\unins000.exe"
erLT–>MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
F-Secure PSC Prerequisites–>MsiExec.exe /I{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}
GetDataBack for FAT–>"C:\Program Files (x86)\Runtime Software\GetDataBack\Uninstall.exe" "C:\Program Files (x86)\Runtime Software\GetDataBack\install.log" -u
GetDataBack for NTFS–>"C:\Program Files (x86)\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files (x86)\Runtime Software\GetDataBack for NTFS\install.log" -u
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2–>"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis–>MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HydraVision–>MsiExec.exe /X{FB6DE932-24CA-D1C0-2FD8-1DFCE4A33CC5}
ImgBurn–>"C:\Program Files (x86)\ImgBurn\uninstall.exe"
Junk Mail filter update–>MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
Logitech-webcamsoftware–>"C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=NLD /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"
LWS Facebook–>MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
LWS Gallery–>MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
LWS Help_main–>MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
LWS Launcher–>MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
LWS Motion Detection–>MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
LWS Pictures And Video–>MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
LWS Video Mask Maker–>MsiExec.exe /I{EED027B7-0DB6-404B-8F45-6DFEE34A0441}
LWS Webcam Software–>MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
LWS WLM Plugin–>MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
LWS YouTube Plugin–>MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
Malwarebytes' Anti-Malware–>"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 3.2–>"C:\Program Files (x86)\MediaMonkey\unins000.exe"
Menu Templates - Starter Kit–>MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0016-0413-0000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2010–>MsiExec.exe /X{90140000-00BA-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0044-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2010–>MsiExec.exe /X{90140000-00A1-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0018-0413-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010–>"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010–>MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2010–>MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010–>MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010–>MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010–>MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2010–>MsiExec.exe /X{90140000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2010–>MsiExec.exe /X{90140000-0019-0413-0000-0000000FF1CE}
Microsoft Office ScreenTip Language 2010 - English–>MsiExec.exe /X{90140000-00BD-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2010–>MsiExec.exe /X{90140000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2010–>MsiExec.exe /X{90140000-001B-0413-0000-0000000FF1CE}
Microsoft Search Enhancement Pack–>MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]–>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)–>MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)–>MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148–>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Movie Templates - Starter Kit–>MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9–>C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-0180-PZ5K-188L-H7PX-358A-3491-47W5"
Nero BurnRights–>MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter–>MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner–>MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget–>MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed–>MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed–>MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool–>MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer–>MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap–>MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode–>MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent–>MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime–>MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart–>MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision–>MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor–>MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM–>MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress–>MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PixiePack Codec Pack–>MsiExec.exe /I{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}
Radiotracker–>MsiExec.exe /I{4319241C-3DAD-42FE-965D-4D580795785C}
Scherminfotaal van Microsoft Office 2010 - Nederlands–>MsiExec.exe /X{90140000-00BD-0413-0000-0000000FF1CE}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype Toolbars–>MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2–>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundTrax–>MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
TeamViewer 5–>C:\Program Files (x86)\TeamViewer\Version5\uninstall.exe
TomTom HOME 2.7.5.2014–>C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules–>MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for Microsoft Office 2010 (KB2202188)–>"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1043" "0"
