bdeweerdt

Nogmaals dank! # DelFix v10.2 - Logfile created 21/05/2013 at 11:30:47 # Updated 02/04/2013 by Xplode # Username : Filip - PC_DEWEERDT # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) ~ Removing disinfection tools ... Deleted : C:\Program Files\Trend Micro\Hijackthis Deleted : C:\AdwCleaner[s1].txt Deleted : C:\ComboFix.txt Deleted : C:\zoek-results.log Deleted : C:\Documents and Settings\Filip\Bureaublad\HiJackThis.lnk Deleted : C:\Documents and Settings\Filip\Bureaublad\hijackthis.log Deleted : C:\Documents and Settings\Filip\Bureaublad\zoek.exe Deleted : C:\Documents and Settings\Filip\Mijn documenten\Downloads\adwcleaner.exe Deleted : C:\Documents and Settings\Filip\Mijn documenten\Downloads\HiJackThis.msi Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #1 [Controlepunt van systeem | 05/10/2013 16:57:13] Deleted : RP #2 [Controlepunt van systeem | 05/11/2013 17:30:41] Deleted : RP #3 [Controlepunt van systeem | 05/12/2013 17:59:55] Deleted : RP #4 [Controlepunt van systeem | 05/13/2013 18:15:02] Deleted : RP #5 [software Distribution Service 3.0 | 05/14/2013 15:45:46] Deleted : RP #6 [software Distribution Service 3.0 | 05/15/2013 16:19:13] Deleted : RP #7 [software Distribution Service 3.0 | 05/15/2013 21:14:05] Deleted : RP #8 [software Distribution Service 3.0 | 05/16/2013 15:58:19] Deleted : RP #9 [Removed Java 6 Update 11 | 05/16/2013 19:20:03] Deleted : RP #10 [Removed Java 6 Update 3 | 05/16/2013 19:20:53] Deleted : RP #11 [Removed Java SE Runtime Environment 6 Update 1 | 05/16/2013 19:21:43] Deleted : RP #12 [installed Java 7 Update 21 | 05/16/2013 19:56:51] Deleted : RP #13 [software Distribution Service 3.0 | 05/17/2013 12:12:54] Deleted : RP #14 [Controlepunt van systeem | 05/20/2013 20:19:32] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

Update geïnstalleerd. Zijn er nog te ondernemen stappen? Bedankt!

