Poeki
-
Items
102 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Poeki
-
-
Bij deze PC is de C:\ root clean, ook de E & F:\ root, dat kun je zien aan de lpt3 die legaal is van de tool.
Das chinees voor mij, maar als het er goed ziet volgens jou ben ik blij.
-
Hoi Kape,
Kun je even de HJT van onze oude laptop bekijken. Die gebruiken we niet meer on-line.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:00, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FF - Powered by UBB.threads™
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/defaults/activex/IPSUploader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5360 bytes
Met dank.
-
Flashdesinfector uitgevoerd maar dit duurde maar heel kort en de computer heeft zichzelf niet terug afgesloten en opgestart.
Mountpoints Diagnostics uitgevoerd maar...ik denk niet met het goede resultaat: Diagnostic Report
ma 12/05/2008 17:24:31,34
Mountpoints > Drives subkeys:
------------------------------------
No Autorun files found in C:\Windows
No Autorun files found in C:\Windows\system32
C:\autorun.inf **folder** found
Files in C:\autorun.inf
lpt3.This folder was created by Flash_Disinfector
No Autorun files found in root of D:
E:\autorun.inf **folder** found
Files in E:\autorun.inf
lpt3.This folder was created by Flash_Disinfector
F:\autorun.inf **folder** found
Files in F:\autorun.inf
lpt3.This folder was created by Flash_Disinfector
Zie ook printscreen icoontjes want mountpoints staat er 2 keer in. Of moet ik de .zip zelf verwijderen.
Panda-activescan: ik kan geen snelkoppelig maken naar bureaublad. Ik had de lange scan gekozen maar per ongeluk weggeklikt, nu de korte scan gedaan om te zien of dit het resultaat was dat je moest hebben.
Ik heb wat printscreens genomen zodat je kan zien wat er niet in orde is.
Mijn virusscanner geeft aan dat er geen malware gevonden is.
Alvast bedankt.
-
Oei, hier schrik ik van. Ik gebruik mijn USB-stick thuis en op het werk. Ook mijn man gebruikt een USB-stick om kantoorwerk thuis verder te maken. Hoe zit dat met de pc's op het werk dan, daar hebben wij geen impact op.
Ik ga jouw tool maar eens downloaden dan. Alvast bedankt.
-
Ik heb wat gegoogeld op combofix en heb mijn fout gevonden bij het downloaden. Ipv opslaan heb ik voor uitvoeren gekozen en lukte het dus niet. Hier mijn log:
ComboFix 08-05-11.1 - Karin 2008-05-12 12:09:46.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1043.18.889 [GMT 2:00]
Gestart vanuit: C:\Users\Karin\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Autorun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))
.
Geen nieuwe bestanden aangemaakt in deze periode
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 09:23 --------- d-----w C:\Users\Karin\AppData\Roaming\WTablet
2008-05-11 18:38 27,335 ----a-w C:\Users\Karin\AppData\Roaming\nvModes.dat
2008-05-11 15:12 27,430 ----a-w C:\Users\Werner\AppData\Roaming\nvModes.dat
2008-05-11 08:47 27,335 ----a-w C:\Users\Jonas\AppData\Roaming\nvModes.dat
2008-05-08 17:55 --------- d-----w C:\Program Files\Trend Micro
2008-05-02 19:29 --------- d-----w C:\Users\Karin\AppData\Roaming\gtk-2.0
2008-05-02 10:03 --------- d-----w C:\Program Files\QuickTime
2008-04-25 11:36 --------- d-----w C:\Users\Werner\AppData\Roaming\WTablet
2008-04-23 11:59 --------- d-----w C:\Users\Jonas\AppData\Roaming\WTablet
2008-04-23 11:14 --------- d-----w C:\Users\Evi\AppData\Roaming\WTablet
2008-04-21 15:27 --------- d-----w C:\ProgramData\AppData
2008-04-21 15:25 --------- d-----w C:\Program Files\Tablet
2008-04-10 20:14 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 17:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-07 18:23 --------- d-----w C:\Program Files\Network Stumbler
2008-04-05 18:22 --------- d-----w C:\Users\Karin\AppData\Roaming\GetRightToGo
2008-04-04 19:20 27,145 ----a-w C:\Users\Evi\AppData\Roaming\nvModes.dat
2008-03-31 19:03 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-30 12:38 --------- d-----w C:\Users\Karin\AppData\Roaming\F-Secure
2008-03-20 08:27 --------- d-----w C:\Program Files\Telemeter 3.0
2008-03-18 19:02 --------- d-----w C:\Program Files\Anark
2008-03-17 16:32 --------- d-----w C:\Program Files\Telenet Internet Security Pack
2008-03-17 13:12 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys
2008-03-16 22:18 --------- d-----w C:\Program Files\Java
2008-03-16 12:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-15 13:37 --------- d-----w C:\Program Files\Google
2008-03-12 18:45 --------- d-----w C:\Program Files\Microsoft Games
2008-03-05 10:33 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-03-01 20:55 9,728 ----a-w C:\Windows\System32\rnaph.dll
2008-03-01 19:28 174 --sha-w C:\Program Files\desktop.ini
