Poeki

Fijn dat jij even kijkt, Xeno. Hoe de specialist noemt maakt inderdaad weinig uit. Zoals ik al zei is deze laptop off-line en hebben we de anti-virus eraf gesmeten. Kan ik hem er zomaar terug inpluggen en je programma downloaden en laten runnen?

Das chinees voor mij, maar als het er goed ziet volgens jou ben ik blij.

Hoi Kape, Kun je even de HJT van onze oude laptop bekijken. Die gebruiken we niet meer on-line. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:09:00, on 12/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FF - Powered by UBB.threads™ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/defaults/activex/IPSUploader.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 5360 bytes Met dank.

Flashdesinfector uitgevoerd maar dit duurde maar heel kort en de computer heeft zichzelf niet terug afgesloten en opgestart. Mountpoints Diagnostics uitgevoerd maar...ik denk niet met het goede resultaat: Diagnostic Report ma 12/05/2008 17:24:31,34 Mountpoints > Drives subkeys: ------------------------------------ No Autorun files found in C:\Windows No Autorun files found in C:\Windows\system32 C:\autorun.inf **folder** found Files in C:\autorun.inf lpt3.This folder was created by Flash_Disinfector No Autorun files found in root of D: E:\autorun.inf **folder** found Files in E:\autorun.inf lpt3.This folder was created by Flash_Disinfector F:\autorun.inf **folder** found Files in F:\autorun.inf lpt3.This folder was created by Flash_Disinfector Zie ook printscreen icoontjes want mountpoints staat er 2 keer in. Of moet ik de .zip zelf verwijderen. Panda-activescan: ik kan geen snelkoppelig maken naar bureaublad. Ik had de lange scan gekozen maar per ongeluk weggeklikt, nu de korte scan gedaan om te zien of dit het resultaat was dat je moest hebben. Ik heb wat printscreens genomen zodat je kan zien wat er niet in orde is. Mijn virusscanner geeft aan dat er geen malware gevonden is. Alvast bedankt.

Oei, hier schrik ik van. Ik gebruik mijn USB-stick thuis en op het werk. Ook mijn man gebruikt een USB-stick om kantoorwerk thuis verder te maken. Hoe zit dat met de pc's op het werk dan, daar hebben wij geen impact op. Ik ga jouw tool maar eens downloaden dan. Alvast bedankt.