Met wat vertraging hier het gevraagde log(je)! Zoek.exe Version 4.0.0.2 Updated 12-May-2013 Tool run by Filip on zo 12/05/2013 at 17:10:50,29. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Spector Photo Software\Agent.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\IrfanView\I_VIEW32.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\Filip\Bureaublad\zoek.exe ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI - Nederlands Adobe Shockwave Player 11.5 AIO_Scan Apple Application Support Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver Belgacom Genius Belgium e-ID middleware 3.5.6 (build 6954) Beveiligingsupdate for Windows XP (KB923689) Beveiligingsupdate for Windows XP (KB941569) Beveiligingsupdate voor Microsoft Windows (KB2564958) Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090) Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969) Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566) Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143) Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127) Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653) Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615) Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533) Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759) Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838) Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390) Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215) Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714) Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260) Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027) Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897) Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260) Beveiligingsupdate voor Windows Internet Explorer 7 (KB974455) Beveiligingsupdate voor Windows Internet Explorer 7 (KB976325) Beveiligingsupdate voor Windows Internet Explorer 7 (KB978207) Beveiligingsupdate voor Windows Internet Explorer 7 (KB982381) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2530548) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2647516) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2675157) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2699988) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2722913) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2761465) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2792100) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2797052) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2799329) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2809289) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2817183) Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961) Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332) Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381) Beveiligingsupdate voor Windows Media Player (KB2378111) Beveiligingsupdate voor Windows Media Player (KB911564) Beveiligingsupdate voor Windows Media Player (KB952069) Beveiligingsupdate voor Windows Media Player (KB954155) Beveiligingsupdate voor Windows Media Player (KB968816) Beveiligingsupdate voor Windows Media Player (KB973540) Beveiligingsupdate voor Windows Media Player (KB975558) Beveiligingsupdate voor Windows Media Player (KB978695) Beveiligingsupdate voor Windows Media Player 11 (KB936782) Beveiligingsupdate voor Windows Media Player 11 (KB954154) Beveiligingsupdate voor Windows Media Player 6.4 (KB925398) Beveiligingsupdate voor Windows Media Player 9 (KB917734) Beveiligingsupdate voor Windows XP (KB2079403) Beveiligingsupdate voor Windows XP (KB2115168) Beveiligingsupdate voor Windows XP (KB2121546) Beveiligingsupdate voor Windows XP (KB2229593) Beveiligingsupdate voor Windows XP (KB2259922) Beveiligingsupdate voor Windows XP (KB2296011) Beveiligingsupdate voor Windows XP (KB2347290) Beveiligingsupdate voor Windows XP (KB2360937) Beveiligingsupdate voor Windows XP (KB2387149) Beveiligingsupdate voor Windows XP (KB2393802) Beveiligingsupdate voor Windows XP (KB2412687) Beveiligingsupdate voor Windows XP (KB2419632) Beveiligingsupdate voor Windows XP (KB2423089) Beveiligingsupdate voor Windows XP (KB2440591) Beveiligingsupdate voor Windows XP (KB2443105) Beveiligingsupdate voor Windows XP (KB2476490) Beveiligingsupdate voor Windows XP (KB2476687) Beveiligingsupdate voor Windows XP (KB2478960) Beveiligingsupdate voor Windows XP (KB2478971) Beveiligingsupdate voor Windows XP (KB2479628) Beveiligingsupdate voor Windows XP (KB2479943) Beveiligingsupdate voor Windows XP (KB2481109) Beveiligingsupdate voor Windows XP (KB2483185) Beveiligingsupdate voor Windows XP (KB2485376) Beveiligingsupdate voor Windows XP (KB2485663) Beveiligingsupdate voor Windows XP (KB2503658) Beveiligingsupdate voor Windows XP (KB2503665) Beveiligingsupdate voor Windows XP (KB2506212) Beveiligingsupdate voor Windows XP (KB2506223) Beveiligingsupdate voor Windows XP (KB2507618) Beveiligingsupdate voor Windows XP (KB2507938) Beveiligingsupdate voor Windows XP (KB2508272) Beveiligingsupdate voor Windows XP (KB2508429) Beveiligingsupdate voor Windows XP (KB2509553) Beveiligingsupdate voor Windows XP (KB2511455) Beveiligingsupdate voor Windows XP (KB2524375) Beveiligingsupdate voor Windows XP (KB2535512) Beveiligingsupdate voor Windows XP (KB2536276-v2) Beveiligingsupdate voor Windows XP (KB2536276) Beveiligingsupdate voor Windows XP (KB2544893-v2) Beveiligingsupdate voor Windows XP (KB2544893) Beveiligingsupdate voor Windows XP (KB2555917) Beveiligingsupdate voor Windows XP (KB2562937) Beveiligingsupdate voor Windows XP (KB2566454) Beveiligingsupdate voor Windows XP (KB2567053) Beveiligingsupdate voor Windows XP (KB2567680) Beveiligingsupdate voor Windows XP (KB2570222) Beveiligingsupdate voor Windows XP (KB2570947) Beveiligingsupdate voor Windows XP (KB2584146) Beveiligingsupdate voor Windows XP (KB2585542) Beveiligingsupdate voor Windows XP (KB2592799) Beveiligingsupdate voor Windows XP (KB2598479) Beveiligingsupdate voor Windows XP (KB2603381) Beveiligingsupdate voor Windows XP (KB2618451) Beveiligingsupdate voor Windows XP (KB2619339) Beveiligingsupdate voor Windows XP (KB2620712) Beveiligingsupdate voor Windows XP (KB2621440) Beveiligingsupdate voor Windows XP (KB2624667) Beveiligingsupdate voor Windows XP (KB2631813) Beveiligingsupdate voor Windows XP (KB2633171) Beveiligingsupdate voor Windows XP (KB2639417) Beveiligingsupdate voor Windows XP (KB2641653) Beveiligingsupdate voor Windows XP (KB2646524) Beveiligingsupdate voor Windows XP (KB2647518) Beveiligingsupdate voor Windows XP (KB2653956) Beveiligingsupdate voor Windows XP (KB2655992) Beveiligingsupdate voor Windows XP (KB2659262) Beveiligingsupdate voor Windows XP (KB2660465) Beveiligingsupdate voor Windows XP (KB2661637) Beveiligingsupdate voor Windows XP (KB2676562) Beveiligingsupdate voor Windows XP (KB2685939) Beveiligingsupdate voor Windows XP (KB2686509) Beveiligingsupdate voor Windows XP (KB2691442) Beveiligingsupdate voor Windows XP (KB2695962) Beveiligingsupdate voor Windows XP (KB2698365) Beveiligingsupdate voor Windows XP (KB2705219) Beveiligingsupdate voor Windows XP (KB2707511) Beveiligingsupdate voor Windows XP (KB2709162) Beveiligingsupdate voor Windows XP (KB2712808) Beveiligingsupdate voor Windows XP (KB2718523) Beveiligingsupdate voor Windows XP (KB2719985) Beveiligingsupdate voor Windows XP (KB2723135) Beveiligingsupdate voor Windows XP (KB2724197) Beveiligingsupdate voor Windows XP (KB2727528) Beveiligingsupdate voor Windows XP (KB2731847) Beveiligingsupdate voor Windows XP (KB2753842-v2) Beveiligingsupdate voor Windows XP (KB2753842) Beveiligingsupdate voor Windows XP (KB2757638) Beveiligingsupdate voor Windows XP (KB2758857) Beveiligingsupdate voor Windows XP (KB2761226) Beveiligingsupdate voor Windows XP (KB2770660) Beveiligingsupdate voor Windows XP (KB2778344) Beveiligingsupdate voor Windows XP (KB2779030) Beveiligingsupdate voor Windows XP (KB2780091) Beveiligingsupdate voor Windows XP (KB2799494) Beveiligingsupdate voor Windows XP (KB2802968) Beveiligingsupdate voor Windows XP (KB2807986) Beveiligingsupdate voor Windows XP (KB2808735) Beveiligingsupdate voor Windows XP (KB2813170) Beveiligingsupdate voor Windows XP (KB2813345) Beveiligingsupdate voor Windows XP (KB2820917) Beveiligingsupdate voor Windows XP (KB923561) Beveiligingsupdate voor Windows XP (KB938464) Beveiligingsupdate voor Windows XP (KB946648) Beveiligingsupdate voor Windows XP (KB950760) Beveiligingsupdate voor Windows XP (KB950762) Beveiligingsupdate voor Windows XP (KB950974) Beveiligingsupdate voor Windows XP (KB951066) Beveiligingsupdate voor Windows XP (KB951376-v2) Beveiligingsupdate voor Windows XP (KB951376) Beveiligingsupdate voor Windows XP (KB951698) Beveiligingsupdate voor Windows XP (KB951748) Beveiligingsupdate voor Windows XP (KB952004) Beveiligingsupdate voor Windows XP (KB952954) Beveiligingsupdate voor Windows XP (KB953839) Beveiligingsupdate voor Windows XP (KB954211) Beveiligingsupdate voor Windows XP (KB954600) Beveiligingsupdate voor Windows XP (KB955069) Beveiligingsupdate voor Windows XP (KB956391) Beveiligingsupdate voor Windows XP (KB956572) Beveiligingsupdate voor Windows XP (KB956744) Beveiligingsupdate voor Windows XP (KB956802) Beveiligingsupdate voor Windows XP (KB956803) Beveiligingsupdate voor Windows XP (KB956841) Beveiligingsupdate voor Windows XP (KB956844) Beveiligingsupdate voor Windows XP (KB957095) Beveiligingsupdate voor Windows XP (KB957097) Beveiligingsupdate voor Windows XP (KB958644) Beveiligingsupdate voor Windows XP (KB958687) Beveiligingsupdate voor Windows XP (KB958690) Beveiligingsupdate voor Windows XP (KB958869) Beveiligingsupdate voor Windows XP (KB959426) Beveiligingsupdate voor Windows XP (KB960225) Beveiligingsupdate voor Windows XP (KB960715) Beveiligingsupdate voor Windows XP (KB960803) Beveiligingsupdate voor Windows XP (KB960859) Beveiligingsupdate voor Windows XP (KB961371) Beveiligingsupdate voor Windows XP (KB961373) Beveiligingsupdate voor Windows XP (KB961501) Beveiligingsupdate voor Windows XP (KB968537) Beveiligingsupdate voor Windows XP (KB969059) Beveiligingsupdate voor Windows XP (KB969898) Beveiligingsupdate voor Windows XP (KB969947) Beveiligingsupdate voor Windows XP (KB970238) Beveiligingsupdate voor Windows XP (KB970430) Beveiligingsupdate voor Windows XP (KB971468) Beveiligingsupdate voor Windows XP (KB971486) Beveiligingsupdate voor Windows XP (KB971557) Beveiligingsupdate voor Windows XP (KB971633) Beveiligingsupdate voor Windows XP (KB971657) Beveiligingsupdate voor Windows XP (KB971961) Beveiligingsupdate voor Windows XP (KB972270) Beveiligingsupdate voor Windows XP (KB973346) Beveiligingsupdate voor Windows XP (KB973354) Beveiligingsupdate voor Windows XP (KB973507) Beveiligingsupdate voor Windows XP (KB973525) Beveiligingsupdate voor Windows XP (KB973869) Beveiligingsupdate voor Windows XP (KB973904) Beveiligingsupdate voor Windows XP (KB974112) Beveiligingsupdate voor Windows XP (KB974318) Beveiligingsupdate voor Windows XP (KB974392) Beveiligingsupdate voor Windows XP (KB974571) Beveiligingsupdate voor Windows XP (KB975025) Beveiligingsupdate voor Windows XP (KB975467) Beveiligingsupdate voor Windows XP (KB975560) Beveiligingsupdate voor Windows XP (KB975561) Beveiligingsupdate voor Windows XP (KB975562) Beveiligingsupdate voor Windows XP (KB975713) Beveiligingsupdate voor Windows XP (KB977165) Beveiligingsupdate voor Windows XP (KB977816) Beveiligingsupdate voor Windows XP (KB977914) Beveiligingsupdate voor Windows XP (KB978037) Beveiligingsupdate voor Windows XP (KB978251) Beveiligingsupdate voor Windows XP (KB978262) Beveiligingsupdate voor Windows XP (KB978338) Beveiligingsupdate voor Windows XP (KB978542) Beveiligingsupdate voor Windows XP (KB978601) Beveiligingsupdate voor Windows XP (KB978706) Beveiligingsupdate voor Windows XP (KB979309) Beveiligingsupdate voor Windows XP (KB979482) Beveiligingsupdate voor Windows XP (KB979559) Beveiligingsupdate voor Windows XP (KB979683) Beveiligingsupdate voor Windows XP (KB979687) Beveiligingsupdate voor Windows XP (KB980195) Beveiligingsupdate voor Windows XP (KB980218) Beveiligingsupdate voor Windows XP (KB980232) Beveiligingsupdate voor Windows XP (KB980436) Beveiligingsupdate voor Windows XP (KB981322) Beveiligingsupdate voor Windows XP (KB981349) Beveiligingsupdate voor Windows XP (KB981997) Beveiligingsupdate voor Windows XP (KB982132) Beveiligingsupdate voor Windows XP (KB982214) Beveiligingsupdate voor Windows XP (KB982665) Broadcom Gigabit Integrated Controller BufferChm C4200 C4200_doccd c4200_Help Colin McRae Rally 2005 Copy CustomerResearchQFolder dcmsvc 1.0 Dell Resource CD Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder drivers Dropbox Essentiële update voor Windows Media Player 11 (KB959772) eSupportQFolder Google Chrome Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB976002-v5) Hotfix voor Windows Internet Explorer 7 (KB947864) Hotfix voor Windows Media Player 11 (KB939683) Hotfix voor Windows XP (KB2443685) Hotfix voor Windows XP (KB2570791) Hotfix voor Windows XP (KB2633952) Hotfix voor Windows XP (KB2756822) Hotfix voor Windows XP (KB2779562) Hotfix voor Windows XP (KB952287) Hotfix voor Windows XP (KB961118) Hotfix voor Windows XP (KB970653-v3) Hotfix voor Windows XP (KB976098-v2) Hotfix voor Windows XP (KB979306) Hotfix voor Windows XP (KB981793) HP-software voor foto- en beeldbewerking 2.0 - All-in-One HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200 HP Customer Participation Program 9.0 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 hp psc 1200 series HP Smart Web Printing 4.60 HP Solution Center 9.0 HP Update HPProductAssistant HPSSupply Intel® Graphics Media Accelerator Driver IP Camera IrfanView (remove only) Java 6 Update 11 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 KaraFun 1.18 KBC-beveiligingscomponenten KBC Trusted Sites LiveUpdate 2.6 (Symantec Corporation) Malwarebytes Anti-Malware versie 1.75.0.1300 MarketingReg MarketResearch McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Dutch Language Pack Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Language Pack - NLD Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Dutch Language Pack Microsoft .NET Framework 3.0 Nederlands taalpakket Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Software Update for Web Folders (Dutch) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Modem Helper Mozilla Firefox 20.0.1 (x86 nl) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Nero 7 Premium OGA Notifier 2.0.0048.0 Pakket voor de provider van Microsoft Base-smartcardcryptografieservice PCI Audio Driver PDFCreator Playchess PS_AIO_ProductContext PS_AIO_Software PS_AIO_Software_min PSSWCORE QuickTime Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI Shockwave Director 10.2 Skype Click to Call Skype™ 5.10 SmartWebPrinting SolutionCenter SoundMAX Spector Photo Software Status Symantec AntiVirus Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition Update voor Windows Internet Explorer 7 (KB976749) Update voor Windows Internet Explorer 7 (KB980182) Update voor Windows Internet Explorer 8 (KB976662) Update voor Windows XP (KB2141007) Update voor Windows XP (KB2345886) Update voor Windows XP (KB2541763) Update voor Windows XP (KB2607712) Update voor Windows XP (KB2616676) Update voor Windows XP (KB2641690) Update voor Windows XP (KB2661254-v2) Update voor Windows XP (KB2718704) Update voor Windows XP (KB2736233) Update voor Windows XP (KB2749655) Update voor Windows XP (KB951072-v2) Update voor Windows XP (KB951978) Update voor Windows XP (KB955759) Update voor Windows XP (KB955839) Update voor Windows XP (KB961503) Update voor Windows XP (KB967715) Update voor Windows XP (KB968389) Update voor Windows XP (KB971029) Update voor Windows XP (KB971737) Update voor Windows XP (KB973687) Update voor Windows XP (KB973815) VideoToolkit01 WebFldrs XP WebReg Windows Communication Foundation Language Pack - NLD Windows Defender Windows Driver Package - Microsoft (USBCCID) SmartCardReader (08/01/2006 5.2.3790.2724) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live - Hulpprogramma voor uploaden Windows Live aanmeldhulp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (NLD) Windows Workflow Foundation NL Language Pack Windows XP Service Pack 3 WinRAR archiver WinZip X Codec Pack XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 ==== FireFox Fix ====================== Deleted from C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== System Specs ====================== Windows: Windows XP Professional Service Pack 3 (Build 2600) Internet Explorer: 8.0.6001.18702 Memory (RAM): 2046 MB CPU Info: Intel® Core2 CPU 6300 @ 1.86GHz CPU Speed: 1822,4 MHz Sound Card: SoundMAX HD Audio | Display Adapters: 256MB ATI Radeon X1300PRO | 256MB ATI Radeon X1300PRO Secondary | NetMeeting driver | RDPDD Chained DD Monitors: 1x; Plug en Play-monitor | Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Broadcom NetXtreme 57xx Gigabit Controller - Pakketplanner-minipoort CD / DVD Drives: 1x (F: | ) F: TSSTcorpDVD+-RW TS-H653A Ports: COM1 LPT1 Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 74,5GB | D: 39,1GB | E: 75,4GB Hard Disks - Free: C: 25,1GB | D: 20,9GB | E: 27,6GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 05/21/07 | DELL - 14 Time Zone: West-Europa (standaardtijd) Motherboard *: Dell Inc. 0HR330 Sun Java version: 1.6.0_11 Country: België Language: NLB ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\Filip\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== 2013-05-04 18:35:18 DDF3B9CC3F0E8E1EC094D1CE89046C4A 1824 ----a-w- C:\WINDOWS\System32\.crusader ====== C:\WINDOWS\system32\drivers ===== 2013-05-06 17:32:30 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys 2013-05-04 18:38:28 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 30464 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== 2013-05-07 17:45:41 F1024A172708F9AAC4DC277F4E68B725 3340 ----a-w- C:\AdwCleaner[s1].txt ====== C:\Documents and Settings\Filip\Application Data ====== 2013-05-04 17:58:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-05-04 14:26:14 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\All Users\Application Data\as98213.txt ====== C:\Documents and Settings\Filip ====== 2013-05-04 15:52:46 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE 2013-05-04 15:52:36 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache ====== C: exe-files == 2013-05-07 17:43:45 A95866BA166A09E360BB88DA72D4531D 628743 ----a-w- C:\Documents and Settings\Filip\Mijn documenten\Downloads\adwcleaner.exe 2013-05-06 17:30:52 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Filip\Mijn documenten\Downloads\mbam-setup-1.75.0.1300.exe === C: other files == 2013-05-06 17:32:30 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_USERS\S-1-5-21-1177238915-1770027372-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe /P Belgacom" "ExtraFilmHemmaAgent"="C:\Program Files\Spector Photo Software\Agent.exe" "beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup" "dcmsvc"="C:\Program Files\dcmsvc\dcmsvc.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "IsaKbcCertUpdate"="C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C-Media Mixer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Mixer" "hkey"="HKLM" "command"="Mixer.exe /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxpers" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" ==== Startup Folders ====================== 2009-02-15 11:11:46 1879 -c--a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk 2013-02-14 21:56:11 1763 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk 2013-04-21 17:32:59 951 ----a-w- C:\Documents and Settings\Filip\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a--c--- ::C:\Program Files\Apple Software Update\SoftwareUpdate.exe [] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182406226.job --a--c--- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [09/04/2003 17:56] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/08/2012 14:05] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/08/2012 14:05] C:\WINDOWS\tasks\MP Scheduled Scan.job --ah----- C:\Program Files\Windows Defender\MpCmdRun.exe [03/11/2006 19:20] C:\WINDOWS\tasks\User_Feed_Synchronization-{DFC984F9-C404-45D9-A4CD-D6135A44C127}.job --ah-c--- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 05:31] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be.xpi ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default 3D928B3FE97C403A33F803B3D1A260C9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update 47299371607DC2FB234444EEACB1639E - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash 75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner + A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In 21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9 BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9 C41576CBD076B6895C20B465CDC26958 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9 C41576CBD076B6895C20B465CDC26958 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9 D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9 D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9 7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9 7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9 D9F5A433758BC151850E53690D57663A - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9 D9F5A433758BC151850E53690D57663A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9 2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9 2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9 8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9 8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9 BCA175A4D68910B97C9391F2B5F02A4D - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 1AFEEF6369E3153BD6A9050133FC291C - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll - Java Platform SE 6 U11 918822F22226B3C15ED4F17BB3670110 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U11 7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.iepersebc.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.iepersebc.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\Filip\Bureaublad\HiJackThis.lnk - C:\Documents and Settings\Filip\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\Filip\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\Filip\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Documents and Settings\Filip\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Scanner and Camera Wizard.lnk - C:\WINDOWS\system32\wiaacmgr.exe -SelectDevice C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Filip\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk - C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe C:\Documents and Settings\Filip\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Uninstall List x86 ====================== 32 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FDB3B167-F4FA-461D-976F-286304A57B2A}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR] Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin] Adobe Reader XI - Nederlands [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Adobe Shockwave Player 11.