patrickngstar

Goedemiddag, Betekent dit dat het virus nu volledig is verwijderd van mijn laptop? hier is de log van MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6208 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18999 30-3-2011 13:30:35 mbam-log-2011-03-30 (13-30-35).txt Scantype: Snelle scan Objecten gescand: 151008 Verstreken tijd: 6 minuut/minuten, 5 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 127 Registerwaarden geïnfecteerd: 5 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 22 Bestanden geïnfecteerd: 34 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: c:\Users\patrickngstar\AppData\Local\uprevbs0.dll (Trojan.Hiloti.Gen) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mzibirazoh (Trojan.Hiloti.Gen) -> Value: Mzibirazoh -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.497.0 (Adware.HotBar) -> Value: ShopperReports 3.0.497.0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790570B1765A5A31AF99 (Malware.Trace) -> Value: SRS_IT_E8790570B1765A5A31AF99 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\Users\patrickngstar\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Delete on reboot. c:\programdata\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\Users\patrickngstar\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot. c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.530.0 (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\Users\patrickngstar\AppData\Local\uprevbs0.dll (Trojan.Hiloti.Gen) -> Delete on reboot. c:\program files\shopperreports3\bin\3.0.497.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\Users\patrickngstar\AppData\Local\Temp\3CC7.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\patrickngstar\AppData\Local\Temp\orsxmncwae.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. c:\users\patrickngstar\appdata\local\temp\err.log12356589 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. c:\Users\patrickngstar\local settings\application data\uprevbs0.dll (Trojan.Hiloti.Gen) -> Delete on reboot. c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\queryexplorer\uninstall.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. Hier is de log van HijackThis: Logfile of random's system information tool 1.08 (written by random/random) Run by Patrickngstar at 2011-03-30 13:43:19 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 94 GB (61%) free of 153 GB Total RAM: 3036 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:43:24, on 30-3-2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TECO\TEco.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files\Toshiba TEMPRO\TemproTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Norton Utilities 14\RMTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Patrickngstar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ44CT0F\RSIT[1].exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Program Files\trend micro\Patrickngstar.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe" O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe /H O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Mzibirazoh] rundll32.exe "C:\Users\Patrickngstar\AppData\Local\uprevbs0.dll",Startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay, de wereldwijde online handelsplaats (file missing) O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.co.uk: Low Prices in Electronics, Books, Sports Equipment & more (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD/SSD-waarschuwingsservice (TOSHIBA HDD SSD Alert Service) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- End of file - 13672 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-27 298160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-02-27 848952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-27 298160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-30 7289376] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2007-04-16 421888] "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2008-11-21 438272] "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [2009-04-23 1011712] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-12 30192] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-21 61440] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-03-06 468320] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 55160] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-03-31 503808] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-03-23 729088] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304] "SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-03-24 163840] "Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-04-24 1323008] "ToshibaServiceStation"=C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-04-01 1283384] "TPCHWMsg"=C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [2009-04-15 570736] "NDSTray.exe"=C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-05-12 299008] "cfFncEnabler.exe"=C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [2009-03-24 16384] "TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-04-16 2513472] "Toshiba TEMPRO"=C:\Program Files\Toshiba TEMPRO\TemproTray.exe [2009-03-23 1045904] "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2009-03-04 96144] "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624] "Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-03-16 6158240] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-07-03 135680] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-03-09 247728] "NortonUtilities"=C:\Program Files\Norton Utilities 14\RMTray.exe [2009-09-14 279912] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "Mzibirazoh"= C:\Users\Patrickngstar\AppData\Local\uprevbs0.dll,Startup [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktopChanges"=0 "NoSetActiveDesktop"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktopChanges"=0 "NoSetActiveDesktop"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-03-30 13:22:14 ----D---- C:\Users\Patrickngstar\AppData\Roaming\Malwarebytes 