Ik heb wat gegoogeld op combofix en heb mijn fout gevonden bij het downloaden. Ipv opslaan heb ik voor uitvoeren gekozen en lukte het dus niet. Hier mijn log: ComboFix 08-05-11.1 - Karin 2008-05-12 12:09:46.1 - NTFSx86 Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1043.18.889 [GMT 2:00] Gestart vanuit: C:\Users\Karin\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 09:23 --------- d-----w C:\Users\Karin\AppData\Roaming\WTablet 2008-05-11 18:38 27,335 ----a-w C:\Users\Karin\AppData\Roaming\nvModes.dat 2008-05-11 15:12 27,430 ----a-w C:\Users\Werner\AppData\Roaming\nvModes.dat 2008-05-11 08:47 27,335 ----a-w C:\Users\Jonas\AppData\Roaming\nvModes.dat 2008-05-08 17:55 --------- d-----w C:\Program Files\Trend Micro 2008-05-02 19:29 --------- d-----w C:\Users\Karin\AppData\Roaming\gtk-2.0 2008-05-02 10:03 --------- d-----w C:\Program Files\QuickTime 2008-04-25 11:36 --------- d-----w C:\Users\Werner\AppData\Roaming\WTablet 2008-04-23 11:59 --------- d-----w C:\Users\Jonas\AppData\Roaming\WTablet 2008-04-23 11:14 --------- d-----w C:\Users\Evi\AppData\Roaming\WTablet 2008-04-21 15:27 --------- d-----w C:\ProgramData\AppData 2008-04-21 15:25 --------- d-----w C:\Program Files\Tablet 2008-04-10 20:14 --------- d-----w C:\Program Files\Windows Mail 2008-04-10 17:59 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-07 18:23 --------- d-----w C:\Program Files\Network Stumbler 2008-04-05 18:22 --------- d-----w C:\Users\Karin\AppData\Roaming\GetRightToGo 2008-04-04 19:20 27,145 ----a-w C:\Users\Evi\AppData\Roaming\nvModes.dat 2008-03-31 19:03 --------- d-----w C:\Program Files\GIMP-2.0 2008-03-30 12:38 --------- d-----w C:\Users\Karin\AppData\Roaming\F-Secure 2008-03-20 08:27 --------- d-----w C:\Program Files\Telemeter 3.0 2008-03-18 19:02 --------- d-----w C:\Program Files\Anark 2008-03-17 16:32 --------- d-----w C:\Program Files\Telenet Internet Security Pack 2008-03-17 13:12 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys 2008-03-16 22:18 --------- d-----w C:\Program Files\Java 2008-03-16 12:16 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-15 13:37 --------- d-----w C:\Program Files\Google 2008-03-12 18:45 --------- d-----w C:\Program Files\Microsoft Games 2008-03-05 10:33 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe 2008-03-01 20:55 9,728 ----a-w C:\Windows\System32\rnaph.dll 2008-03-01 19:28 174 --sha-w C:\Program Files\desktop.ini 2008-03-01 19:08 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-03-01 19:08 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2008-03-01 19:08 542,720 ----a-w C:\Windows\System32\sysmain.dll 2008-03-01 19:08 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2008-03-01 19:08 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2008-03-01 19:08 297,984 ----a-w C:\Windows\System32\wlansec.dll 2008-03-01 19:08 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2008-03-01 19:08 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2008-03-01 19:08 2,923,520 ----a-w C:\Windows\explorer.exe 2008-03-01 19:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-03-01 19:04 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-03-01 19:03 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2008-03-01 19:03 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2008-03-01 19:03 7,680 ----a-w C:\Windows\System32\spwmp.dll 2008-03-01 19:03 61,952 ----a-w C:\Windows\System32\cmifw.dll 2008-03-01 19:03 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2008-03-01 19:03 396,800 ----a-w C:\Windows\System32\MPSSVC.dll 2008-03-01 19:03 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll 2008-03-01 19:03 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2008-03-01 19:03 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll 2008-03-01 19:03 16,896 ----a-w C:\Windows\System32\wfapigp.dll 2008-03-01 19:02 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-03-01 19:02 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-03-01 19:02 2,048 ----a-w C:\Windows\System32\msxml3r.dll 2008-03-01 19:02 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2008-03-01 19:01 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-03-01 19:01 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-03-01 19:01 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-03-01 19:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-03-01 19:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-03-01 19:00 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-03-01 19:00 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-03-01 18:59 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2008-03-01 18:59 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2008-03-01 18:59 39,936 ----a-w C:\Windows\System32\slcinst.dll 2008-03-01 18:59 351,232 ----a-w C:\Windows\System32\SLUI.exe 2008-03-01 18:59 33,280 ----a-w C:\Windows\System32\slwmi.dll 2008-03-01 18:59 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2008-03-01 18:59 