2008-03-01 19:08 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-01 19:08 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-01 19:08 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-01 19:08 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-01 19:08 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-01 19:08 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-01 19:08 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-01 19:08 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-01 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-01 19:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-01 19:04 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-01 19:03 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-01 19:03 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-01 19:03 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-01 19:03 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-01 19:03 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-01 19:03 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-01 19:03 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-01 19:03 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-01 19:03 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-01 19:03 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-01 19:02 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-01 19:02 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-01 19:02 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-01 19:02 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-01 19:01 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-01 19:01 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-01 19:01 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-01 19:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-01 19:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-01 19:00 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-01 19:00 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-01 18:59 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-03-01 18:59 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-03-01 18:59 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-03-01 18:59 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-03-01 18:59 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-03-01 18:59 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-03-01 18:59 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-03-01 18:59 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-03-01 18:59 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-01 18:59 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-03-01 18:59 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-01 18:57 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-01 18:57 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-01 18:56 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-01 18:55 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-01 18:55 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-03-01 18:55 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-03-01 18:54 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-01 18:52 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-01 18:32 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-01 18:32 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-01 18:32 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-01 18:32 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-01 18:31 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-01 18:31 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-01 18:31 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-01 18:31 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-01 18:31 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-01 20:56 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-10 09:27 1006264]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 15:14 1183744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-25 14:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-25 14:07 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-25 14:07 81920]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 08:38 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 16:17 163840]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-04-10 15:10 404248]
"F-Secure Manager"="C:\Program Files\Telenet Internet Security Pack\Common\FSM32.exe" [2007-04-26 19:12 183208]
"F-Secure TNB"="C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-16 00:38 1441792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-03-01 16:51:59 192512]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-05 12:33:53 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-05 12:30:52 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 2007-04-30 08:19 49152 C:\Windows\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EE2A9B72-AA55-4424-BD74-D4EBDDEE1753}"= Disabled:TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0889157A-4394-48DD-B184-50E6C2749C2B}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3F175808-04BE-470E-AF61-8DFE9A9AA027}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{18E28346-957C-434E-A82B-2D06BBA380D4}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{8507D402-0A78-4764-AB94-D873A7FE5B7F}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {534A7331-A961-4B23-A1B7-8AE91C9294B8},{23C237F1-2A19-4FBC-AE27-B3F0BF3D571A},{CD33A406-9181-4C1F-A6BD-CCF7B06D5EF2}