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player] AIO_Scan [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}] Apple Application Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE6097DD-05F4-4178-9719-D3170BF098E8}] Apple Software Update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}] ATI - Software Uninstall Utility [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\All ATI Software] ATI Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}] ATI Display Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver] Belgacom Genius [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FDE9FC7A-BF6D-4347-850D-05A16E6FEE17}] Belgium e-ID middleware 3.5.6 (build 6954) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824563DE-75AD-4166-9DC0-B6482F206954}] Broadcom Gigabit Integrated Controller [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}] BufferChm [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2662C24-B31E-4349-A084-32EB76E8B760}] C4200 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C39E671D-0528-4c5e-A034-8470C5BC393A}] C4200_doccd [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}] c4200_Help [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}] Colin McRae Rally 2005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC67770B-581D-4E96-B72A-A7907CE18725}] Copy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1753255A-0AEB-4220-8C75-607B73F0C133}] CustomerResearchQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}] dcmsvc 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\dcmsvc_is1] Dell Resource CD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2764CA82-DFB9-4498-AF85-719340BF5305}] Destination Component [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}] DeviceDiscovery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{22466889-7642-488d-AA0E-F619704CF7AB}] DeviceManagementQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}] DocProc [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}] DocProcQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87E2B986-07E8-477a-93DC-AF0B6758B192}] drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC411308-0458-4950-AB07-58A5703BE3C4}] Dropbox [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox] eSupportQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HiJackThis [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}] HP-software voor foto- en beeldbewerking 2.0 - All-in-One [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9867A917-5D17-40DE-83BA-BEA5293194B1}] HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}] HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP PSC 1200 Series] HP Customer Participation Program 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPExtendedCapabilities] HP Imaging Device Functions 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions] HP OCR Software 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPOCR] HP Photosmart All-In-One Software 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B09BCBF6-87EE-4403-A336-3A9510856535}] HP Photosmart Essential 2.01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential] HP Photosmart Essential2.01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8389382B-53BA-4A87-8854-91E3D80A5AC7}] hp psc 1200 series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C900EF06-2E76-49C7-8DB0-41F629B21DC5}] HP Smart Web Printing 4.60 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Smart Web Printing] HP Solution Center 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools] HP Update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}] HPProductAssistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AEA07F97-9088-497c-8821-0F36BD5DC251}] HPSSupply [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}] Intel® Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI] IP Camera [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IP Camera] IrfanView (remove only) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView] Java 6 Update 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}] Java 6 Update 3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}] Java SE Runtime Environment 6 Update 1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}] KaraFun 1.18 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KaraFun_is1] KBC-beveiligingscomponenten [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DFB06B7E-33CE-4BB6-95DF-31AD7B9BFE49}] LiveUpdate 2.6 (Symantec Corporation) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate] Malwarebytes Anti-Malware versie 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1] MarketingReg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{04441EE4-3631-43DB-813A-9D031380C8E5}] MarketResearch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13F00518-807A-4B3A-83B0-A7CD90F3A398}] McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan] Microsoft .NET Framework 1.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] Microsoft .NET Framework 1.1 Dutch Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}] Microsoft .NET Framework 1.1 Security Update (KB2698023) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\M2698023] Microsoft .NET Framework 1.1 Security Update (KB2742597) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\M2742597] Microsoft .NET Framework 1.1 Security Update (KB979906) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\M979906] Microsoft .NET Framework 2.0 Language Pack - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D610D81C-36EE-4E1B-8346-1F515A5AF032}] Microsoft .NET Framework 2.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] Microsoft .NET Framework 3.0 Dutch Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{64371D22-A18B-436E-863B-2E12DA8042FF}] Microsoft .NET Framework 3.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}] Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}] Microsoft Choice Guard [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}] Microsoft Compression Client Pack 1.0 for Windows XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1] Microsoft Internationalized Domain Names Mitigation APIs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs] Microsoft National Language Support Downlevel APIs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping] Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISER] Microsoft Office Live Add-in 1.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}] Microsoft Search Enhancement Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft User-Mode Driver Framework Feature Pack 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Modem Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}] Mozilla Firefox 20.0.1 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 20.0.1 (x86 nl)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] MSVCRT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}] MSXML 4.0 SP2 (KB936181) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] MSXML 6 Service Pack 2 (KB973686) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}] Nero 7 Premium [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EBD4524C-5C6D-442E-AE40-FA38A2CC1043}] OGA Notifier 2.0.0048.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}] PCI Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Audio Driver] PDFCreator [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}] Playchess [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97DB07C0-7E43-4C4A-8766-26396935F177}] PS_AIO_ProductContext [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FD7F242B-9AA0-40c3-941E-3A9821D19C09}] PS_AIO_Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D8B7A682-20DA-4797-8415-B1FB14D4D32B}] PS_AIO_Software_min [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}] PSSWCORE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}] QuickTime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C}] Scan [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}] Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}] Segoe UI [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}] Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6CF2967-C81E-40C0-9815-C05774FEF120}] Skype™ 5.10 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}] SmartWebPrinting [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}] SolutionCenter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}] SoundMAX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}] Spector Photo Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spector Photo Software] Status [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}] Symantec AntiVirus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}] Toolbox [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}] TrayApp [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{10E1E87C-656C-4D08-86D6-5443D28583BE}] UnloadSupport [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{543E938C-BDC4-4933-A612-01293996845F}] VideoToolkit01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824D3839-DAA1-4315-A822-7AE3E620E528}] WebFldrs XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}] WebReg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}] Windows Communication Foundation Language Pack - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18BA2F73-9F8E-4938-860E-F7BC31531608}] Windows Defender [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A06275F4-324B-4E85-95E6-87B2CD729401}] Windows Driver Package - Microsoft (USBCCID) SmartCardReader (08/01/2006 5.2.3790.2724) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\435403D41CB143EFFFCE801AFA6A0778EBC1DB1F] Windows Genuine Advantage Notifications (KB905474) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify] Windows Genuine Advantage Validation Tool (KB892130) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WGA] Windows Imaging Component [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC] Windows Internet Explorer 7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie7] Windows Internet Explorer 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie8] Windows Live - Hulpprogramma voor uploaden [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}] Windows Live aanmeldhulp [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1BD6AE96-4742-4498-9D03-9451C7E5A214}] Windows Live Call [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C20C2630-B3A7-44BA-BDD0-31E256AE490E}] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC38A00D-7EED-46CE-9281-D1D97B81F22A}] Windows Media Format 11 runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime] Windows Media Format 11 runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11] Windows Media Player 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player] Windows Media Player 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wmp11] Windows Presentation Foundation [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BAF78226-3200-4DB4-BE33-4D922A799840}] Windows Presentation Foundation Language Pack (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}] Windows Workflow Foundation NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A06BD059-8EDE-41F3-B91A-73C2C6811187}] Windows XP Service Pack 3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack] WinRAR archiver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] WinZip [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip] X Codec Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\X Codec Pack] XML Paper Specification Shared Components Language Pack 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\XPSEPSCLP] XML Paper Specification Shared Components Pack 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\XpsEPSC] ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [Nero AG] ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS] swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe [Analog Devices, Inc.] HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [intel Corporation] ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [null data] ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [symantec Corporation] vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe [symantec Corporation] Belgacom = "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom [supportSoft, Inc.] ExtraFilmHemmaAgent = "C:\Program Files\Spector Photo Software\Agent.exe" [null data] beid = "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup [belgian Government] dcmsvc = C:\Program Files\dcmsvc\dcmsvc.exe [null data] GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [MS] QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime [Apple Inc.] KernelFaultCheck = C:\WINDOWS\system32\dumprep 0 -k IsaKbcCertUpdate = C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe [isabel SA/NV] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0347C33E-8762-4905-BF09-768834316C61}\(Default) = HP Print Enhancer -> {HKLM...CLSID} = HP Print Enhancer \InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [Hewlett-Packard Co.] {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier -> {HKLM...CLSID} = MSS+ Identifier \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [McAfee, Inc.] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM...CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = Search Helper -> {HKLM...CLSID} = Search Helper \InProcServer32\(Default) = C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\ssv.dll [sun Microsystems, Inc.] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live Aanmelden - Help \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [sun Microsystems, Inc.] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = JQSIEStartDetectorImpl -> {HKLM...CLSID} = JQSIEStartDetectorImpl Class \InProcServer32\(Default) = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [sun Microsystems, Inc.] {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = HP Smart BHO Class -> {HKLM...CLSID} = HP Smart BHO Class \InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding -> {HKLM...CLSID} = HyperTerminal Icon Ext \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.] {E0D79304-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] {E0D79305-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] {E0D79306-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] {E0D79307-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] {BDA77241-42F6-11d0-85E2-00AA001FE28C} = LDVP Shell Extensions -> {HKLM...CLSID} = VpshellEx Class \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [symantec Corporation] {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler -> {HKLM...CLSID} = NeroDigitalIconHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG] {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler -> {HKLM...CLSID} = NeroDigitalPropSheetHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL [MS] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = Microsoft AntiMalware ShellExecuteHook -> {HKLM...CLSID} = Microsoft AntiMalware ShellExecuteHook \InProcServer32\(Default) = C:\PROGRA~1\WIFD1F~1\MpShHook.dll [MS] <<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = igfxdev.dll [intel Corporation] <<!>> NavLogon\DLLName = C:\WINDOWS\system32\NavLogon.dll [symantec Corporation] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> grooveLocalGWS\CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} -> {HKLM...CLSID} = Local Groove Web Services Protocol \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [MS] <<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] <<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ LDVPMenu\(Default) = {BDA77241-42F6-11d0-85E2-00AA001FE28C} -> {HKLM...CLSID} = VpshellEx Class \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [symantec Corporation] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [intel Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler -> {HKLM...CLSID} = NeroDigitalColumnHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu\(Default) = {BDA77241-42F6-11d0-85E2-00AA001FE28C} -> {HKLM...CLSID} = VpshellEx Class \InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [symantec Corporation] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} -> {HKLM...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ disableregistrytools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ disablecmd = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\WINDOWS\system32\config\systemprofile\Bureaublad\ANN&GHISLAIN_-21.jpg Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Documents and Settings\Filip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\WINDOWS\system32\ssstars.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ DropboxAutoplayProxy\ Provider = Dropbox InvokeProgID = Dropbox.AutoplayEventHandlerProxy InvokeVerb = import HKLM\SOFTWARE\Classes\Dropbox.AutoplayEventHandlerProxy\shell\import\DropTarget\CLSID = {F38F335B-BC2E-450E-8FC6-0E13E17FC8FE} -> {HKLM...CLSID} = Dropbox Autoplay Proxy COM Server \LocalServer32\(Default) = C:\Program Files\Dropbox\DropboxProxy.exe /autoplayproxy [Dropbox, Inc.] HPAutoplayPSE\ Provider = HP Photosmart Essential 2.01 InvokeProgID = HpqPSApl.Autoplay InvokeVerb = Play HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] NeroAutoPlay7AudioToNeroDigital\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay7 InvokeVerb = AudioToNeroDigital_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay7CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay7 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /New:AudioCD [Nero AG] NeroAutoPlay7CopyCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay7 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L [Nero AG] NeroAutoPlay7DataDisc\ Provider = Nero Express InvokeProgID = Nero.AutoPlay7 InvokeVerb = DataDisc_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /New:ISODisc [Nero AG] NeroAutoPlay7LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay7 InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] NeroAutoPlay7PlayAudioCD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay7 InvokeVerb = PlayAudioCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay7PlayDVD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay7 InvokeVerb = PlayDVD_PlayVideoFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay7RipCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay7 InvokeVerb = RipCD_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay7TranscodeVideo\ Provider = Nero Recode InvokeProgID = Nero.AutoPlay7 InvokeVerb = TranscodeVideo_PlayDVDMovieOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo [Nero AG] NeroAutoPlay7VideoCapture\ Provider = Nero Vision ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = /New:VideoCapture HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] NeroAutoPlay7ViewPhotos\ Provider = Nero PhotoSnap Viewer InvokeProgID = Nero.AutoPlay7 InvokeVerb = ViewPhotos_ShowPicturesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe / [Nero AG] Startup items in "Filip" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\Filip\Menu Start\Programma's\Opstarten {++} OneNote 2007 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten {++} HP Digital Imaging Monitor -> shortcut to: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.] McAfee Security Scan Plus -> shortcut to: C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [McAfee, Inc.] Enabled Scheduled Tasks: {++} ------------------------ AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] FRU Task #Hewlett-Packard#hp psc 1200 series#1182406226 -> launches: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1182406226" [empty string] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] MP Scheduled Scan -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges [MS] User_Feed_Synchronization-{DFC984F9-C404-45D9-A4CD-D6135A44C127} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\CLSID\{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = HP Smart Web Printing Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_bho.dll [Hewlett-Packard Co.] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = Verz&enden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call MenuText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoeken \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] {DDE87865-83C5-48C4-8357-2F5B1AA84522}\ ButtonText = Toon of verberg HP Smart Web Printing CLSIDExtension = {DDE87865-83C5-48c4-8357-2F5B1AA84522} -> {HKLM...CLSID} = ClipBookBtn Class \InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ ButtonText = Messenger MenuText = Windows Messenger Exec = C:\Program Files\Messenger\msmsgs.exe [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <<H>> _Tabs = res://ieframe.dll/tabswelcome.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.] HP CUE DeviceDiscovery-service, hpqddsvc, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]} hpqcxs08, hpqcxs08, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]} Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [sun Microsystems, Inc.] Machine Debug Manager, MDM, "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [MS] Net Driver HPZ12, Net Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZinw12.dll [Hewlett-Packard]} Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZipm12.dll [Hewlett-Packard]} PnkBstrA, PnkBstrA, C:\WINDOWS\system32\PnkBstrA.exe [null data] PnkBstrB, PnkBstrB, C:\WINDOWS\system32\PnkBstrB.exe [null data] SeaPort, SeaPort, "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [MS] SupportSoft Sprocket Service (belgacom), sprtsvc_belgacom, C:\Program Files\Belgacom\bin\sprtsvc.exe /service /p belgacom [supportSoft, Inc.] Symantec AntiVirus, Symantec AntiVirus, "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" [symantec Corporation] Symantec AntiVirus Definition Watcher, DefWatch, "C:\Program Files\Symantec AntiVirus\DefWatch.exe" [symantec Corporation] Symantec Event Manager, ccEvtMgr, "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" [symantec Corporation] Symantec Settings Manager, ccSetMgr, "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" [symantec Corporation] Windows Defender, WinDefend, "C:\Program Files\Windows Defender\MsMpEng.exe" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> hitmanpro37, <<!>> hitmanpro37.sys, <<!>> HitmanPro37Crusader, <<!>> HitmanPro37CrusaderBoot, HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> hitmanpro37, <<!>> hitmanpro37.sys, <<!>> HitmanPro37Crusader, <<!>> HitmanPro37CrusaderBoot, <<!>> SupportSoft RemoteAssist, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzsnt07\Driver = hpzsnt07.dll [HP] PCL Language Monitor\Driver = hpz3l5ha.dll [Hewlett-Packard Company] PDFCreator\Driver = pdfcmnnt.dll [null data] Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS] <<H>>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Bert\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Filip\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Filip\Local Settings\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\Filip\LOCALS~1\Temp successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Filip\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