223,232 ----a-w C:\Windows\System32\SLC.dll 2008-03-01 18:59 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2008-03-01 18:59 2,048 ----a-w C:\Windows\System32\msxml6r.dll 2008-03-01 18:59 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2008-03-01 18:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll 2008-03-01 18:57 84,480 ----a-w C:\Windows\System32\INETRES.dll 2008-03-01 18:57 737,792 ----a-w C:\Windows\System32\inetcomm.dll 2008-03-01 18:56 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-03-01 18:55 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2008-03-01 18:55 5,120 ----a-w C:\Windows\System32\wmi.dll 2008-03-01 18:55 152,576 ----a-w C:\Windows\System32\imagehlp.dll 2008-03-01 18:54 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-03-01 18:52 750,080 ----a-w C:\Windows\System32\qmgr.dll 2008-03-01 18:32 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2008-03-01 18:32 43,352 ----a-w C:\Windows\System32\wups2.dll 2008-03-01 18:32 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2008-03-01 18:32 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2008-03-01 18:31 80,896 ----a-w C:\Windows\System32\wudriver.dll 2008-03-01 18:31 549,720 ----a-w C:\Windows\System32\wuapi.dll 2008-03-01 18:31 33,624 ----a-w C:\Windows\System32\wups.dll 2008-03-01 18:31 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-03-01 18:31 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-01 20:56 1232896] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-10 09:27 1006264] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 15:14 1183744] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-25 14:07 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-25 14:07 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-25 14:07 81920] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 08:38 331552] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 16:17 163840] "HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-04-10 15:10 404248] "F-Secure Manager"="C:\Program Files\Telenet Internet Security Pack\Common\FSM32.exe" [2007-04-26 19:12 183208] "F-Secure TNB"="C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-16 00:38 1441792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664] DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-03-01 16:51:59 192512] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-05 12:33:53 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-05 12:30:52 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] DeviceNP.dll 2007-04-30 08:19 49152 C:\Windows\System32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{EE2A9B72-AA55-4424-BD74-D4EBDDEE1753}"= Disabled:TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{0889157A-4394-48DD-B184-50E6C2749C2B}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{3F175808-04BE-470E-AF61-8DFE9A9AA027}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{18E28346-957C-434E-A82B-2D06BBA380D4}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{8507D402-0A78-4764-AB94-D873A7FE5B7F}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DisabledInterfaces"= {534A7331-A961-4B23-A1B7-8AE91C9294B8},{23C237F1-2A19-4FBC-AE27-B3F0BF3D571A},{CD33A406-9181-4C1F-A6BD-CCF7B06D5EF2} [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Telenet Internet Security Pack\HIPS\fshs.sys [2008-03-01 22:12] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-04-26 19:08] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-03-17 15:12] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\minifilter\fsvista.sys [2007-04-26 19:07] R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 08:44] R2 atchksrv;Intel® Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-04-10 15:10] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 04:00] R2 LMS;Intel® Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-04-10 15:10] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38] R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-09-07 11:16] R2 UNS;Intel® Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-04-10 15:10] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-16 03:00] R3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 12:42] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 12:42] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 12:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07] R3 rismc32;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismc32.sys [2006-12-20 03:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-01 15:52] S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-04-23 13:13] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\system32\flcdlock.exe [2007-04-30 08:28] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 12:17:43 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-05-12 12:19:37 ComboFix-quarantined-files.txt 2008-05-12 10:19:14 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. 226 --- E O F --- 2008-05-09 15:21:39