2011-03-30 13:22:08 ----D---- C:\ProgramData\Malwarebytes 2011-03-30 13:22:08 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-03-30 13:22:05 ----A---- C:\Windows\system32\drivers\mbam.sys 2011-03-30 13:22:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-03-30 12:25:01 ----D---- C:\rsit 2011-03-30 01:13:32 ----D---- C:\Program Files\Trend Micro 2011-03-29 22:59:31 ----D---- C:\Users\Patrickngstar\AppData\Roaming\E3876F9156163D3752A416EF9E80E3E7 ======List of files/folders modified in the last 1 months====== 2011-03-30 13:43:22 ----D---- C:\Windows\Temp 2011-03-30 13:40:28 ----D---- C:\Windows\System32 2011-03-30 13:40:28 ----D---- C:\Windows\inf 2011-03-30 13:40:28 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-03-30 13:32:44 ----D---- C:\Windows\system32\drivers 2011-03-30 13:32:44 ----D---- C:\Windows\Sun 2011-03-30 13:30:35 ----RD---- C:\Program Files 2011-03-30 13:30:29 ----HD---- C:\ProgramData 2011-03-30 01:13:34 ----SHD---- C:\Windows\Installer 2011-03-30 01:13:33 ----SD---- C:\Users\Patrickngstar\AppData\Roaming\Microsoft 2011-03-30 01:13:17 ----SHD---- C:\System Volume Information 2011-03-29 23:55:20 ----D---- C:\Windows\system32\wbem 2011-03-29 23:55:20 ----D---- C:\Windows 2011-03-29 23:51:44 ----D---- C:\Windows\Tasks 2011-03-29 23:51:44 ----D---- C:\Program Files\TomTom HOME 2 2011-03-29 23:51:44 ----D---- C:\Program Files\Spotify 2011-03-29 23:51:44 ----D---- C:\Program Files\Microsoft Works 2011-03-29 23:51:43 ----D---- C:\Windows\system32\spool 2011-03-29 23:51:43 ----D---- C:\Windows\system32\CodeIntegrity 2011-03-29 23:51:43 ----D---- C:\Windows\system32\catroot2 2011-03-29 23:51:41 ----D---- C:\Windows\registration 2011-03-29 23:11:05 ----D---- C:\Windows\system32\Tasks 2011-03-29 22:59:25 ----D---- C:\Users\Patrickngstar\AppData\Roaming\Adobe 2011-03-29 22:29:39 ----D---- C:\Users\Patrickngstar\AppData\Roaming\Spotify 2011-03-27 21:43:42 ----D---- C:\Windows\Prefetch 2011-03-20 14:35:36 ----D---- C:\Users\Patrickngstar\AppData\Roaming\Skype 2011-03-20 14:29:50 ----D---- C:\Users\Patrickngstar\AppData\Roaming\skypePM 2011-03-19 20:06:53 ----D---- C:\ProgramData\CanonIJPLM 2011-03-02 20:42:18 ----D---- C:\Program Files\LimeWire 2011-03-02 20:40:31 ----D---- C:\Users\Patrickngstar\AppData\Roaming\LimeWire ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-11 329752] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2008-05-07 25896] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-23 43872] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320] R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2009-01-27 279376] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640] R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632] R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-05-26 371248] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110325.002\IDSvix86.sys [2011-03-14 353912] R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS [2009-08-22 308272] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS [2009-08-22 43696] R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648] R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS [2009-08-22 217136] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-03-20 12920] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-04-21 4491264] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-30 2350624] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110329.040\NAVENG.SYS [2011-02-15 86008] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110329.040\NAVEX15.SYS [2011-02-15 1360760] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-03-18 22272] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-11-11 154272] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-04-24 163840] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-11 124976] R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS [2009-08-22 89904] R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2007-12-14 24200] R3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-04-21 176128] R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 camsvc;TOSHIBA Web Camera Service; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528] R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [2009-03-23 116104] R2 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776] R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2009-03-30 83312] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-03-06 464224] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-04-24 176128] R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD/SSD-waarschuwingsservice; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728] R2 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 656752] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-28 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-12 30192] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 182768] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- Alvast bedankt Groeten Patrick

Goedenmiddag, hartelijk dank voor het antwoord. Hieronder de inhoud van "log.txt" en daaronder de "info.txt." Is dat wat u bedoelt? Met vriendelijke groeten Pat Logfile of random's system information tool 1.08 (written by random/random) Run by Patrickngstar at 2011-03-30 12:25:02 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 93 GB (61%) free of 153 GB Total RAM: 3036 MB (54% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:25:10, on 30-3-2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TECO\TEco.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files\Toshiba TEMPRO\TemproTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Norton Utilities 14\RMTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Patrickngstar\AppData\Roaming\E3876F9156163D3752A416EF9E80E3E7\satdll70snn.exe C:\Windows\System32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Patrickngstar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5V7ZH05\RSIT[1].exe C:\Program Files\trend micro\Patrickngstar.