Bedankt! Hier opnieuw het logbestandje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:06:29, on 8/05/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Spector Photo Software\Agent.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Een badminton club in Ieper voor jong en oud. - IBC - Ieperse Badminton Club R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.kbc.be O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 12449 bytes

Hallo, Opnieuw hartelijk dank voor jullie hulp! De trusted websites werden aangepast, en hieronder staat het logje van AdwCleaner. Ik post asap nog een logje van HiJackThis! # AdwCleaner v2.300 - Verslag gemaakt op 07/05/2013 om 19:45:41 # Geactualiseerd op 28/04/2013 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : Filip - PC_DEWEERDT # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Documents and Settings\Filip\Mijn documenten\Downloads\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijdert : C:\Program Files\MacroGaming ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} Sleutel Verwijdert : HKCU\Software\SWEETIE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{58906392-79C4-497C-ACC6-6942B59F1A08} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F6D63A65-BD23-46F3-B9A3-87F442423481} Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481} Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}] ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v20.0.1 (nl) File : C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v26.0.1410.64 File : C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [3211 octets] - [07/05/2013 19:45:41] ########## EOF - C:\AdwCleaner[s1].txt - [3271 octets] ########## - - - Updated - - - Here it is: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:02:47, on 7/05/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Spector Photo Software\Agent.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iepersebc.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.kbc.be O15 - Trusted Zone: http://www.kh.hu O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM) O15 - Trusted Zone: http://static.cbc.be (HKLM) O15 - Trusted Zone: http://www.cbccorporate.be (HKLM) O15 - Trusted Zone: http://www.csob.cz (HKLM) O15 - Trusted Zone: http://www.csob.sk (HKLM) O15 - Trusted Zone: http://col.isabel.be (HKLM) O15 - Trusted Zone: http://www.isabel.be (HKLM) O15 - Trusted Zone: http://www.beta.isabel.be (HKLM) O15 - Trusted Zone: http://col.isabel.eu (HKLM) O15 - Trusted Zone: http://www.isabel.eu (HKLM) O15 - Trusted Zone: http://www.beta.isabel.eu (HKLM) O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM) O15 - Trusted Zone: http://static.kbc.be (HKLM) O15 - Trusted Zone: http://www.kbcam.be (HKLM) O15 - Trusted Zone: http://www.kbcam.com (HKLM) O15 - Trusted Zone: http://www.kbcbankingforbusiness.com (HKLM) O15 - Trusted Zone: http://www.kbccorporates.com (HKLM) O15 - Trusted Zone: http://www.kbcfi.com (HKLM) O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM) O15 - Trusted Zone: http://www.kh.hu (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 13536 bytes