Deze is gelukt: Deckard's System Scanner v20071014.68 Run by Karin on 2008-05-11 20:42:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 19: 2008-05-09 15:20:25 UTC - RP175 - Windows Update 18: 2008-05-07 08:41:51 UTC - RP174 - Windows Update 17: 2008-05-01 23:36:13 UTC - RP173 - Windows Update 16: 2008-05-01 10:15:02 UTC - RP172 - Gepland herstelpunt 15: 2008-04-29 18:19:53 UTC - RP171 - Windows Update -- First Restore Point -- 1: 2008-04-03 11:10:46 UTC - RP157 - Gepland herstelpunt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Karin.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:46:18, on 11/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Windows\System32\rundll32.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE C:\Program Files\Telemeter 3.0\Telemeter3.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNKG7B3A\dss[1].exe C:\Windows\system32\conime.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Karin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita Home R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe" O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3094490406-721571454-70943857-1005\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Jonas') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11380 bytes -- File Associations ----------------------------------------------------------- Er was ook nog een extra.txt-Kladblok: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Business (build 6000) Architecture: X86; Language: Dutch CPU 0: Intel® Core2 Duo CPU T7500 @ 2.20GHz Percentage of Memory in Use: 49% Physical Memory (total/avail): 2014.69 MiB / 1025.49 MiB Pagefile Memory (total/avail): 4264.42 MiB / 2758.31 MiB Virtual Memory (total/avail): 2047.88 MiB / 1892.21 MiB C: is Fixed (NTFS) - 140.9 GiB total, 98.96 GiB free. D: is CDROM (CDFS) E: is Fixed (NTFS) - 1.55 GiB total, 1.12 GiB free. F: is Fixed (NTFS) - 6.59 GiB total, 0.56 GiB free. \\.\PHYSICALDRIVE0 - Hitachi HTS542516K9SA00 ATA Device - 149.05 GiB - 3 partitions \PARTITION0 (bootable) - Installable File System - 140.9 GiB - C: \PARTITION1 - Installable File System - 6.59 GiB - F: \PARTITION2 - Installable File System - 1588 MiB - E: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Telenet Internet Security Pack 7.00 v7.00 (F-Secure Corporation) AV: Telenet Internet Security Pack 7.00 v7.00 (F-Secure Corporation) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) AS: Telenet Internet Security Pack 7.00 v7.00 (F-Secure Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Karin\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC_VAN_WERNER ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Karin LOCALAPPDATA=C:\Users\Karin\AppData\Local LOGONSERVER=\\PC_VAN_WERNER NUMBER_OF_PROCESSORS=2 OnlineServices=Online Services OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PLATFORM=BNB PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Karin\AppData\Local\Temp TMP=C:\Users\Karin\AppData\Local\Temp USERDOMAIN=PC_van_Werner USERNAME=Karin USERPROFILE=C:\Users\Karin windir=C:\Windows -- User Profiles --------------------------------------------------------------- Werner Karin Jonas Evi -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" --> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter" --> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly --> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Anark Client 4 --> C:\Program Files\Anark\Anark Client 4\AMInstal.exe -uninstall Application Installer 4.00.B13 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x13 BIOS Configuration for HP ProtectTools --> MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1} CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE} Device Access Manager for HP ProtectTools --> MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B} ESU for Microsoft Vista --> MsiExec.exe /I{A171503D-350F-4A65-941D-6786B33C2E7D} GIMP 2.4.5 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP 3D DriveGuard --> MsiExec.exe /X{8F621B32-1A5E-488C-8B36-F05CABD9264E} HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409 HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68} HP Backup & Recovery Manager Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x13 -uninst -removeonly HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9 HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe" -l0x9 -removeonly HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636} HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 --> MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} HP Notebook Accessories Product Tour --> MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F} HP ProtectTools Security Manager --> MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357} HP Quick Launch Buttons 6.20 F2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0013 -removeonly uninst HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5} HP User Guides 0074 --> MsiExec.exe /I{DD42CAE3-FADD-4B36-95B1-E1CB75BCD364} Intel® Active Management Technology Device Software --> C:\Windows\system32\mesoludlg.exe -uninstall Intel® Management Engine Interface --> C:\Windows\system32\heciudlg.exe -uninstall Intel® PRO Network Connections Drivers --> Prounstl.exe InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x13 UNINSTALL Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0013 -removeonly Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 Dutch Language Pack --> MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF} Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (Dutch) --> MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE} Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE} Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} MSCU for Microsoft Vista --> MsiExec.exe /I{54B5F150-A6E9-412D-962B-D9B1FCB0AB07} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI PDF Complete --> C:\Program Files\PDF Complete\pdfiutil.exe /UGUI Pen Tablet --> C:\Program Files\Tablet\Pen\Remove.exe /u QuickTime --> C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z\UIU32m.exe -U -IhpZ1379z.inf Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0013 -removeonly Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Telemeter 3.5g --> C:\Program Files\Telemeter 3.0\uninst.exe Telenet Internet Security Pack --> "C:\Program Files\Telenet Internet Security Pack\FSGUI\PostInstall.exe" /tUnInstall Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2} Vista Default Settings --> MsiExec.exe /I{5A2E4F06-978E-4CE7-B13C-D03B519A0098} -- Application Event Log ------------------------------------------------------- Event Record #/Type7997 / Warning Event Submitted/Written: 05/11/2008 05:16:41 PM Event ID/Source: 1530 / profsvc Event Description: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3094490406-721571454-70943857-1003_Classes: Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3094490406-721571454-70943857-1003_CLASSES Event Record #/Type7996 / Warning Event Submitted/Written: 05/11/2008 05:16:40 PM Event ID/Source: 1530 / profsvc Event Description: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3094490406-721571454-70943857-1003: Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3094490406-721571454-70943857-1003 Event Record #/Type7979 / Error Event Submitted/Written: 05/11/2008 03:06:22 PM Event ID/Source: 5007 / WerSvc Event Description: Kan het doelbestand voor het Windows Feedback Platform (een dll-bestand dat de lijst met problemen op deze computer bevat waarvoor aanvullende gegevens moeten worden verzameld voor diagnose) niet parseren. Foutcode: 8014FFF9. Event Record #/Type7968 / Success Event Submitted/Written: 05/11/2008 02:35:59 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type7967 / Error Event Submitted/Written: 05/11/2008 02:35:57 PM Event ID/Source: 2002 / Intel® AMT Event Description: [uNS] Failed to subscribe to local Intel® AMT. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type29121 / Warning Event Submitted/Written: 05/11/2008 08:46:37 PM Event ID/Source: 3004 / WinDefend Event Description: %PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt. Zie voor meer informatie: %PC_van_Werner275 Scan-id: {FFCF7C05-A0EC-42E9-867D-AF4D86D22EB2} Gebruiker: PC_van_Werner\Jonas Naam: %PC_van_Werner271 Id: %PC_van_Werner272 Ernst-id: %PC_van_Werner273 Categorie-id: %PC_van_Werner274 Gevonden pad: %PC_van_Werner276 Type waarschuwing: %PC_van_Werner278 Type detectie: 1.1.1505.02 Event Record #/Type29120 / Warning Event Submitted/Written: 05/11/2008 08:46:37 PM Event ID/Source: 3004 / WinDefend Event Description: %PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt. Zie voor meer informatie: %PC_van_Werner275 Scan-id: {1C566E61-3347-4D46-A4FA-37C008F74424} Gebruiker: PC_van_Werner\Karin Naam: %PC_van_Werner271 Id: %PC_van_Werner272 Ernst-id: %PC_van_Werner273 Categorie-id: %PC_van_Werner274 Gevonden pad: %PC_van_Werner276 Type waarschuwing: %PC_van_Werner278 Type detectie: 1.1.1505.02 Event Record #/Type29119 / Warning Event Submitted/Written: 05/11/2008 08:46:37 PM Event ID/Source: 3004 / WinDefend Event Description: %PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt. Zie voor meer informatie: %PC_van_Werner275 Scan-id: {C3544873-554D-4B73-8AE5-D736256DCE37} Gebruiker: PC_van_Werner\Karin Naam: %PC_van_Werner271 Id: %PC_van_Werner272 Ernst-id: %PC_van_Werner273 Categorie-id: %PC_van_Werner274 Gevonden pad: %PC_van_Werner276 Type waarschuwing: %PC_van_Werner278 Type detectie: 1.1.1505.02 Event Record #/Type29118 / Warning Event Submitted/Written: 05/11/2008 08:46:37 PM Event ID/Source: 3004 / WinDefend Event Description: %PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt. Zie voor meer informatie: %PC_van_Werner275 Scan-id: {9FB62F18-6437-4C8E-89E1-F7D8753C58A3} Gebruiker: PC_van_Werner\Karin Naam: %PC_van_Werner271 Id: %PC_van_Werner272 Ernst-id: %PC_van_Werner273 Categorie-id: %PC_van_Werner274 Gevonden pad: %PC_van_Werner276 Type waarschuwing: %PC_van_Werner278 Type detectie: 1.1.1505.02 Event Record #/Type29117 / Warning Event Submitted/Written: 05/11/2008 08:46:37 PM Event ID/Source: 3004 / WinDefend Event Description: %PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt. Zie voor meer informatie: %PC_van_Werner275 Scan-id: {DF214955-E8CC-4F73-B155-C4F5928FE7D7} Gebruiker: PC_van_Werner\Karin Naam: %PC_van_Werner271 Id: %PC_van_Werner272 Ernst-id: %PC_van_Werner273 Categorie-id: %PC_van_Werner274 Gevonden pad: %PC_van_Werner276 Type waarschuwing: %PC_van_Werner278 Type detectie: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-05-11 20:48:29 ------------ Normaal zoek ik bestanden via start->zoeken: dan opent er zich een apart venster waar ik mijn zoekopdracht moet ingeven en eventueel verder verfijnen. In Vista heb je geen start-> uitvoeren zoals bij XP. (heb dat daarstraks nog met onze oude laptop met XP vergeleken) Uitvoeren bij Vista heb ik gevonden via zoeken maar misschien is er nog een andere mogelijkheid?