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Telenet Internet Security Pack\HIPS\fshs.sys [2008-03-01 22:12]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-04-26 19:08]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-03-17 15:12]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\minifilter\fsvista.sys [2007-04-26 19:07]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 08:44]
R2 atchksrv;Intel® Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-04-10 15:10]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 04:00]
R2 LMS;Intel® Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-04-10 15:10]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-09-07 11:16]
R2 UNS;Intel® Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-04-10 15:10]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-16 03:00]
R3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 12:42]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 12:42]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 12:42]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
R3 rismc32;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismc32.sys [2006-12-20 03:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-03-01 15:52]
S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-04-23 13:13]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\system32\flcdlock.exe [2007-04-30 08:28]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Telenet Internet Security Pack\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 12:17:43
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-05-12 12:19:37
ComboFix-quarantined-files.txt 2008-05-12 10:19:14
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
226 --- E O F --- 2008-05-09 15:21:39
-
Deze is gelukt:
Deckard's System Scanner v20071014.68
Run by Karin on 2008-05-11 20:42:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
19: 2008-05-09 15:20:25 UTC - RP175 - Windows Update
18: 2008-05-07 08:41:51 UTC - RP174 - Windows Update
17: 2008-05-01 23:36:13 UTC - RP173 - Windows Update
16: 2008-05-01 10:15:02 UTC - RP172 - Gepland herstelpunt
15: 2008-04-29 18:19:53 UTC - RP171 - Windows Update
-- First Restore Point --
1: 2008-04-03 11:10:46 UTC - RP157 - Gepland herstelpunt
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Karin.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:18, on 11/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\Program Files\Telemeter 3.0\Telemeter3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNKG7B3A\dss[1].exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Karin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3094490406-721571454-70943857-1005\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Jonas')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11380 bytes
-- File Associations -----------------------------------------------------------
Er was ook nog een extra.txt-Kladblok:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Business (build 6000)
Architecture: X86; Language: Dutch
CPU 0: Intel® Core2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 2014.69 MiB / 1025.49 MiB
Pagefile Memory (total/avail): 4264.42 MiB / 2758.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1892.21 MiB
C: is Fixed (NTFS) - 140.9 GiB total, 98.96 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 1.55 GiB total, 1.12 GiB free.
F: is Fixed (NTFS) - 6.59 GiB total, 0.56 GiB free.
\\.\PHYSICALDRIVE0 - Hitachi HTS542516K9SA00 ATA Device - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 140.9 GiB - C:
\PARTITION1 - Installable File System - 6.59 GiB - F:
\PARTITION2 - Installable File System - 1588 MiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Telenet Internet Security Pack 7.00 v7.00 (F-Secure Corporation)
AV: Telenet Internet Security Pack 7.00 v7.00 (F-Secure Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Telenet Internet Security Pack 7.00 v7.00 (F-Secure Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Karin\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC_VAN_WERNER
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Karin
LOCALAPPDATA=C:\Users\Karin\AppData\Local
LOGONSERVER=\\PC_VAN_WERNER
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PLATFORM=BNB
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Karin\AppData\Local\Temp
TMP=C:\Users\Karin\AppData\Local\Temp
USERDOMAIN=PC_van_Werner
USERNAME=Karin
USERPROFILE=C:\Users\Karin
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Werner
Karin
Jonas
Evi
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> "C:\Program Files\Telenet Internet Security Pack\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Anark Client 4 --> C:\Program Files\Anark\Anark Client 4\AMInstal.exe -uninstall
Application Installer 4.00.B13 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x13
BIOS Configuration for HP ProtectTools --> MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1}
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
Device Access Manager for HP ProtectTools --> MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