Update for Microsoft Outlook Social Connector (KB983403)–>"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3D462F23-F81B-4740-B4B4-ED2A07E9AC23}" "1043" "0"
Update voor Microsoft Outlook Social Connector (KB983403)–>"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0413-0000-0000000FF1CE}" "{5B72E0A9-5AEB-413E-B6DE-C2857DC1E8E3}" "1043" "0"
UseNeXT–>"Z:\UseNext2\UseNeXT\unins000.exe"
VLC media player 1.1.4–>C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows 7 Upgrade Advisor–>MsiExec.exe /I{0DC66F25-C58F-40d3-86BC-CA29C6D99BF8}
Windows Live - Hulpprogramma voor uploaden–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live aanmeldhulp–>MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}
Windows Live Call–>MsiExec.exe /I{C20C2630-B3A7-44BA-BDD0-31E256AE490E}
Windows Live Communications Platform–>MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials–>MsiExec.exe /I{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}
Windows Live Mail–>MsiExec.exe /I{2869F5EA-93C3-48E5-80DF-DB696BC84A91}
Windows Live Messenger–>MsiExec.exe /X{CC38A00D-7EED-46CE-9281-D1D97B81F22A}
Windows Live Movie Maker–>MsiExec.exe /X{32061277-9F45-4C3B-8299-D106D5A502ED}
Windows Live Photo Gallery–>MsiExec.exe /X{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}
Windows Live Sync–>MsiExec.exe /X{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}
Windows Live Toolbar–>MsiExec.exe /X{41DFDD57-21B7-4C48-8C75-FFB35696CA8B}
Windows Live Writer–>MsiExec.exe /X{35CA031C-D3CD-4A28-8D9B-C71466C4F045}
Ziggo uitgebreide internetbeveiliging–>"C:\Program Files (x86)\Internetbeveiliging\FSGUI\PostInstall.exe" /tUnInstall
======System event log======
Computer Name: 37L4247E29-32
Event Code: 7036
Message: De Cryptographic Services-service heeft nu de status stopped.
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informatie
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: De Windows Modules Installer-service heeft nu de status stopped.
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informatie
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: De Software Protection-service heeft nu de status stopped.
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informatie
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: De Windows Event Log-service heeft nu de status stopped.
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informatie
User:
Computer Name: 37L4247E29-32
Event Code: 7036
Message: De Volume Shadow Copy-service heeft nu de status stopped.
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: 37L4247E29-32
Event Code: 900
Message: De Software Protection-service wordt gestart.
Record Number: 5
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100704095107.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247E29-32
Event Code: 5617
Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100704094910.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247E29-32
Event Code: 5615
Message: De Windows Management Instrumentation-service is gestart
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100704094903.000000-000
Event Type: Informatie
User:
Computer Name: 37L4247E29-32
Event Code: 1531
Message: De User Profile-service is gestart.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100704094856.718750-000
Event Type: Informatie
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247E29-32
Event Code: 4625
Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100704094857.000000-000
Event Type: Informatie
User:
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: Er is een lokale groep met beveiliging gewijzigd.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: 37L4247E29-32$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Groep:
Beveiligings-id: S-1-5-32-551
Naam van groep: Back-upoperators
Domein van groep: Builtin
Gewijzigde kenmerken:
SAM-accountnaam: -
SID-geschiedenis: -
Aanvullende gegevens:
Bevoegdheden: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100704094833.093750-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: Er is een lokale groep met beveiliging gemaakt.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: 37L4247E29-32$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Nieuwe groep:
Beveiligings-id: S-1-5-32-551
Naam van groep: Back-upoperators
Domein van groep: Builtin
Kenmerken:
SAM-accountnaam: Back-upoperators
SID-geschiedenis: -
Aanvullende gegevens:
Bevoegdheden: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100704094833.062500-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: De tabel voor controlebeleid per gebruiker is gemaakt.
Aantal elementen: 0
Beleids-id: 0x304a5
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100704094832.328125-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-0-0
Accountnaam: -
Accountdomein: -
Aanmeldings-id: 0x0
Aanmeldingstype: 0
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x4
Naam proces:
Netwerkgegevens:
Naam van werkstation: -
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: -
Verificatiepakket: -
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100704094828.984375-000
Event Type: Controle geslaagd
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows wordt opgestart.
Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100704094828.796875-000
Event Type: Controle geslaagd
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
—————–EOF—————–
Logfile of random's system information tool 1.08 (written by random/random)
Run by Anjo at 2010-09-04 16:10:22
Microsoft Windows 7 Professional
System drive C: has 149 GB (63%) free of 238 GB
Total RAM: 4095 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:10:23, on 4-9-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Internetbeveiliging\Common\FSLAUNCH.EXE
C:\Users\Anjo\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Anjo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12408 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}]
Browsing Protection Class - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll [2010-09-04 570088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll [2010-09-04 570088]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2010-05-07 165208]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-10-01 98304]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"F-Secure Manager"=C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE [2009-08-05 199264]
"F-Secure TNB"=C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe [2009-08-05 2349664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168]
"DriverMax"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"DriverMax_RESTART"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"AnyDVD"=C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2010-07-27 4455360]
C:\Users\Anjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-09-04 16:10:22 —-D—- C:\rsit
2010-09-04 16:07:10 —-D—- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2010-09-04 13:53:39 —-D—- C:\Program Files (x86)\MediaMonkey
2010-09-04 12:39:31 —-A—- C:\Windows\SysWOW64\drivers\fsbts.sys
2010-09-04 12:39:01 —-A—- C:\Windows\SysWOW64\PerfStringBackup.INI
2010-09-04 12:38:35 —-D—- C:\Program Files (x86)\Internetbeveiliging
2010-09-04 12:38:08 —-D—- C:\ProgramData\fssg
2010-09-04 12:37:31 —-D—- C:\ProgramData\f-secure
2010-09-04 11:27:42 —-D—- C:\Program Files (x86)\Trend Micro
2010-09-02 15:36:29 —-D—- C:\Users\Anjo\AppData\Roaming\vlc
2010-09-02 15:06:10 —-D—- C:\ProgramData\Fighters
2010-08-25 18:57:19 —-A—- C:\Windows\SysWOW64\oleaut32.dll
2010-08-17 21:58:21 —-D—- C:\Program Files (x86)\CCleaner
2010-08-17 14:36:06 —-D—- C:\ProgramData\Symantec
2010-08-17 14:36:06 —-D—- C:\ProgramData\Norton
2010-08-17 14:36:05 —-D—- C:\ProgramData\NortonInstaller
2010-08-17 12:49:58 —-D—- C:\Program Files (x86)\AutoUnpack
2010-08-17 11:53:18 —-D—- C:\Users\Anjo\AppData\Roaming\Google
2010-08-17 11:07:20 —-D—- C:\Windows\SysWOW64\Adobe
2010-08-16 20:46:03 —-D—- C:\Program Files (x86)\Runtime Software
2010-08-11 09:20:08 —-A—- C:\Windows\SysWOW64\mshtml.dll
2010-08-11 09:20:07 —-A—- C:\Windows\SysWOW64\ieframe.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\wininet.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\urlmon.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\mstime.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\jsproxy.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\ieui.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\iepeers.dll
2010-08-11 09:20:06 —-A—- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-11 09:20:05 —-A—- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-11 09:20:04 —-A—- C:\Windows\SysWOW64\msxml3.dll
2010-08-11 09:20:04 —-A—- C:\Windows\SysWOW64\iccvid.dll
2010-08-11 09:20:00 —-A—- C:\Windows\SysWOW64\schannel.dll
2010-08-11 09:19:58 —-A—- C:\Windows\SysWOW64\ntoskrnl.exe
2010-08-11 09:19:58 —-A—- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-08-11 09:19:57 —-A—- C:\Windows\SysWOW64\rtutils.dll