SDFix had ik gisteren ook al in veilige modus gevonden hoor. Alleen kan ik het niet laten runnen. Klik ik op RunThis, krijg ik een flits van het scherm en is't weeral weg. Ik kan de catchme laten scannen (zie printscreen) maar die log heb ik gisteren al gepost. Uitvoeren heb ik gevonden door bij start -> zoekopdracht : uitvoeren te typen. Maar ook hier geen resultaat. In veilige modus heb ik ook gezocht naar combofix en gaf hij resultaat: bestand uitvoeren maar dan kreeg ik weer de vervelende mededeling dat hij niet kan hernoemen. Ik sta dus nog altijd even ver.

Ik wou het ook nog eens proberen met SDFix en een uitgeschakelde firewall. SDFix zit in c:/downloads. Kan ik het daar gewoon verwijderen of moet dat via configuratiescherm -> programma verwijderen? Daar vind ik het niet terug, HJT staat daar echter wel tussen. En die heeft zijn werk al goed gedaan.

De map cobofix bestaat niet. Via zoeken vind ik niks terug van combofix. Maar wat bedoel je met start --> uitvoeren en type: combofix/u. Moet ik dat via het configuratiescherm doen of is dat wanneer ik de computer herstart en moet ik dan op een of andere f-toets klikken? De firewall heb ik uitgeschakeld maar ik krijg terug diezelfde mededeling dat ik combofix niet kan hernoemen. Dan moet er toch ergens een andere versie in mijn laptop verstopt zitten?

Bij mij lukt het dus niet. Zou je even stap per stap kunnen uitleggen hoe jij dat doet? Misschien klik ik wel ergens verkeerd.

Tiens, Nafrtox heeft hetzelfde probleem als ik met de SDFix. Zou het aan Vista liggen? Ik ben benieuwd of het jouw lukt met de combofix. Ik krijg hem zelfs niet geïnstalleerd.

Het zit me echt niet mee. Bij de combofix krijg ik volgende mededeling: You cannot rename combofix as combofix1. Ik klik op OK en het is weg. Ik vind ook niks terug op mijn laptop van de installatie (gezocht via zoeken). Ook bij de tweede installatiepoging krijg ik dit bericht.:s

ik heb het dus verwijderd en opnieuw geïnstalleerd. Uiteindelijk heb ik een kladblok gekregen met volgende gegevens: catchme 0.3.1359 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-10 21:03:19 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4768] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b404bd8] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37718641] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4768] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b404bd8] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37718641] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Is dit logje wat je moest hebben? Ik heb het niet verkregen door op RunThis te klikken maar wel op de catchme en daar op scan te klikken, na een kleine 10' had ik dan deze gegevens.

Ik heb SDFix geïnstalleerd en kreeg de volgende mededeling: zie printscreen, en ik heb op opnieuw installeren geklikt. De mededeling kwam niet meer terug. Daarna in veilige modus opgestart en SDFix willen openen. Dit lukte mij niet, ik kreeg geen reactie. Wat nu?

Alvast bedankt. In het weekend zet ik mij eraan. Maar ik zal al eerst uw antwoord afprinten zodat ik het stapsgewijs kan volgen.

Gisteren kreeg ik de melding dat er malware was aangetroffen op de laptop. Ik klik op OK en heb dan een scan gedaan met de virusscanner.. Die zei dat er niks aangetroffen was. Vandaag melding van de virusscanner dat er malware is aangetroffen en dat de aanbevolen actie isoleren is. Heb ik gedaan. Moet ik nog andere acties ondernemen?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:56:28, on 8/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Windows\System32\rundll32.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE C:\Program Files\Telemeter 3.0\Telemeter3.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\System32\rundll32.exe C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita Home R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe" O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11362 bytes

Bij mij lukt dat ook niet, daarom dat ik die vraag stelde hoe het moet bij hotmail.

:eek: Wij doen dat al eens als onze laptop vast blijft zitten en ook de drie sec-truuk niet helpt. Met onze oude en ook met onze nieuwe hebben we dat al gedaan. Tot hier toe (hout vasthouden) startten ze terug op zonder gevolgen.

Dat klopt alvast bij outlook. Maar hoe moet dat bij hotmail? Daar lukt het mij van langs geen kanten.

In het mailtje staat daar niks van in. En als mijn Engels goed genoeg is was die link maar 6 u. geldig.

Gedurende 1 week is de single van Coldplay gratis te downloaden. Via e-mail ontving ik een link en deze vraagt een gebruikersnaam en wachtwoord. Ik weet niet wat ik moet invullen?? Zie printscreen.

Ik heb vandaag een tekentablet gekocht van Wacom (Graphire4) en er zat Photoshop Elements 4.0 bij. Op de cd staat dat het voor windows XP is maar ik heb Vista. Kan ik deze cd dan gebruiken??

Ik heb ook Vista. Ik geraak probleemloos op die sites, hoor.

Ik krijg het bestand niet uitgepakt.Zie printscreen. En waar juist vind ik windows/systeemfolder?