Dit is het log-bestandje, na het voltooien van de scan in MBAM: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.05.06.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Filip :: PC_DEWEERDT [administrator] 6/05/2013 19:33:55 mbam-log-2013-05-06 (19-33-55).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 327662 Verstreken tijd: 22 minuut/minuten, 48 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Documents and Settings\All Users\Application Data\rundll32.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) - - - Updated - - - En ivm de links in de "trusted zone": Mijn ouders doen geen transacties bij buitenlandse banken, dus in principe is dat niet "trusted" denk ik. Wat kunnen we hiermee doen? Alvast bedankt!! Bert

Hallo Mocht er iemand tijd hebben, zou het mogelijk zijn om mijn logje eens te controleren? Ik heb geen problemen met mijn computer, maar het is gewoon eens nazicht. Alvast hartelijk dank!! Bert ------------------------ Hier het logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:44:38, on 5/05/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\MouseServer\MouseServer.exe C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://athenax.ugent.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [MouseServer] "C:\Program Files (x86)\MouseServer\MouseServer.exe" O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - MSN Games - Free Online Games O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - MSN Games - Free Online Games O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11638 bytes

Heb het telefonisch kunnen laten doen. Dit is het logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:45:03, on 5/05/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spector Photo Software\Agent.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Een badminton club in Ieper voor jong en oud. - IBC - Ieperse Badminton Club R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://cbc-pdf.cbc.be O15 - Trusted Zone: CBC O15 - Trusted Zone: http://www.cbccorporate.be O15 - Trusted Zone: ?SOB - Úvodní stránka O15 - Trusted Zone: http://www.csob.sk O15 - Trusted Zone: http://col.isabel.be O15 - Trusted Zone: http://www.isabel.be O15 - Trusted Zone: http://www.beta.isabel.be O15 - Trusted Zone: http://col.isabel.eu O15 - Trusted Zone: http://www.isabel.eu O15 - Trusted Zone: http://www.beta.isabel.eu O15 - Trusted Zone: http://kbc-pdf.kbc.be O15 - Trusted Zone: KBC O15 - Trusted Zone: *.kbc.be O15 - Trusted Zone: KBC Asset Management O15 - Trusted Zone: http://www.kbcam.com O15 - Trusted Zone: http://www.kbcbankingforbusiness.com O15 - Trusted Zone: http://www.kbccorporates.com O15 - Trusted Zone: http://www.kbcfi.com O15 - Trusted Zone: *.kbcgroup.eu O15 - Trusted Zone: http://www.kbcmerchantbanking.com O15 - Trusted Zone: http://www.kh.hu O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM) O15 - Trusted Zone: CBC (HKLM) O15 - Trusted Zone: http://www.cbccorporate.be (HKLM) O15 - Trusted Zone: ?SOB - Úvodní stránka (HKLM) O15 - Trusted Zone: http://www.csob.sk (HKLM) O15 - Trusted Zone: http://col.isabel.be (HKLM) O15 - Trusted Zone: http://www.isabel.be (HKLM) O15 - Trusted Zone: http://www.beta.isabel.be (HKLM) O15 - Trusted Zone: http://col.isabel.eu (HKLM) O15 - Trusted Zone: http://www.isabel.eu (HKLM) O15 - Trusted Zone: http://www.beta.isabel.eu (HKLM) O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM) O15 - Trusted Zone: KBC (HKLM) O15 - Trusted Zone: KBC Asset Management (HKLM) O15 - Trusted Zone: http://www.kbcam.com (HKLM) O15 - Trusted Zone: http://www.kbcbankingforbusiness.com (HKLM) O15 - Trusted Zone: http://www.kbccorporates.com (HKLM) O15 - Trusted Zone: http://www.kbcfi.com (HKLM) O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM) O15 - Trusted Zone: http://www.kh.hu (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 14590 bytes

Sorry, met dat het virus niet meer verscheen ging ik ervan uit dat het opgelost was. Ook had ik het erg druk vandaag en kon ik nu pas het forum bekijken. In feite is de besmette computer die van mijn ouders, en zit ik tijdens de week op kot. Ik heb hen nu ingelicht wat de volgende stap is, maar het zal waarschijnlijk pas morgenavond zijn dat ik het logje zal kunnen posten!