ESU for Microsoft Vista --> MsiExec.exe /I{A171503D-350F-4A65-941D-6786B33C2E7D}
GIMP 2.4.5 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP 3D DriveGuard --> MsiExec.exe /X{8F621B32-1A5E-488C-8B36-F05CABD9264E}
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Backup & Recovery Manager Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x13 -uninst -removeonly
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 --> MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Notebook Accessories Product Tour --> MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP ProtectTools Security Manager --> MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.20 F2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0013 -removeonly uninst
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0074 --> MsiExec.exe /I{DD42CAE3-FADD-4B36-95B1-E1CB75BCD364}
Intel® Active Management Technology Device Software --> C:\Windows\system32\mesoludlg.exe -uninstall
Intel® Management Engine Interface --> C:\Windows\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x13 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0013 -removeonly
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Dutch Language Pack --> MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Dutch) --> MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSCU for Microsoft Vista --> MsiExec.exe /I{54B5F150-A6E9-412D-962B-D9B1FCB0AB07}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Complete --> C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
Pen Tablet --> C:\Program Files\Tablet\Pen\Remove.exe /u
QuickTime --> C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z\UIU32m.exe -U -IhpZ1379z.inf
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0013 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Telemeter 3.5g --> C:\Program Files\Telemeter 3.0\uninst.exe
Telenet Internet Security Pack --> "C:\Program Files\Telenet Internet Security Pack\FSGUI\PostInstall.exe" /tUnInstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Vista Default Settings --> MsiExec.exe /I{5A2E4F06-978E-4CE7-B13C-D03B519A0098}
-- Application Event Log -------------------------------------------------------
Event Record #/Type7997 / Warning
Event Submitted/Written: 05/11/2008 05:16:41 PM
Event ID/Source: 1530 / profsvc
Event Description:
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3094490406-721571454-70943857-1003_Classes:
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3094490406-721571454-70943857-1003_CLASSES
Event Record #/Type7996 / Warning
Event Submitted/Written: 05/11/2008 05:16:40 PM
Event ID/Source: 1530 / profsvc
Event Description:
Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3094490406-721571454-70943857-1003:
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3094490406-721571454-70943857-1003
Event Record #/Type7979 / Error
Event Submitted/Written: 05/11/2008 03:06:22 PM
Event ID/Source: 5007 / WerSvc
Event Description:
Kan het doelbestand voor het Windows Feedback Platform (een dll-bestand dat de lijst met problemen op deze computer bevat waarvoor aanvullende gegevens moeten worden verzameld voor diagnose) niet parseren. Foutcode: 8014FFF9.
Event Record #/Type7968 / Success
Event Submitted/Written: 05/11/2008 02:35:59 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type7967 / Error
Event Submitted/Written: 05/11/2008 02:35:57 PM
Event ID/Source: 2002 / Intel® AMT
Event Description:
[uNS] Failed to subscribe to local Intel® AMT.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type29121 / Warning
Event Submitted/Written: 05/11/2008 08:46:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.
Zie voor meer informatie:
%PC_van_Werner275
Scan-id: {FFCF7C05-A0EC-42E9-867D-AF4D86D22EB2}
Gebruiker: PC_van_Werner\Jonas
Naam: %PC_van_Werner271
Id: %PC_van_Werner272
Ernst-id: %PC_van_Werner273
Categorie-id: %PC_van_Werner274
Gevonden pad: %PC_van_Werner276
Type waarschuwing: %PC_van_Werner278
Type detectie: 1.1.1505.02
Event Record #/Type29120 / Warning
Event Submitted/Written: 05/11/2008 08:46:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.
Zie voor meer informatie:
%PC_van_Werner275
Scan-id: {1C566E61-3347-4D46-A4FA-37C008F74424}
Gebruiker: PC_van_Werner\Karin
Naam: %PC_van_Werner271
Id: %PC_van_Werner272
Ernst-id: %PC_van_Werner273
Categorie-id: %PC_van_Werner274
Gevonden pad: %PC_van_Werner276
Type waarschuwing: %PC_van_Werner278
Type detectie: 1.1.1505.02
Event Record #/Type29119 / Warning
Event Submitted/Written: 05/11/2008 08:46:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.
Zie voor meer informatie:
%PC_van_Werner275
Scan-id: {C3544873-554D-4B73-8AE5-D736256DCE37}
Gebruiker: PC_van_Werner\Karin
Naam: %PC_van_Werner271
Id: %PC_van_Werner272
Ernst-id: %PC_van_Werner273
Categorie-id: %PC_van_Werner274
Gevonden pad: %PC_van_Werner276
Type waarschuwing: %PC_van_Werner278
Type detectie: 1.1.1505.02
Event Record #/Type29118 / Warning
Event Submitted/Written: 05/11/2008 08:46:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.
Zie voor meer informatie:
%PC_van_Werner275
Scan-id: {9FB62F18-6437-4C8E-89E1-F7D8753C58A3}
Gebruiker: PC_van_Werner\Karin
Naam: %PC_van_Werner271
Id: %PC_van_Werner272
Ernst-id: %PC_van_Werner273
Categorie-id: %PC_van_Werner274
Gevonden pad: %PC_van_Werner276
Type waarschuwing: %PC_van_Werner278
Type detectie: 1.1.1505.02
Event Record #/Type29117 / Warning
Event Submitted/Written: 05/11/2008 08:46:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC_van_Werner27 Real-Time Protection-agent heeft wijzigingen gedetecteerd. Er wordt aanbevolen om de software die deze wijzigingen heeft gemaakt te onderzoeken op mogelijke risicio's. U kunt de informatie over hoet deze programma's werken, gebruiken om te bepalen of u deze op uw computer wilt uitvoeren of wilt verwijderen. Sta de wijzigingen alleen toe als u de software of de uitgever ervan vertrouwt.
Zie voor meer informatie:
%PC_van_Werner275
Scan-id: {DF214955-E8CC-4F73-B155-C4F5928FE7D7}
Gebruiker: PC_van_Werner\Karin
Naam: %PC_van_Werner271
Id: %PC_van_Werner272
Ernst-id: %PC_van_Werner273
Categorie-id: %PC_van_Werner274
Gevonden pad: %PC_van_Werner276
Type waarschuwing: %PC_van_Werner278
Type detectie: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2008-05-11 20:48:29 ------------
Normaal zoek ik bestanden via start->zoeken: dan opent er zich een apart venster waar ik mijn zoekopdracht moet ingeven en eventueel verder verfijnen.
In Vista heb je geen start-> uitvoeren zoals bij XP. (heb dat daarstraks nog met onze oude laptop met XP vergeleken) Uitvoeren bij Vista heb ik gevonden via zoeken maar misschien is er nog een andere mogelijkheid?
-
SDFix had ik gisteren ook al in veilige modus gevonden hoor. Alleen kan ik het niet laten runnen. Klik ik op RunThis, krijg ik een flits van het scherm en is't weeral weg. Ik kan de catchme laten scannen (zie printscreen) maar die log heb ik gisteren al gepost.
Uitvoeren heb ik gevonden door bij start -> zoekopdracht : uitvoeren te typen. Maar ook hier geen resultaat. In veilige modus heb ik ook gezocht naar combofix en gaf hij resultaat: bestand uitvoeren maar dan kreeg ik weer de vervelende mededeling dat hij niet kan hernoemen.
Ik sta dus nog altijd even ver.
-
Ik wou het ook nog eens proberen met SDFix en een uitgeschakelde firewall. SDFix zit in c:/downloads. Kan ik het daar gewoon verwijderen of moet dat via configuratiescherm -> programma verwijderen? Daar vind ik het niet terug, HJT staat daar echter wel tussen. En die heeft zijn werk al goed gedaan.
-
De map cobofix bestaat niet. Via zoeken vind ik niks terug van combofix.
Maar wat bedoel je met start --> uitvoeren en type: combofix/u. Moet ik dat via het configuratiescherm doen of is dat wanneer ik de computer herstart en moet ik dan op een of andere f-toets klikken?
De firewall heb ik uitgeschakeld maar ik krijg terug diezelfde mededeling dat ik combofix niet kan hernoemen. Dan moet er toch ergens een andere versie in mijn laptop verstopt zitten?
-
Bij mij lukt het dus niet. Zou je even stap per stap kunnen uitleggen hoe jij dat doet? Misschien klik ik wel ergens verkeerd.
-
Ik slaag er niet in om de RunThis.bat op te starten in Veilige Modus.Er komt steeds een venster op maar da's meteen weg na een halve seconde. Ook met de opdrachtprompt lukt het niet.
Tiens, Nafrtox heeft hetzelfde probleem als ik met de SDFix. Zou het aan Vista liggen?
Ik ben benieuwd of het jouw lukt met de combofix. Ik krijg hem zelfs niet geïnstalleerd.