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.497.0\ShopperReports.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe" O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe /H O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [satdll70snn.exe] C:\Users\Patrickngstar\AppData\Roaming\E3876F9156163D3752A416EF9E80E3E7\satdll70snn.exe O4 - HKCU\..\Run: [Mzibirazoh] rundll32.exe "C:\Users\Patrickngstar\AppData\Local\uprevbs0.dll",Startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Antimalware Doctor.lnk = C:\Users\Patrickngstar\AppData\Roaming\E3876F9156163D3752A416EF9E80E3E7\satdll70snn.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay, de wereldwijde online handelsplaats (file missing) O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.co.uk: Low Prices in Electronics, Books, Sports Equipment & more (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - (no file) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.497.0\ShopperReports.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.497.0\ShopperReports.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD/SSD-waarschuwingsservice (TOSHIBA HDD SSD Alert Service) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- End of file - 14638 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47fd-81F3-EE91287F9465}] ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.497.0\ShopperReports.dll [2010-09-29 1119744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-27 298160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-02-27 848952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-27 298160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-30 7289376] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2007-04-16 421888] "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2008-11-21 438272] "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [2009-04-23 1011712] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-12 30192] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-21 61440] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-03-06 468320] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 55160] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-03-31 503808] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-03-23 729088] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304] "SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-03-24 163840] "Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-04-24 1323008] "ToshibaServiceStation"=C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-04-01 1283384] "TPCHWMsg"=C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [2009-04-15 570736] "NDSTray.exe"=C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-05-12 299008] "cfFncEnabler.exe"=C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [2009-03-24 16384] "TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-04-16 2513472] "Toshiba TEMPRO"=C:\Program Files\Toshiba TEMPRO\TemproTray.exe [2009-03-23 1045904] "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2009-03-04 96144] "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-03-16 6158240] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-07-03 135680] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-03-09 247728] "NortonUtilities"=C:\Program Files\Norton Utilities 14\RMTray.exe [2009-09-14 279912] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "satdll70snn.exe"=C:\Users\Patrickngstar\AppData\Roaming\E3876F9156163D3752A416EF9E80E3E7\satdll70snn.exe [2011-03-29 1041920] "Mzibirazoh"= C:\Users\Patrickngstar\AppData\Local\uprevbs0.dll,Startup [] C:\Users\Patrickngstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Antimalware Doctor.lnk - C:\Users\Patrickngstar\AppData\Roaming\E3876F9156163D3752A416EF9E80E3E7\satdll70snn.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktopChanges"=0 "NoSetActiveDesktop"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktopChanges"=0 "NoSetActiveDesktop"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-03-30 12:25:01 ----D---- C:\rsit 2011-03-30 01:13:32 ----D---- C:\Program Files\Trend Micro 2011-03-29 22:59:31 ----D---- C:\Users\Patrickngstar\AppData\Roaming\E3876F9156163D3752A416EF9E80E3E7 ======List of files/folders modified in the last 1 months====== 2011-03-30 12:25:04 ----D---- C:\Windows\Temp 2011-03-30 01:13:34 ----SHD---- C:\Windows\Installer 2011-03-30 01:13:33 ----SD---- C:\Users\Patrickngstar\AppData\Roaming\Microsoft 2011-03-30 01:13:32 ----RD---- C:\Program Files 2011-03-30 01:13:17 ----SHD---- C:\System Volume Information 2011-03-30 00:03:16 ----D---- C:\Windows\System32 2011-03-30 00:03:16 ----D---- C:\Windows\inf 2011-03-30 00:03:16 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-03-29 23:55:20 ----D---- C:\Windows\system32\wbem 2011-03-29 23:55:20 ----D---- C:\Windows 2011-03-29 23:51:44 ----D---- C:\Windows\Tasks 2011-03-29 23:51:44 ----D---- C:\Program Files\TomTom HOME 2 2011-03-29 23:51:44 ----D---- C:\Program Files\Spotify 2011-03-29 23:51:44 ----D---- C:\Program Files\Microsoft Works 2011-03-29 23:51:43 ----D---- C:\Windows\system32\spool 2011-03-29 23:51:43 ----D---- C:\Windows\system32\CodeIntegrity 2011-03-29 23:51:43 ----D---- C:\Windows\system32\catroot2 2011-03-29 23:51:41 ----D---- C:\Windows\registration 2011-03-29 23:11:05 ----D---- C:\Windows\system32\Tasks 2011-03-29 22:59:25 ----D---- C:\Users\Patrickngstar\AppData\Roaming\Adobe 2011-03-29 22:29:39 ----D---- C:\Users\Patrickngstar\AppData\Roaming\Spotify 2011-03-27 21:43:42 ----D---- C:\Windows\Prefetch 2011-03-20 14:35:36 ----D---- C:\Users\Patrickngstar\AppData\Roaming\Skype 2011-03-20 14:29:50 ----D---- C:\Users\Patrickngstar\AppData\Roaming\skypePM 2011-03-19 20:06:53 ----D---- C:\ProgramData\CanonIJPLM 2011-03-02 20:42:18 ----D---- C:\Program Files\LimeWire 2011-03-02 20:40:31 ----D---- C:\Users\Patrickngstar\AppData\Roaming\LimeWire ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-11 329752] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2008-05-07 25896] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-23 43872] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320] R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2009-01-27 279376] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640] R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632] R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-05-26 371248] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110325.002\IDSvix86.sys [2011-03-14 353912] R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS [2009-08-22 308272] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS [2009-08-22 43696] R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648] R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS [2009-08-22 217136] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-03-20 12920] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-04-21 4491264] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-30 2350624] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110329.005\NAVENG.SYS [2011-02-15 86008] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110329.005\NAVEX15.SYS [2011-02-15 1360760] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-03-18 22272] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-11-11 154272] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-04-24 163840] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-11 124976] R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS [2009-08-22 89904] R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2007-12-14 24200] R3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-04-21 176128] R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 camsvc;TOSHIBA Web Camera Service; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528] R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [2009-03-23 116104] R2 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776] R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2009-03-30 83312] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-03-06 464224] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-04-24 176128] R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD/SSD-waarschuwingsservice; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728] R2 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 656752] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-28 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-12 30192] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 182768] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2011-03-30 12:25:12 ======Uninstall list====== -->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Reader 9 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A90000000001} Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E} Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A} Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1} Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8} Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini Canon MP520 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series /L0x0013 Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini Catalyst Control Center - Branding-->MsiExec.exe /I{3D0DC563-4C99-4AB1-8C22-514940666938} Chinese Simplified Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-900000000003} Compatibiliteitspakket voor het 2007 Microsoft Office system-->MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE} Gebruikersregistratie voor Canon MP520 series-->C:\Program Files\Canon\IJEREG\MP520 series\UNINST.EXE Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_C8CBFED7F00D3A8C.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503} Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (Dutch)-->MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{5158F1F5-FA1B-4D49-B546-55A5004B89BD} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} myphotobook 3.65-->C:\Program Files\myphotobook\uninst.exe Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.8.0.41\InstStub.exe /X Norton Utilities-->"C:\Program Files\Norton Utilities 14\unins000.exe" /Log Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R PlayReady PC runtime-->MsiExec.exe /X{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16} QueryExplorer 1.0 build 119-->C:\Program Files\QueryExplorer\uninstall.exe QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D} Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0013 -removeonly ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65} Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263} Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16} Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} ShopperReports-->"C:\Program Files\ShopperReports3\bin\3.0.497.0\ShopperReportsUninstaller.exe" Web Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Spotify-->"C:\Program Files\Spotify\uninstall.exe" SPSS Statistics 17.0-->MsiExec.exe /X{46B65150-F8AA-42F2-94FB-2729A8AE5F7E} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP TomTom HOME 2.8.1.2218-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA ConfigFree-->MsiExec.exe /X{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0013 -ADDREMOVE -removeonly TOSHIBA eco Utility-->C:\Program Files\InstallShield Installation Information\{53536479-DFB0-47ED-9D10-43F3708C222D}\setup.exe -runfromtemp -l0x0413 TOSHIBA eco Utility-->C:\Program Files\InstallShield Installation Information\{53536479-DFB0-47ED-9D10-43F3708C222D}\setup.exe -runfromtemp -l0x0413 TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0413 TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0413 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /X{C730E42C-935A-45BB-A0C5-37E5234D111B} TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1043 TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1043 TOSHIBA HDD/SSD-waarschuwing-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0413 TOSHIBA HDD/SSD-waarschuwing-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0413 Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} TOSHIBA Recovery Disk Creator Reminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0413 TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7} TOSHIBA Service Station-->C:\Program Files\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1043 TOSHIBA Supervisorwachtwoord-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1043 Toshiba TEMPRO-->MsiExec.exe /X{7C30283C-8DC7-4FBB-805E-52BEA5F580E8} TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->C:\Program Files\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0013 -removeonly TOSHIBA-handleidingen-->C:\Program Files\InstallShield Installation Information\{8A8EECC0-FECF-42BF-B414-D8E2F884E5AF}\setup.exe -runfromtemp -l0x0013 -removeonly TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0413 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe VoiceOver Kit-->MsiExec.exe /I{FB26A501-6BA6-459B-89AA-9736730752FB} Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174} Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F} Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe" ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: patrickngstar77 Event Code: 10029 Message: DCOM heeft de service gusvc met argumenten "" gestart om de server te kunnen uitvoeren: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} Record Number: 274760 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20110330102215.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 7036 Message: De Google Software Updater-service heeft nu de status wordt uitgevoerd. Record Number: 274761 Source Name: Service Control Manager Time Written: 20110330102215.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 7036 Message: De Windows Update-service heeft nu de status wordt uitgevoerd. Record Number: 274762 Source Name: Service Control Manager Time Written: 20110330102222.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 7036 Message: De Google Updateservice (gupdate)-service heeft nu de status gestopt. Record Number: 274763 Source Name: Service Control Manager Time Written: 20110330102243.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 7036 Message: De Google Software Updater-service heeft nu de status gestopt. Record Number: 274764 Source Name: Service Control Manager Time Written: 20110330102315.000000-000 Event Type: Informatie User: =====Application event log===== Computer Name: patrickngstar77 Event Code: 0 Message: [7f29dc5d-6ab4-42ef-bb09-4e9c298ceaff] BIOS version dependency met? True Record Number: 84745 Source Name: TOSHIBA-servicestation Time Written: 20110330102203.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 0 Message: Record Number: 84746 Source Name: gupdate Time Written: 20110330102207.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 1 Message: De Windows Security Center-service is gestart. Record Number: 84747 Source Name: SecurityCenter Time Written: 20110330102209.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 0 Message: Record Number: 84748 Source Name: gusvc Time Written: 20110330102215.000000-000 Event Type: Informatie User: Computer Name: patrickngstar77 Event Code: 0 Message: Record Number: 84749 Source Name: gupdate Time Written: 20110330102243.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: patrickngstar77 Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PATRICKNGSTAR77$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2fc Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 74449 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110330102004.635551-000 Event Type: Controle geslaagd User: Computer Name: patrickngstar77 Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 74450 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110330102004.635551-000 Event Type: Controle geslaagd User: Computer Name: patrickngstar77 Event Code: 4648 Message: Poging tot aanmelden met expliciete referenties. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PATRICKNGSTAR77$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Account waarvan de referenties zijn gebruikt: Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Doelserver: Naam van doelserver: localhost Aanvullende gegevens: localhost Procesgegevens: Proces-id: 0x2fc Procesnaam: C:\Windows\System32\services.exe Netwerkgegevens: Netwerkadres: - Poort: - Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als. Record Number: 74451 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110330102004.682351-000 Event Type: Controle geslaagd User: Computer Name: patrickngstar77 Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PATRICKNGSTAR77$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2fc Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 74452 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110330102004.682351-000 Event Type: Controle geslaagd User: Computer Name: patrickngstar77 Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 74453 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110330102004.682351-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "asl.log"=Destination=file;OnFirstLog=command,environment "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

Hallo iedereen Ik heb dus ook de antimalware doctor op mijn laptop en ik had de eerste stappen van het installeren van HijackThis op mijn laptop geinstalleerd. Echter bij het scannen geeft de computer het volgende aan: "for some reason your denied write access to the host file, if any hijacked domains are in this file, hijackthis may not be able to fix this." (en dan volgen er verschillende stappen, het is een best lang bericht dus ik zal het niet tot het einde typen). Ik click op "ok" en dan komt toch een hele reeks van items te voorschijn, maar er komt geen kladblok met hjt log waarvan ik alles kan copieren. Alleen maar een venster met een lijst van alle items die ik kan aanvinken, maar die zeer lange lijst kan ik niet copieren en pasten hier op het log. Wat moet ik nu doen? Ik hoop dat jullie mij kunnen helpen. vriendelijke groeten Pat