Lijkt op het eerste zicht gelukt! Moet er nu nog iets gebeuren? Hier is het log-bestandje: HitmanPro 3.7.3.194 www.hitmanpro.com Computer name . . . . : PC_XXXXXXX Windows . . . . . . . : 5.1.3.2600.X86/2 Safe Mode Boot . . . : NETWORK User name . . . . . . : NT AUTHORITY\SYSTEM License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-05-04 20:27:15 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 37s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 2 Traces . . . . . . . : 7 Objects scanned . . . : 894.986 Files scanned . . . . : 50.513 Remnants scanned . . : 177.888 files / 666.585 keys Malware _____________________________________________________________________ C:\Documents and Settings\All Users\Application Data\hw1zd.dat -> PendingDelete Size . . . . . . . : 148.992 bytes Age . . . . . . . : 0.2 days (2013-05-04 16:26:11) Entropy . . . . . : 6.4 SHA-256 . . . . . : 9BE20B22538796907EAC17D677EDA27098EDE8D8E2021526AC57359EBE3C4CE3 Product . . . . . : Операционная система Microsoft® Windows® Publisher . . . . : Корпорация Майкрософт2 Description . . . : Программа входа в систему Windows NT Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Корпорация Майкрософт2. Все права защищены. Service . . . . . : winmgmt > Emsisoft . . . . . : Trojan.Win32.Agent.amn!A2 Fuzzy . . . . . . : 149.0 One or more antivirus vendors have indicated that the file is malicious. The file name extension of this program is not common. This file was most recently added as automatic startup. Uses the Startup folder in the Start Menu to run each time the user logs on. Starts automatically as a service during system bootup. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file is in use by one or more active processes. Authors name is missing in version info. This is not common to most programs. Startup C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\msconfig.lnk C:\Documents and Settings\XXX\Menu Start\Programma's\Opstarten\msconfig.lnk C:\Documents and Settings\XXXX\Menu Start\Programma's\Opstarten\msconfig.lnk HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\ Forensic Cluster -29.2s C:\Documents and Settings\XXXX\Cookies\U16IPSO5.txt -16.7s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFEB48.tmp -15.9s C:\WINDOWS\Prefetch\RUNDLL32.EXE-186EE15D.pf -11.9s C:\Documents and Settings\XXXX\Cookies\BUFYP578.txt -8.4s C:\Documents and Settings\XXXX\Cookies\QZHEUO2N.txt -8.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E7.tmp -8.3s C:\Documents and Settings\XXXX\Cookies\4MALBVA8.txt -8.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E8.tmp -7.7s C:\Documents and Settings\XXXX\Cookies\ABD51FAG.txt -7.3s C:\Documents and Settings\XXXX\Cookies\MVP3R31Z.txt -6.5s C:\Documents and Settings\XXXX\Cookies\XTKKRUGR.txt -6.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E9.tmp -5.1s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\ -5.1s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\1596 -3.9s C:\Documents and Settings\XXXX\Local Settings\Temp\java_install_reg.log -3.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4EA.tmp -2.0s C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf -1.2s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50.idx -1.2s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50 -1.2s C:\Documents and Settings\XXXX\Local Settings\Temp\jar_cache2632780979780863801.tmp -0.8s C:\Documents and Settings\XXXX\8178298.dll -0.1s C:\Documents and Settings\All Users\Application Data\rundll32.exe 0.0s C:\Documents and Settings\All Users\Application Data\hw1zd.dat 0.2s C:\Documents and Settings\All Users\Application Data\dz1wh.pad 2.1s C:\Documents and Settings\All Users\Application Data\as98213.txt 2.5s C:\Documents and Settings\XXXX\Menu Start\Programma's\Opstarten\msconfig.lnk 5.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF7613.tmp 5.2s C:\Documents and Settings\XXXX\Application Data\Dropbox\shellext\l\51851a89 5.6s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFA544.tmp 7.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF28C1.tmp 7.6s C:\Documents and Settings\XXXX\Cookies\FKKVS547.txt 18.2s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF1FE1.tmp 18.2s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2043.tmp 18.2s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF20C5.tmp 18.3s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2129.tmp 19.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013932.tmp 19.3s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B14.tmp 19.4s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B24.tmp 20.0s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00027206.tmp 22.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00004982.tmp 28.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017498.tmp 28.2s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00031812.tmp 28.2s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017652.tmp 28.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00026892.tmp 28.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00021498.tmp 28.6s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00022654.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00023096.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00018857.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013846.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00030251.tmp 29.3s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017455.tmp 29.3s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00005572.tmp 29.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00000993.tmp 29.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00015638.tmp C:\Documents and Settings\XXXX\8178298.dll -> Quarantined Size . . . . . . . : 148.992 bytes Age . . . . . . . : 0.2 days (2013-05-04 16:26:11) Entropy . . . . . : 6.4 SHA-256 . . . . . : 9BE20B22538796907EAC17D677EDA27098EDE8D8E2021526AC57359EBE3C4CE3 Product . . . . . : Операционная система Microsoft® Windows® Publisher . . . . : Корпорация Майкрософт2 Description . . . : Программа входа в систему Windows NT Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Корпорация Майкрософт2. Все права защищены. > Emsisoft . . . . . : Trojan.Win32.Agent.amn!A2 Fuzzy . . . . . . : 103.0 Forensic Cluster -28.5s C:\Documents and Settings\XXXX\Cookies\U16IPSO5.txt -16.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFEB48.tmp -15.1s C:\WINDOWS\Prefetch\RUNDLL32.EXE-186EE15D.pf -11.2s C:\Documents and Settings\XXXX\Cookies\BUFYP578.txt -7.7s C:\Documents and Settings\XXXX\Cookies\QZHEUO2N.txt -7.6s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E7.tmp -7.5s C:\Documents and Settings\XXXX\Cookies\4MALBVA8.txt -7.5s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E8.tmp -7.0s C:\Documents and Settings\XXXX\Cookies\ABD51FAG.txt -6.5s C:\Documents and Settings\XXXX\Cookies\MVP3R31Z.txt -5.8s C:\Documents and Settings\XXXX\Cookies\XTKKRUGR.txt -5.6s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E9.tmp -4.4s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\ -4.3s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\1596 -3.2s C:\Documents and Settings\XXXX\Local Settings\Temp\java_install_reg.log -2.5s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4EA.tmp -1.3s C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf -0.4s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50.idx -0.4s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50 -0.4s C:\Documents and Settings\XXXX\Local Settings\Temp\jar_cache2632780979780863801.tmp 0.0s C:\Documents and Settings\XXXX\8178298.dll 0.6s C:\Documents and Settings\All Users\Application Data\rundll32.exe 0.8s C:\Documents and Settings\All Users\Application Data\hw1zd.dat 0.9s C:\Documents and Settings\All Users\Application Data\dz1wh.pad 2.8s C:\Documents and Settings\All Users\Application Data\as98213.txt 3.3s C:\Documents and Settings\XXXX\Menu Start\Programma's\Opstarten\msconfig.lnk 5.8s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF7613.tmp 6.0s C:\Documents and Settings\XXXX\Application Data\Dropbox\shellext\l\51851a89 6.3s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFA544.tmp 7.8s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF28C1.tmp 8.3s C:\Documents and Settings\XXXX\Cookies\FKKVS547.txt 18.9s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF1FE1.tmp 19.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2043.tmp 19.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF20C5.tmp 19.1s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2129.tmp 19.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013932.tmp 20.1s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B14.tmp 20.1s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B24.tmp 20.8s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00027206.tmp 23.3s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00004982.tmp 28.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017498.tmp 28.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00031812.tmp 29.0s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017652.tmp 29.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00026892.tmp 29.2s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00021498.tmp 29.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00022654.tmp 29.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00023096.tmp 29.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00018857.tmp 29.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013846.tmp 29.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00030251.tmp 30.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017455.tmp 30.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00005572.tmp 30.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00000993.tmp 30.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00015638.tmp Heel hard bedankt!!! Gelukkig bestaat er nog zo'n team als dat van jullie

Update: In veilige modus is er geen internetverbinding om de licentie te activeren. Daarom opnieuw begonnen, deze keer via "veilige modus met netwerkmogelijkheden".

Met wat te prutsen en ongeoorloofd de aan- en uitknop indrukken kon ik tegelijk van de USB én in veilige modus opstarten. Nu is Kickstart er wel, na ongeveer 15 seconden te hebben gewacht bij het kiezen van een gebruiker. Eens zien wat dit geeft, update komt er zometeen aan!

Jion, Zoals je op de foto kan zien start de computer op via Kickstart. Toch neemt het virus nog steeds over vanaf het moment dat ik me heb aangemeld bij een gebruiker. Mvg, Bert

Ik heb kickstart kunnen installeren op de USB. Het lag domweg aan het feit dat het .exe bestand zelf op de USB stond... En niet op het bureaublad, zoals gevraagd was. Na wat zoeken kon ik de pc opstarten vanop USB-device (via "boot setup") heb ik alle andere boot-opties uitgeschakeld. De pc start op, tot ik de gebruikers zie staan. Hier staat echter dat kickstart na 15seconden automatisch zou moeten starten, dat is niet het geval. Als ik dan een gebruiker aanklik, dan komt hetzelfde virus weer tevoorschijn en kan ik opnieuw niks meer doen...

Bedankt voor het snel antwoord. Mijn onbesmette pc is echter een 64-bit besturingssysteem, de besmette is een 32-bit. Om de 32-bit Kickstart te installeren lukt het niet op een 64-bit laptop. Kan ik dan 64-bit Kickstart installeren om dan te gebruiken op een 32-bit computer? Daarnaast heb ik wel nog een 32-bit laptop, maar het installeren van de Kickstart mislukt altijd als die op 100% staat. De foutmelding is: "Het aanmalekn van de HitmanPro.Kickstart USB-stick is mislukt. #5, lock " Doe ik iets verkeerd? Hartelijk dank voor uw reactie. Mvg, Bert