-
Het zit me echt niet mee. Bij de combofix krijg ik volgende mededeling: You cannot rename combofix as combofix1. Ik klik op OK en het is weg. Ik vind ook niks terug op mijn laptop van de installatie (gezocht via zoeken).
Ook bij de tweede installatiepoging krijg ik dit bericht.:s
-
ik heb het dus verwijderd en opnieuw geïnstalleerd. Uiteindelijk heb ik een kladblok gekregen met volgende gegevens:
catchme 0.3.1359 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 21:03:19
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b404bd8]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37718641]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b404bd8]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37718641]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Is dit logje wat je moest hebben? Ik heb het niet verkregen door op RunThis te klikken maar wel op de catchme en daar op scan te klikken, na een kleine 10' had ik dan deze gegevens.
-
Ik heb SDFix geïnstalleerd en kreeg de volgende mededeling: zie printscreen, en ik heb op opnieuw installeren geklikt. De mededeling kwam niet meer terug.
Daarna in veilige modus opgestart en SDFix willen openen. Dit lukte mij niet, ik kreeg geen reactie.
Wat nu?
-
Alvast bedankt. In het weekend zet ik mij eraan. Maar ik zal al eerst uw antwoord afprinten zodat ik het stapsgewijs kan volgen.
-
Gisteren kreeg ik de melding dat er malware was aangetroffen op de laptop. Ik klik op OK en heb dan een scan gedaan met de virusscanner.. Die zei dat er niks aangetroffen was.
Vandaag melding van de virusscanner dat er malware is aangetroffen en dat de aanbevolen actie isoleren is. Heb ik gedaan.
Moet ik nog andere acties ondernemen??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:28, on 8/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\Program Files\Telemeter 3.0\Telemeter3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Zita Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11362 bytes
-
nougabollen; kopieren en plakken werkt niet op die manier in hotmail (zelf getest)
Bij mij lukt dat ook niet, daarom dat ik die vraag stelde hoe het moet bij hotmail.
-
Ik hoop voor je dat hij nog te herstellen is; het weghalen van de batterij uit een notebook die op z'n accu draait kan je moederbord zodanig beschadigen dat het voor de vuilbak is (en daarbij de cpu & de videokaart ook).
Als je je laptop wil uitzetten als hij blijft hangen moet je een 3tal seconden op de aan-uit knop duwen, dan valt hij uit. Daarna mag je pas je batterij eruit halen.
:eek:Wij doen dat al eens als onze laptop vast blijft zitten en ook de drie sec-truuk niet helpt. Met onze oude en ook met onze nieuwe hebben we dat al gedaan. Tot hier toe (hout vasthouden) startten ze terug op zonder gevolgen.
-
Dat klopt alvast bij outlook. Maar hoe moet dat bij hotmail? Daar lukt het mij van langs geen kanten.
-
In het mailtje staat daar niks van in. En als mijn Engels goed genoeg is was die link maar 6 u. geldig.
-
Gedurende 1 week is de single van Coldplay gratis te downloaden.
Via e-mail ontving ik een link en deze vraagt een gebruikersnaam en wachtwoord. Ik weet niet wat ik moet invullen??
Zie printscreen.
-
Ik heb vandaag een tekentablet gekocht van Wacom (Graphire4) en er zat Photoshop Elements 4.0 bij. Op de cd staat dat het voor windows XP is maar ik heb Vista. Kan ik deze cd dan gebruiken??
-
Ik heb ook Vista. Ik geraak probleemloos op die sites, hoor.
-
Ik krijg het bestand niet uitgepakt.Zie printscreen. En waar juist vind ik windows/systeemfolder?
.
:eek:
controle oude laptop
in Archief Bestrijding malware & virussen
Geplaatst:
Fijn dat jij even kijkt, Xeno. Hoe de specialist noemt maakt inderdaad weinig uit.
Zoals ik al zei is deze laptop off-line en hebben we de anti-virus eraf gesmeten. Kan ik hem er zomaar terug inpluggen en je programma downloaden en laten runnen?