2010-08-10 17:41:07 —-D—- C:\ProgramData\Adobe
2010-08-10 17:41:05 —-D—- C:\Program Files (x86)\Common Files\Adobe
2010-08-10 17:41:05 —-D—- C:\Program Files (x86)\Adobe
2010-08-10 17:40:17 —-D—- C:\ProgramData\Google
2010-08-10 17:40:17 —-D—- C:\Program Files (x86)\Google
======List of files/folders modified in the last 1 months======
2010-09-04 16:10:23 —-D—- C:\Windows\Temp
2010-09-04 16:07:50 —-D—- C:\Windows\System32
2010-09-04 16:07:11 —-SHD—- C:\Windows\Installer
2010-09-04 16:07:10 —-RD—- C:\Program Files (x86)
2010-09-04 16:07:03 —-SHD—- C:\System Volume Information
2010-09-04 16:06:37 —-D—- C:\Windows\Prefetch
2010-09-04 16:05:56 —-D—- C:\Users\Anjo\AppData\Roaming\Skype
2010-09-04 16:03:17 —-D—- C:\Windows\SysWOW64\logishrd
2010-09-04 15:32:55 —-D—- C:\Windows
2010-09-04 12:39:31 —-D—- C:\Windows\SysWOW64\drivers
2010-09-04 12:39:12 —-D—- C:\Windows\SysWOW64
2010-09-04 12:39:12 —-D—- C:\Windows\inf
2010-09-04 12:38:08 —-HD—- C:\ProgramData
2010-09-04 08:36:42 —-D—- C:\Windows\winsxs
2010-09-03 13:23:43 —-D—- C:\Users\Anjo\AppData\Roaming\UseNeXT
2010-09-02 15:59:29 —-D—- C:\Users\Anjo\AppData\Roaming\dvdcss
2010-09-02 15:32:14 —-D—- C:\Windows\Tasks
2010-09-02 15:13:42 —-D—- C:\Windows\Minidump
2010-09-02 15:05:40 —-RD—- C:\Program Files
2010-08-31 10:06:23 —-D—- C:\Windows\AppCompat
2010-08-31 10:06:23 —-D—- C:\Program Files (x86)\TomTom HOME 2
2010-08-31 10:06:23 —-D—- C:\Program Files (x86)\Common Files\logishrd
2010-08-31 10:06:11 —-D—- C:\Windows\registration
2010-08-31 10:06:01 —-D—- C:\Windows\Microsoft.NET
2010-08-31 10:05:12 —-RSD—- C:\Windows\assembly
2010-08-29 20:11:19 —-SD—- C:\Users\Anjo\AppData\Roaming\Microsoft
2010-08-29 20:06:53 —-RSD—- C:\Windows\Fonts
2010-08-26 10:22:57 —-D—- C:\Windows\AppPatch
2010-08-17 21:59:02 —-D—- C:\Windows\debug
2010-08-17 11:36:09 —-D—- C:\Windows\SysWOW64\Macromed
2010-08-17 11:07:21 —-D—- C:\Windows\Downloaded Program Files
2010-08-11 09:29:03 —-D—- C:\Windows\SysWOW64\migration
2010-08-11 09:29:03 —-D—- C:\Program Files (x86)\Internet Explorer
2010-08-11 09:21:56 —-D—- C:\ProgramData\Microsoft Help
2010-08-10 17:41:51 —-D—- C:\Users\Anjo\AppData\Roaming\Adobe
2010-08-10 17:41:05 —-D—- C:\Program Files (x86)\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys []
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys []
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-07-22 125888]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys []
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2010-09-04 190120]
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
R3 LVUVC64;Logitech Webcam Pro 9000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys []
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys []
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys []
R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe [2009-08-05 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE [2009-08-05 186976]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-05-18 935208]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files (x86)\Internetbeveiliging\FWES\Program\fsdfwd.exe [2010-09-04 844384]
S3 FSORSPClient;F-Secure ORSP Client; C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2010-09-04 58024]
S3 fsssvc;De service Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
—————–EOF—————– - Hallo Anjo, je hebt naast de F-secure Firewall en de hopelijk gede-activeerde Windows firewall nog een andere firewall aktief!
Namelijk: de NVIDIA nForce hardware firewall - dit is een buggy firewall van NVidia, welke nutteloos en overbodig is - maar wel voor conflicten kan zorgen!
Ga daarom naar [b:4acd5da861]Start\Configuratiescherm\Programma’s en onderdelen[/b:4acd5da861] en verwijder daar de NVIDIA nForce-netwerkcontroller.
Ik ben benieuwd of hiermee je probleem ook verdwenen zal zijn. - Check toch ook even je geheugen met mem86…
Ik lees nergens dat dit al gebeurd is en dit kan ook voor instabiliteit e.d. zorgen. - memtest geeft geen fouten. netwerkcontroler verwijderd.
freeses niet alleen beeld, krijg dan geen enkel respons meer ook taakbeheer wil niet opkomen als Pc echt vastzit.zal nog eens trachten te kijken of ik iets met toolCD van Mobo kan uitvogelen, mss is er een bios update nodig . hoewel ik dat liever niet doe :wink:
andere suggesties/
fsecure geeft aantal trojans die ie niet kan verwijderen omdat ie de files niet kan openen, doet een ander progsel dat mss wel/ - Hoi Anjo,
voor de onderstaande tools geldt het opstarten ervan met administratorrechten!
En dan het volgende:
gebruik nu erst het tool WhoCrashed en sla de gegevens van de scan op in kladblok!
Want het tool geeft mogelijk meer info omtrent je systeemproblemen.
WhoCrashed introductie
WhoCrashed beschrijving
Download de [i:92d1632fcf]free home edition[/i:92d1632fcf] van [b:92d1632fcf]WhoCrashed[/b:92d1632fcf] naar je bureaublad via klik hier [img:92d1632fcf]http://i65.servimg.com/u/f65/11/35/67/12/whocra10.png[/img:92d1632fcf] en installeer het tool via klikken/dubbelklikken op "[b:92d1632fcf]whocrashedSetup.exe[/b:92d1632fcf]"
Nadat 'WhoCrashed' is opgestart, klik je op de "[b:92d1632fcf]Analyze[/b:92d1632fcf]" knop.
Selekteer nu de inhoud van het venster, kopieer dit en post het resultaat in je volgende post.
[b:92d1632fcf]Download, installeer en blijf MBAM gebruiken[/b:92d1632fcf] (KLIK)
(klik op de blaue knop om de gratis versie te downloaden!)
[list:92d1632fcf][*:92d1632fcf] Al meteen na de installatie wil [b:92d1632fcf]MBAM[/b:92d1632fcf] zijn database opwaarderen – toestaan dus.
[*:92d1632fcf] Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:92d1632fcf]Update[/b:92d1632fcf]!
[*:92d1632fcf] Start [b:92d1632fcf]MBAM[/b:92d1632fcf] en kies voor [b:92d1632fcf]Snelle Scan[/b:92d1632fcf]
[*:92d1632fcf] [b:92d1632fcf]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:92d1632fcf]
[*:92d1632fcf] Het scannen kan een tijdje duren, dus wees geduldig.
[*:92d1632fcf] Indien de scan voltooid is, klik dan op de knop [b:92d1632fcf]OK[/b:92d1632fcf]
[*:92d1632fcf] Klik daarna op de knop [b:92d1632fcf]Bekijk Resultaten[/b:92d1632fcf] om de resultaten te zien.
[*:92d1632fcf] Zorg ervoor, dat alles aangevinkt is.
[*:92d1632fcf] Vervolgens klik je op: [b:92d1632fcf]Verwijder geselecteerde[/b:92d1632fcf] .
[*:92d1632fcf] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[*:92d1632fcf] Het log wordt automatisch bewaard door [b:92d1632fcf]MBAM[/b:92d1632fcf] en dat kan je terugvinden door op de tab [b:92d1632fcf]Logs[/b:92d1632fcf] te klikken in [b:92d1632fcf]MBAM[/b:92d1632fcf] .
[*:92d1632fcf] Indien [b:92d1632fcf]MBAM[/b:92d1632fcf] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:92d1632fcf]OK[/b:92d1632fcf] klikken!
[*:92d1632fcf] Daarna zal [b:92d1632fcf]MBAM[/b:92d1632fcf] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:92d1632fcf]
Hierna post je de inhoud van het MBAM-log en de gegevens van WhoCrashed - :?
Mag ik de heren bedanken voor de moeite en t meedenken.
Ben ermee gestopt om alles uit te vogelen.
Bij controle via taakbeheer bleek mn processor echt continu op 100% te staan.
Ben aan een herinstallatie begonnen.
THNXX anjo - Oké - succes ermee!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden