bdeweerdt
-
Items
38 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door bdeweerdt
-
-
Update geïnstalleerd. Zijn er nog te ondernemen stappen?
Bedankt!
-
Met wat vertraging hier het gevraagde log(je)!
Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by Filip on zo 12/05/2013 at 17:10:50,29.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spector Photo Software\Agent.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\IrfanView\I_VIEW32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Filip\Bureaublad\zoek.exe
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI - Nederlands
Adobe Shockwave Player 11.5
AIO_Scan
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Belgacom Genius
Belgium e-ID middleware 3.5.6 (build 6954)
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Microsoft Windows (KB2564958)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB982381)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2530548)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2647516)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2675157)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2699988)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2722913)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2761465)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2792100)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2797052)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2799329)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2809289)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2817183)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows Media Player 9 (KB917734)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476490)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479628)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2481109)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485376)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2503665)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2507938)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB2535512)
Beveiligingsupdate voor Windows XP (KB2536276-v2)
Beveiligingsupdate voor Windows XP (KB2536276)
Beveiligingsupdate voor Windows XP (KB2544893-v2)
Beveiligingsupdate voor Windows XP (KB2544893)
Beveiligingsupdate voor Windows XP (KB2555917)
Beveiligingsupdate voor Windows XP (KB2562937)
Beveiligingsupdate voor Windows XP (KB2566454)
Beveiligingsupdate voor Windows XP (KB2567053)
Beveiligingsupdate voor Windows XP (KB2567680)
Beveiligingsupdate voor Windows XP (KB2570222)
Beveiligingsupdate voor Windows XP (KB2570947)
Beveiligingsupdate voor Windows XP (KB2584146)
Beveiligingsupdate voor Windows XP (KB2585542)
Beveiligingsupdate voor Windows XP (KB2592799)
Beveiligingsupdate voor Windows XP (KB2598479)
Beveiligingsupdate voor Windows XP (KB2603381)
Beveiligingsupdate voor Windows XP (KB2618451)
Beveiligingsupdate voor Windows XP (KB2619339)
Beveiligingsupdate voor Windows XP (KB2620712)
Beveiligingsupdate voor Windows XP (KB2621440)
Beveiligingsupdate voor Windows XP (KB2624667)
Beveiligingsupdate voor Windows XP (KB2631813)
Beveiligingsupdate voor Windows XP (KB2633171)
Beveiligingsupdate voor Windows XP (KB2639417)
Beveiligingsupdate voor Windows XP (KB2641653)
Beveiligingsupdate voor Windows XP (KB2646524)
Beveiligingsupdate voor Windows XP (KB2647518)
Beveiligingsupdate voor Windows XP (KB2653956)
Beveiligingsupdate voor Windows XP (KB2655992)
Beveiligingsupdate voor Windows XP (KB2659262)
Beveiligingsupdate voor Windows XP (KB2660465)
Beveiligingsupdate voor Windows XP (KB2661637)
Beveiligingsupdate voor Windows XP (KB2676562)
Beveiligingsupdate voor Windows XP (KB2685939)
Beveiligingsupdate voor Windows XP (KB2686509)
Beveiligingsupdate voor Windows XP (KB2691442)
Beveiligingsupdate voor Windows XP (KB2695962)
Beveiligingsupdate voor Windows XP (KB2698365)
Beveiligingsupdate voor Windows XP (KB2705219)
Beveiligingsupdate voor Windows XP (KB2707511)
Beveiligingsupdate voor Windows XP (KB2709162)
Beveiligingsupdate voor Windows XP (KB2712808)
Beveiligingsupdate voor Windows XP (KB2718523)
Beveiligingsupdate voor Windows XP (KB2719985)
Beveiligingsupdate voor Windows XP (KB2723135)
Beveiligingsupdate voor Windows XP (KB2724197)
Beveiligingsupdate voor Windows XP (KB2727528)
Beveiligingsupdate voor Windows XP (KB2731847)
Beveiligingsupdate voor Windows XP (KB2753842-v2)
Beveiligingsupdate voor Windows XP (KB2753842)
Beveiligingsupdate voor Windows XP (KB2757638)
Beveiligingsupdate voor Windows XP (KB2758857)
Beveiligingsupdate voor Windows XP (KB2761226)
Beveiligingsupdate voor Windows XP (KB2770660)
Beveiligingsupdate voor Windows XP (KB2778344)
Beveiligingsupdate voor Windows XP (KB2779030)
Beveiligingsupdate voor Windows XP (KB2780091)
Beveiligingsupdate voor Windows XP (KB2799494)
Beveiligingsupdate voor Windows XP (KB2802968)
Beveiligingsupdate voor Windows XP (KB2807986)
Beveiligingsupdate voor Windows XP (KB2808735)
Beveiligingsupdate voor Windows XP (KB2813170)
Beveiligingsupdate voor Windows XP (KB2813345)
Beveiligingsupdate voor Windows XP (KB2820917)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB971961)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981349)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Broadcom Gigabit Integrated Controller
BufferChm
C4200
C4200_doccd
c4200_Help
Colin McRae Rally 2005
Copy
CustomerResearchQFolder
dcmsvc 1.0
Dell Resource CD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
drivers
Dropbox
Essentiële update voor Windows Media Player 11 (KB959772)
eSupportQFolder
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB2443685)
Hotfix voor Windows XP (KB2570791)
Hotfix voor Windows XP (KB2633952)
Hotfix voor Windows XP (KB2756822)
Hotfix voor Windows XP (KB2779562)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
HP-software voor foto- en beeldbewerking 2.0 - All-in-One
HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma
HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
hp psc 1200 series
HP Smart Web Printing 4.60
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
IP Camera
IrfanView (remove only)
Java 6 Update 11
Java 6 Update 3
Java SE Runtime Environment 6 Update 1
KaraFun 1.18
KBC-beveiligingscomponenten
KBC Trusted Sites
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes Anti-Malware versie 1.75.0.1300
MarketingReg
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Dutch Language Pack
Microsoft .NET Framework 3.0 Nederlands taalpakket
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Dutch) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox 20.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Premium
OGA Notifier 2.0.0048.0
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
PCI Audio Driver
PDFCreator
Playchess
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Shockwave Director 10.2
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
SoundMAX
Spector Photo Software
Status
Symantec AntiVirus
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update voor Windows Internet Explorer 7 (KB976749)
Update voor Windows Internet Explorer 7 (KB980182)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
Update voor Windows XP (KB2541763)
Update voor Windows XP (KB2607712)
Update voor Windows XP (KB2616676)
Update voor Windows XP (KB2641690)
Update voor Windows XP (KB2661254-v2)
Update voor Windows XP (KB2718704)
Update voor Windows XP (KB2736233)
Update voor Windows XP (KB2749655)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971029)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Communication Foundation Language Pack - NLD
Windows Defender
Windows Driver Package - Microsoft (USBCCID) SmartCardReader (08/01/2006 5.2.3790.2724)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (NLD)
Windows Workflow Foundation NL Language Pack
Windows XP Service Pack 3
WinRAR archiver
WinZip
X Codec Pack
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== System Specs ======================
Windows: Windows XP Professional Service Pack 3 (Build 2600)
Internet Explorer: 8.0.6001.18702
Memory (RAM): 2046 MB
CPU Info: Intel® Core2 CPU 6300 @ 1.86GHz
CPU Speed: 1822,4 MHz
Sound Card: SoundMAX HD Audio |
Display Adapters: 256MB ATI Radeon X1300PRO | 256MB ATI Radeon X1300PRO Secondary | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug en Play-monitor |
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: Broadcom NetXtreme 57xx Gigabit Controller - Pakketplanner-minipoort
CD / DVD Drives: 1x (F: | ) F: TSSTcorpDVD+-RW TS-H653A
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 74,5GB | D: 39,1GB | E: 75,4GB
Hard Disks - Free: C: 25,1GB | D: 20,9GB | E: 27,6GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 05/21/07 | DELL - 14
Time Zone: West-Europa (standaardtijd)
Motherboard *: Dell Inc. 0HR330
Sun Java version: 1.6.0_11
Country: België
Language: NLB
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\Filip\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
2013-05-04 18:35:18 DDF3B9CC3F0E8E1EC094D1CE89046C4A 1824 ----a-w- C:\WINDOWS\System32\.crusader
====== C:\WINDOWS\system32\drivers =====
2013-05-06 17:32:30 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-05-04 18:38:28 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 30464 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
2013-05-07 17:45:41 F1024A172708F9AAC4DC277F4E68B725 3340 ----a-w- C:\AdwCleaner[s1].txt
====== C:\Documents and Settings\Filip\Application Data ======
2013-05-04 17:58:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-05-04 14:26:14 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\All Users\Application Data\as98213.txt
====== C:\Documents and Settings\Filip ======
2013-05-04 15:52:46 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE
2013-05-04 15:52:36 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache
====== C: exe-files ==
2013-05-07 17:43:45 A95866BA166A09E360BB88DA72D4531D 628743 ----a-w- C:\Documents and Settings\Filip\Mijn documenten\Downloads\adwcleaner.exe
2013-05-06 17:30:52 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Filip\Mijn documenten\Downloads\mbam-setup-1.75.0.1300.exe
=== C: other files ==
2013-05-06 17:32:30 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"
[HKEY_USERS\S-1-5-21-1177238915-1770027372-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe"
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe /P Belgacom"
"ExtraFilmHemmaAgent"="C:\Program Files\Spector Photo Software\Agent.exe"
"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"
"dcmsvc"="C:\Program Files\dcmsvc\dcmsvc.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"
"IsaKbcCertUpdate"="C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C-Media Mixer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mixer"
"hkey"="HKLM"
"command"="Mixer.exe /startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
==== Startup Folders ======================
2009-02-15 11:11:46 1879 -c--a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
2013-02-14 21:56:11 1763 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk
2013-04-21 17:32:59 951 ----a-w- C:\Documents and Settings\Filip\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a--c--- ::C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182406226.job --a--c--- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [09/04/2003 17:56]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/08/2012 14:05]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/08/2012 14:05]
C:\WINDOWS\tasks\MP Scheduled Scan.job --ah----- C:\Program Files\Windows Defender\MpCmdRun.exe [03/11/2006 19:20]
C:\WINDOWS\tasks\User_Feed_Synchronization-{DFC984F9-C404-45D9-A4CD-D6135A44C127}.job --ah-c--- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 05:31]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default
3D928B3FE97C403A33F803B3D1A260C9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
47299371607DC2FB234444EEACB1639E - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner +
A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
C41576CBD076B6895C20B465CDC26958 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
C41576CBD076B6895C20B465CDC26958 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
D9F5A433758BC151850E53690D57663A - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
D9F5A433758BC151850E53690D57663A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
BCA175A4D68910B97C9391F2B5F02A4D - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
1AFEEF6369E3153BD6A9050133FC291C - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll - Java Platform SE 6 U11
918822F22226B3C15ED4F17BB3670110 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java Platform SE 6 U11
7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.iepersebc.be/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.iepersebc.be/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\Filip\Bureaublad\HiJackThis.lnk - C:\Documents and Settings\Filip\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\Filip\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\Filip\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Documents and Settings\Filip\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Scanner and Camera Wizard.lnk - C:\WINDOWS\system32\wiaacmgr.exe -SelectDevice
C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Filip\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk - C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Documents and Settings\Filip\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Uninstall List x86 ======================
32 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FDB3B167-F4FA-461D-976F-286304A57B2A}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Reader XI - Nederlands [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}]
Adobe Shockwave Player 11.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
AIO_Scan [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE6097DD-05F4-4178-9719-D3170BF098E8}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}]
ATI - Software Uninstall Utility [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\All ATI Software]
ATI Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}]
ATI Display Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver]
Belgacom Genius [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FDE9FC7A-BF6D-4347-850D-05A16E6FEE17}]
Belgium e-ID middleware 3.5.6 (build 6954) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824563DE-75AD-4166-9DC0-B6482F206954}]
Broadcom Gigabit Integrated Controller [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}]
BufferChm [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2662C24-B31E-4349-A084-32EB76E8B760}]
C4200 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C39E671D-0528-4c5e-A034-8470C5BC393A}]
C4200_doccd [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}]
c4200_Help [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}]
Colin McRae Rally 2005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC67770B-581D-4E96-B72A-A7907CE18725}]
Copy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1753255A-0AEB-4220-8C75-607B73F0C133}]
CustomerResearchQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}]
dcmsvc 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\dcmsvc_is1]
Dell Resource CD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2764CA82-DFB9-4498-AF85-719340BF5305}]
Destination Component [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}]
DeviceDiscovery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{22466889-7642-488d-AA0E-F619704CF7AB}]
DeviceManagementQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}]
DocProc [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}]
DocProcQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87E2B986-07E8-477a-93DC-AF0B6758B192}]
drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC411308-0458-4950-AB07-58A5703BE3C4}]
Dropbox [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox]
eSupportQFolder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
HiJackThis [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}]
HP-software voor foto- en beeldbewerking 2.0 - All-in-One [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9867A917-5D17-40DE-83BA-BEA5293194B1}]
HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}]
HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP PSC 1200 Series]
HP Customer Participation Program 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPExtendedCapabilities]
HP Imaging Device Functions 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions]
HP OCR Software 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPOCR]
HP Photosmart All-In-One Software 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B09BCBF6-87EE-4403-A336-3A9510856535}]
HP Photosmart Essential 2.01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential]
HP Photosmart Essential2.01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8389382B-53BA-4A87-8854-91E3D80A5AC7}]
hp psc 1200 series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C900EF06-2E76-49C7-8DB0-41F629B21DC5}]
HP Smart Web Printing 4.60 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Smart Web Printing]
HP Solution Center 9.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools]
HP Update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}]
HPProductAssistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AEA07F97-9088-497c-8821-0F36BD5DC251}]
HPSSupply [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}]
Intel® Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI]
IP Camera [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IP Camera]
IrfanView (remove only) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView]
Java 6 Update 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}]
Java 6 Update 3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}]
Java SE Runtime Environment 6 Update 1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}]
KaraFun 1.18 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KaraFun_is1]
KBC-beveiligingscomponenten [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DFB06B7E-33CE-4BB6-95DF-31AD7B9BFE49}]
LiveUpdate 2.6 (Symantec Corporation) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate]
Malwarebytes Anti-Malware versie 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]
MarketingReg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{04441EE4-3631-43DB-813A-9D031380C8E5}]
MarketResearch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13F00518-807A-4B3A-83B0-A7CD90F3A398}]
McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
Microsoft .NET Framework 1.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
Microsoft .NET Framework 1.1 Dutch Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}]
Microsoft .NET Framework 1.1 Security Update (KB2698023) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\M2698023]
Microsoft .NET Framework 1.1 Security Update (KB2742597) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\M2742597]
Microsoft .NET Framework 1.1 Security Update (KB979906) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\M979906]
Microsoft .NET Framework 2.0 Language Pack - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D610D81C-36EE-4E1B-8346-1F515A5AF032}]
Microsoft .NET Framework 2.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
Microsoft .NET Framework 3.0 Dutch Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{64371D22-A18B-436E-863B-2E12DA8042FF}]
Microsoft .NET Framework 3.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}]
Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]
Microsoft Choice Guard [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}]
Microsoft Compression Client Pack 1.0 for Windows XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1]
Microsoft Internationalized Domain Names Mitigation APIs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs]
Microsoft National Language Support Downlevel APIs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping]
Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISER]
Microsoft Office Live Add-in 1.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}]
Microsoft Search Enhancement Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft User-Mode Driver Framework Feature Pack 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Modem Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}]
Mozilla Firefox 20.0.1 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 20.0.1 (x86 nl)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}]
MSXML 4.0 SP2 (KB936181) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
MSXML 6 Service Pack 2 (KB973686) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}]
Nero 7 Premium [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EBD4524C-5C6D-442E-AE40-FA38A2CC1043}]
OGA Notifier 2.0.0048.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}]
PCI Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Audio Driver]
PDFCreator [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}]
Playchess [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97DB07C0-7E43-4C4A-8766-26396935F177}]
PS_AIO_ProductContext [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FD7F242B-9AA0-40c3-941E-3A9821D19C09}]
PS_AIO_Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D8B7A682-20DA-4797-8415-B1FB14D4D32B}]
PS_AIO_Software_min [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}]
PSSWCORE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}]
QuickTime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C}]
Scan [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}]
Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}]
Segoe UI [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}]
Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6CF2967-C81E-40C0-9815-C05774FEF120}]
Skype™ 5.10 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}]
SmartWebPrinting [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}]
SolutionCenter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}]
SoundMAX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}]
Spector Photo Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spector Photo Software]
Status [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}]
Symantec AntiVirus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}]
Toolbox [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}]
TrayApp [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{10E1E87C-656C-4D08-86D6-5443D28583BE}]
UnloadSupport [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{543E938C-BDC4-4933-A612-01293996845F}]
VideoToolkit01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{824D3839-DAA1-4315-A822-7AE3E620E528}]
WebFldrs XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}]
WebReg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}]
Windows Communication Foundation Language Pack - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18BA2F73-9F8E-4938-860E-F7BC31531608}]
Windows Defender [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A06275F4-324B-4E85-95E6-87B2CD729401}]
Windows Driver Package - Microsoft (USBCCID) SmartCardReader (08/01/2006 5.2.3790.2724) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\435403D41CB143EFFFCE801AFA6A0778EBC1DB1F]
Windows Genuine Advantage Notifications (KB905474) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify]
Windows Genuine Advantage Validation Tool (KB892130) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WGA]
Windows Imaging Component [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC]
Windows Internet Explorer 7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie7]
Windows Internet Explorer 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie8]
Windows Live - Hulpprogramma voor uploaden [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}]
Windows Live aanmeldhulp [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1BD6AE96-4742-4498-9D03-9451C7E5A214}]
Windows Live Call [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C20C2630-B3A7-44BA-BDD0-31E256AE490E}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC38A00D-7EED-46CE-9281-D1D97B81F22A}]
Windows Media Format 11 runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
Windows Media Format 11 runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11]
Windows Media Player 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player]
Windows Media Player 11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wmp11]
Windows Presentation Foundation [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BAF78226-3200-4DB4-BE33-4D922A799840}]
Windows Presentation Foundation Language Pack (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}]
Windows Workflow Foundation NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A06BD059-8EDE-41F3-B91A-73C2C6811187}]
Windows XP Service Pack 3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack]
WinRAR archiver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
WinZip [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip]
X Codec Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\X Codec Pack]
XML Paper Specification Shared Components Language Pack 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\XPSEPSCLP]
XML Paper Specification Shared Components Pack 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\XpsEPSC]
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat!
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [Nero AG]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe [Analog Devices, Inc.]
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [intel Corporation]
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [null data]
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [symantec Corporation]
vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe [symantec Corporation]
Belgacom = "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom [supportSoft, Inc.]
ExtraFilmHemmaAgent = "C:\Program Files\Spector Photo Software\Agent.exe" [null data]
beid = "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup [belgian Government]
dcmsvc = C:\Program Files\dcmsvc\dcmsvc.exe [null data]
GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [MS]
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime [Apple Inc.]
KernelFaultCheck = C:\WINDOWS\system32\dumprep 0 -k
IsaKbcCertUpdate = C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe [isabel SA/NV]
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0347C33E-8762-4905-BF09-768834316C61}\(Default) = HP Print Enhancer
-> {HKLM...CLSID} = HP Print Enhancer
\InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [Hewlett-Packard Co.]
{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier
-> {HKLM...CLSID} = MSS+ Identifier
\InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [McAfee, Inc.]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM...CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = Search Helper
-> {HKLM...CLSID} = Search Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [MS]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\ssv.dll [sun Microsystems, Inc.]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live Aanmelden - Help
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
-> {HKLM...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [sun Microsystems, Inc.]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = JQSIEStartDetectorImpl
-> {HKLM...CLSID} = JQSIEStartDetectorImpl Class
\InProcServer32\(Default) = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [sun Microsystems, Inc.]
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = HP Smart BHO Class
-> {HKLM...CLSID} = HP Smart BHO Class
\InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding
-> {HKLM...CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]
{E0D79304-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
{E0D79305-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
{E0D79306-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
{E0D79307-84BE-11CE-9641-444553540000} = WinZip
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = LDVP Shell Extensions
-> {HKLM...CLSID} = VpshellEx Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [symantec Corporation]
{B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler
-> {HKLM...CLSID} = NeroDigitalIconHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG]
{7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler
-> {HKLM...CLSID} = NeroDigitalPropSheetHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
-> {HKLM...CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM...CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM...CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM...CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM...CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM...CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL [MS]
{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM...CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL [MS]
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = Microsoft AntiMalware ShellExecuteHook
-> {HKLM...CLSID} = Microsoft AntiMalware ShellExecuteHook
\InProcServer32\(Default) = C:\PROGRA~1\WIFD1F~1\MpShHook.dll [MS]
<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM...CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = igfxdev.dll [intel Corporation]
<<!>> NavLogon\DLLName = C:\WINDOWS\system32\NavLogon.dll [symantec Corporation]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> grooveLocalGWS\CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD}
-> {HKLM...CLSID} = Local Groove Web Services Protocol
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [MS]
<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]
<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
-> {HKLM...CLSID} = HxProtocol Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]
<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]
<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}
-> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol
\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]
<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
-> {HKLM...CLSID} = IEProtocolHandler Class
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = {BDA77241-42F6-11d0-85E2-00AA001FE28C}
-> {HKLM...CLSID} = VpshellEx Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [symantec Corporation]
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\
NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
-> {HKLM...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Documents and Settings\Filip\Application Data\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [intel Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler
-> {HKLM...CLSID} = NeroDigitalColumnHandler Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll [Nero AG]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = {BDA77241-42F6-11d0-85E2-00AA001FE28C}
-> {HKLM...CLSID} = VpshellEx Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [symantec Corporation]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
-> {HKLM...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]
WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000}
-> {HKLM...CLSID} = WinZip
\InProcServer32\(Default) = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [WinZip Computing, Inc.]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
disableregistrytools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKCU\Software\Policies\Microsoft\Windows\System\
disablecmd = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Bureaublad\ANN&GHISLAIN_-21.jpg
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\Filip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\system32\ssstars.scr [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
DropboxAutoplayProxy\
Provider = Dropbox
InvokeProgID = Dropbox.AutoplayEventHandlerProxy
InvokeVerb = import
HKLM\SOFTWARE\Classes\Dropbox.AutoplayEventHandlerProxy\shell\import\DropTarget\CLSID = {F38F335B-BC2E-450E-8FC6-0E13E17FC8FE}
-> {HKLM...CLSID} = Dropbox Autoplay Proxy COM Server
\LocalServer32\(Default) = C:\Program Files\Dropbox\DropboxProxy.exe /autoplayproxy [Dropbox, Inc.]
HPAutoplayPSE\
Provider = HP Photosmart Essential 2.01
InvokeProgID = HpqPSApl.Autoplay
InvokeVerb = Play
HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1}
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard]
MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]
NeroAutoPlay7AudioToNeroDigital\
Provider = Nero Burning ROM
InvokeProgID = Nero.AutoPlay7
InvokeVerb = AudioToNeroDigital_PlayCDAudioOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L [Nero AG]
NeroAutoPlay7CDAudio\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay7
InvokeVerb = CDAudio_HandleCDBurningOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /New:AudioCD [Nero AG]
NeroAutoPlay7CopyCD\
Provider = Nero Burning ROM
InvokeProgID = Nero.AutoPlay7
InvokeVerb = CopyCD_PlayMusicFilesOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L [Nero AG]
NeroAutoPlay7DataDisc\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay7
InvokeVerb = DataDisc_HandleCDBurningOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /New:ISODisc [Nero AG]
NeroAutoPlay7LaunchNeroStartSmart\
Provider = Nero StartSmart
InvokeProgID = Nero.AutoPlay7
InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG]
NeroAutoPlay7PlayAudioCD\
Provider = Nero ShowTime
InvokeProgID = Nero.AutoPlay7
InvokeVerb = PlayAudioCD_PlayMusicFilesOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L [Nero AG]
NeroAutoPlay7PlayDVD\
Provider = Nero ShowTime
InvokeProgID = Nero.AutoPlay7
InvokeVerb = PlayDVD_PlayVideoFilesOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L [Nero AG]
NeroAutoPlay7RipCD\
Provider = Nero Burning ROM
InvokeProgID = Nero.AutoPlay7
InvokeVerb = RipCD_PlayCDAudioOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L [Nero AG]
NeroAutoPlay7TranscodeVideo\
Provider = Nero Recode
InvokeProgID = Nero.AutoPlay7
InvokeVerb = TranscodeVideo_PlayDVDMovieOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo [Nero AG]
NeroAutoPlay7VideoCapture\
Provider = Nero Vision
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = /New:VideoCapture
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = ShellExecute HW Event Handler
\LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
NeroAutoPlay7ViewPhotos\
Provider = Nero PhotoSnap Viewer
InvokeProgID = Nero.AutoPlay7
InvokeVerb = ViewPhotos_ShowPicturesOnArrival
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe / [Nero AG]
Startup items in "Filip" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\Filip\Menu Start\Programma's\Opstarten {++}
OneNote 2007 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten {++}
HP Digital Imaging Monitor -> shortcut to: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.]
McAfee Security Scan Plus -> shortcut to: C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [McAfee, Inc.]
Enabled Scheduled Tasks: {++}
------------------------
AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
FRU Task #Hewlett-Packard#hp psc 1200 series#1182406226 -> launches: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1182406226" [empty string]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
MP Scheduled Scan -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges [MS]
User_Feed_Synchronization-{DFC984F9-C404-45D9-A4CD-D6135A44C127} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
-> {HKLM...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
-> {HKLM...CLSID} = Google Toolbar
\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
Explorer Bars
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
HKLM\SOFTWARE\Classes\CLSID\{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = HP Smart Web Printing
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_bho.dll [Hewlett-Packard Co.]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Verzenden naar OneNote
MenuText = Verz&enden naar OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [MS]
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
MenuText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
-> {HKLM...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
-> {HKLM...CLSID} = &Onderzoeken
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS]
{DDE87865-83C5-48C4-8357-2F5B1AA84522}\
ButtonText = Toon of verberg HP Smart Web Printing
CLSIDExtension = {DDE87865-83C5-48c4-8357-2F5B1AA84522}
-> {HKLM...CLSID} = ClipBookBtn Class
\InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Program Files\Messenger\msmsgs.exe [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> _Tabs = res://ieframe.dll/tabswelcome.htm [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.]
HP CUE DeviceDiscovery-service, hpqddsvc, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]}
hpqcxs08, hpqcxs08, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]}
Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [sun Microsystems, Inc.]
Machine Debug Manager, MDM, "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [MS]
Net Driver HPZ12, Net Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZinw12.dll [Hewlett-Packard]}
Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZipm12.dll [Hewlett-Packard]}
PnkBstrA, PnkBstrA, C:\WINDOWS\system32\PnkBstrA.exe [null data]
PnkBstrB, PnkBstrB, C:\WINDOWS\system32\PnkBstrB.exe [null data]
SeaPort, SeaPort, "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [MS]
SupportSoft Sprocket Service (belgacom), sprtsvc_belgacom, C:\Program Files\Belgacom\bin\sprtsvc.exe /service /p belgacom [supportSoft, Inc.]
Symantec AntiVirus, Symantec AntiVirus, "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" [symantec Corporation]
Symantec AntiVirus Definition Watcher, DefWatch, "C:\Program Files\Symantec AntiVirus\DefWatch.exe" [symantec Corporation]
Symantec Event Manager, ccEvtMgr, "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" [symantec Corporation]
Symantec Settings Manager, ccSetMgr, "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" [symantec Corporation]
Windows Defender, WinDefend, "C:\Program Files\Windows Defender\MsMpEng.exe" [MS]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> HitmanPro37Crusader,
<<!>> HitmanPro37CrusaderBoot,
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> HitmanPro37Crusader,
<<!>> HitmanPro37CrusaderBoot,
<<!>> SupportSoft RemoteAssist, Service
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpzsnt07\Driver = hpzsnt07.dll [HP]
PCL Language Monitor\Driver = hpz3l5ha.dll [Hewlett-Packard Company]
PDFCreator\Driver = pdfcmnnt.dll [null data]
Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS]
<<H>>: Suspicious data at a browser hijack point.
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Bert\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Filip\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Filip\Local Settings\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Filip\LOCALS~1\Temp successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\Filip\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
-
Bedankt! Hier opnieuw het logbestandje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:06:29, on 8/05/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Spector Photo Software\Agent.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Een badminton club in Ieper voor jong en oud. - IBC - Ieperse Badminton Club
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.kbc.be
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12449 bytes
-
Hallo,
Opnieuw hartelijk dank voor jullie hulp!
De trusted websites werden aangepast, en hieronder staat het logje van AdwCleaner. Ik post asap nog een logje van HiJackThis!
# AdwCleaner v2.300 - Verslag gemaakt op 07/05/2013 om 19:45:41
# Geactualiseerd op 28/04/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Filip - PC_DEWEERDT
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\Filip\Mijn documenten\Downloads\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
Map Verwijdert : C:\Program Files\MacroGaming
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Sleutel Verwijdert : HKCU\Software\SWEETIE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ToolBand.SWEETIE.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{58906392-79C4-497C-ACC6-6942B59F1A08}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F6D63A65-BD23-46F3-B9A3-87F442423481}
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}]
***** [browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\\ Mozilla Firefox v20.0.1 (nl)
File : C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\prefs.js
[OK] De file bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v26.0.1410.64
File : C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[s1].txt - [3211 octets] - [07/05/2013 19:45:41]
########## EOF - C:\AdwCleaner[s1].txt - [3271 octets] ##########
- - - Updated - - -
Here it is:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:02:47, on 7/05/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Spector Photo Software\Agent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iepersebc.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: http://www.kh.hu
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: http://static.cbc.be (HKLM)
O15 - Trusted Zone: http://www.cbccorporate.be (HKLM)
O15 - Trusted Zone: http://www.csob.cz (HKLM)
O15 - Trusted Zone: http://www.csob.sk (HKLM)
O15 - Trusted Zone: http://col.isabel.be (HKLM)
O15 - Trusted Zone: http://www.isabel.be (HKLM)
O15 - Trusted Zone: http://www.beta.isabel.be (HKLM)
O15 - Trusted Zone: http://col.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.beta.isabel.eu (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: http://static.kbc.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.be (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: http://www.kbcbankingforbusiness.com (HKLM)
O15 - Trusted Zone: http://www.kbccorporates.com (HKLM)
O15 - Trusted Zone: http://www.kbcfi.com (HKLM)
O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM)
O15 - Trusted Zone: http://www.kh.hu (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 13536 bytes
-
Dit is het log-bestandje, na het voltooien van de scan in MBAM:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.05.06.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Filip :: PC_DEWEERDT [administrator]
6/05/2013 19:33:55
mbam-log-2013-05-06 (19-33-55).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 327662
Verstreken tijd: 22 minuut/minuten, 48 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Documents and Settings\All Users\Application Data\rundll32.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
- - - Updated - - -
En ivm de links in de "trusted zone":
Mijn ouders doen geen transacties bij buitenlandse banken, dus in principe is dat niet "trusted" denk ik. Wat kunnen we hiermee doen?
Alvast bedankt!!
Bert
-
Hallo
Mocht er iemand tijd hebben, zou het mogelijk zijn om mijn logje eens te controleren? Ik heb geen problemen met mijn computer, maar het is gewoon eens nazicht.
Alvast hartelijk dank!!
Bert
------------------------
Hier het logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:44:38, on 5/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\MouseServer\MouseServer.exe
C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://athenax.ugent.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [MouseServer] "C:\Program Files (x86)\MouseServer\MouseServer.exe"
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - MSN Games - Free Online Games
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - MSN Games - Free Online Games
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11638 bytes
-
Heb het telefonisch kunnen laten doen. Dit is het logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:03, on 5/05/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spector Photo Software\Agent.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Een badminton club in Ieper voor jong en oud. - IBC - Ieperse Badminton Club
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://cbc-pdf.cbc.be
O15 - Trusted Zone: CBC
O15 - Trusted Zone: http://www.cbccorporate.be
O15 - Trusted Zone: ?SOB - Úvodní stránka
O15 - Trusted Zone: http://www.csob.sk
O15 - Trusted Zone: http://col.isabel.be
O15 - Trusted Zone: http://www.isabel.be
O15 - Trusted Zone: http://www.beta.isabel.be
O15 - Trusted Zone: http://col.isabel.eu
O15 - Trusted Zone: http://www.isabel.eu
O15 - Trusted Zone: http://www.beta.isabel.eu
O15 - Trusted Zone: http://kbc-pdf.kbc.be
O15 - Trusted Zone: KBC
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: KBC Asset Management
O15 - Trusted Zone: http://www.kbcam.com
O15 - Trusted Zone: http://www.kbcbankingforbusiness.com
O15 - Trusted Zone: http://www.kbccorporates.com
O15 - Trusted Zone: http://www.kbcfi.com
O15 - Trusted Zone: *.kbcgroup.eu
O15 - Trusted Zone: http://www.kbcmerchantbanking.com
O15 - Trusted Zone: http://www.kh.hu
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: CBC (HKLM)
O15 - Trusted Zone: http://www.cbccorporate.be (HKLM)
O15 - Trusted Zone: ?SOB - Úvodní stránka (HKLM)
O15 - Trusted Zone: http://www.csob.sk (HKLM)
O15 - Trusted Zone: http://col.isabel.be (HKLM)
O15 - Trusted Zone: http://www.isabel.be (HKLM)
O15 - Trusted Zone: http://www.beta.isabel.be (HKLM)
O15 - Trusted Zone: http://col.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://www.beta.isabel.eu (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: KBC (HKLM)
O15 - Trusted Zone: KBC Asset Management (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: http://www.kbcbankingforbusiness.com (HKLM)
O15 - Trusted Zone: http://www.kbccorporates.com (HKLM)
O15 - Trusted Zone: http://www.kbcfi.com (HKLM)
O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM)
O15 - Trusted Zone: http://www.kh.hu (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 14590 bytes
-
Sorry, met dat het virus niet meer verscheen ging ik ervan uit dat het opgelost was. Ook had ik het erg druk vandaag en kon ik nu pas het forum bekijken.
In feite is de besmette computer die van mijn ouders, en zit ik tijdens de week op kot. Ik heb hen nu ingelicht wat de volgende stap is, maar het zal waarschijnlijk pas morgenavond zijn dat ik het logje zal kunnen posten!
-
Lijkt op het eerste zicht gelukt!
Moet er nu nog iets gebeuren?
Hier is het log-bestandje:
HitmanPro 3.7.3.194 www.hitmanpro.com Computer name . . . . : PC_XXXXXXX Windows . . . . . . . : 5.1.3.2600.X86/2 Safe Mode Boot . . . : NETWORK User name . . . . . . : NT AUTHORITY\SYSTEM License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-05-04 20:27:15 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 37s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 2 Traces . . . . . . . : 7 Objects scanned . . . : 894.986 Files scanned . . . . : 50.513 Remnants scanned . . : 177.888 files / 666.585 keys Malware _____________________________________________________________________ C:\Documents and Settings\All Users\Application Data\hw1zd.dat -> PendingDelete Size . . . . . . . : 148.992 bytes Age . . . . . . . : 0.2 days (2013-05-04 16:26:11) Entropy . . . . . : 6.4 SHA-256 . . . . . : 9BE20B22538796907EAC17D677EDA27098EDE8D8E2021526AC57359EBE3C4CE3 Product . . . . . : Операционная система Microsoft® Windows® Publisher . . . . : Корпорация Майкрософт2 Description . . . : Программа входа в систему Windows NT Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Корпорация Майкрософт2. Все права защищены. Service . . . . . : winmgmt > Emsisoft . . . . . : Trojan.Win32.Agent.amn!A2 Fuzzy . . . . . . : 149.0 One or more antivirus vendors have indicated that the file is malicious. The file name extension of this program is not common. This file was most recently added as automatic startup. Uses the Startup folder in the Start Menu to run each time the user logs on. Starts automatically as a service during system bootup. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file is in use by one or more active processes. Authors name is missing in version info. This is not common to most programs. Startup C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\msconfig.lnk C:\Documents and Settings\XXX\Menu Start\Programma's\Opstarten\msconfig.lnk C:\Documents and Settings\XXXX\Menu Start\Programma's\Opstarten\msconfig.lnk HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\ Forensic Cluster -29.2s C:\Documents and Settings\XXXX\Cookies\U16IPSO5.txt -16.7s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFEB48.tmp -15.9s C:\WINDOWS\Prefetch\RUNDLL32.EXE-186EE15D.pf -11.9s C:\Documents and Settings\XXXX\Cookies\BUFYP578.txt -8.4s C:\Documents and Settings\XXXX\Cookies\QZHEUO2N.txt -8.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E7.tmp -8.3s C:\Documents and Settings\XXXX\Cookies\4MALBVA8.txt -8.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E8.tmp -7.7s C:\Documents and Settings\XXXX\Cookies\ABD51FAG.txt -7.3s C:\Documents and Settings\XXXX\Cookies\MVP3R31Z.txt -6.5s C:\Documents and Settings\XXXX\Cookies\XTKKRUGR.txt -6.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E9.tmp -5.1s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\ -5.1s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\1596 -3.9s C:\Documents and Settings\XXXX\Local Settings\Temp\java_install_reg.log -3.3s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4EA.tmp -2.0s C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf -1.2s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50.idx -1.2s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50 -1.2s C:\Documents and Settings\XXXX\Local Settings\Temp\jar_cache2632780979780863801.tmp -0.8s C:\Documents and Settings\XXXX\8178298.dll -0.1s C:\Documents and Settings\All Users\Application Data\rundll32.exe 0.0s C:\Documents and Settings\All Users\Application Data\hw1zd.dat 0.2s C:\Documents and Settings\All Users\Application Data\dz1wh.pad 2.1s C:\Documents and Settings\All Users\Application Data\as98213.txt 2.5s C:\Documents and Settings\XXXX\Menu Start\Programma's\Opstarten\msconfig.lnk 5.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF7613.tmp 5.2s C:\Documents and Settings\XXXX\Application Data\Dropbox\shellext\l\51851a89 5.6s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFA544.tmp 7.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF28C1.tmp 7.6s C:\Documents and Settings\XXXX\Cookies\FKKVS547.txt 18.2s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF1FE1.tmp 18.2s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2043.tmp 18.2s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF20C5.tmp 18.3s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2129.tmp 19.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013932.tmp 19.3s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B14.tmp 19.4s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B24.tmp 20.0s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00027206.tmp 22.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00004982.tmp 28.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017498.tmp 28.2s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00031812.tmp 28.2s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017652.tmp 28.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00026892.tmp 28.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00021498.tmp 28.6s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00022654.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00023096.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00018857.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013846.tmp 28.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00030251.tmp 29.3s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017455.tmp 29.3s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00005572.tmp 29.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00000993.tmp 29.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00015638.tmp C:\Documents and Settings\XXXX\8178298.dll -> Quarantined Size . . . . . . . : 148.992 bytes Age . . . . . . . : 0.2 days (2013-05-04 16:26:11) Entropy . . . . . : 6.4 SHA-256 . . . . . : 9BE20B22538796907EAC17D677EDA27098EDE8D8E2021526AC57359EBE3C4CE3 Product . . . . . : Операционная система Microsoft® Windows® Publisher . . . . : Корпорация Майкрософт2 Description . . . : Программа входа в систему Windows NT Version . . . . . : 5.1.2600.5512 Copyright . . . . : © Корпорация Майкрософт2. Все права защищены. > Emsisoft . . . . . : Trojan.Win32.Agent.amn!A2 Fuzzy . . . . . . : 103.0 Forensic Cluster -28.5s C:\Documents and Settings\XXXX\Cookies\U16IPSO5.txt -16.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFEB48.tmp -15.1s C:\WINDOWS\Prefetch\RUNDLL32.EXE-186EE15D.pf -11.2s C:\Documents and Settings\XXXX\Cookies\BUFYP578.txt -7.7s C:\Documents and Settings\XXXX\Cookies\QZHEUO2N.txt -7.6s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E7.tmp -7.5s C:\Documents and Settings\XXXX\Cookies\4MALBVA8.txt -7.5s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E8.tmp -7.0s C:\Documents and Settings\XXXX\Cookies\ABD51FAG.txt -6.5s C:\Documents and Settings\XXXX\Cookies\MVP3R31Z.txt -5.8s C:\Documents and Settings\XXXX\Cookies\XTKKRUGR.txt -5.6s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4E9.tmp -4.4s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\ -4.3s C:\Documents and Settings\XXXX\Local Settings\Temp\hsperfdata_XXXX\1596 -3.2s C:\Documents and Settings\XXXX\Local Settings\Temp\java_install_reg.log -2.5s C:\Documents and Settings\XXXX\Local Settings\Temp\fla4EA.tmp -1.3s C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf -0.4s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50.idx -0.4s C:\Documents and Settings\XXXX\Application Data\Sun\Java\Deployment\cache\6.0\45\16db06d-103ead50 -0.4s C:\Documents and Settings\XXXX\Local Settings\Temp\jar_cache2632780979780863801.tmp 0.0s C:\Documents and Settings\XXXX\8178298.dll 0.6s C:\Documents and Settings\All Users\Application Data\rundll32.exe 0.8s C:\Documents and Settings\All Users\Application Data\hw1zd.dat 0.9s C:\Documents and Settings\All Users\Application Data\dz1wh.pad 2.8s C:\Documents and Settings\All Users\Application Data\as98213.txt 3.3s C:\Documents and Settings\XXXX\Menu Start\Programma's\Opstarten\msconfig.lnk 5.8s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF7613.tmp 6.0s C:\Documents and Settings\XXXX\Application Data\Dropbox\shellext\l\51851a89 6.3s C:\Documents and Settings\XXXX\Local Settings\Temp\~DFA544.tmp 7.8s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF28C1.tmp 8.3s C:\Documents and Settings\XXXX\Cookies\FKKVS547.txt 18.9s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF1FE1.tmp 19.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2043.tmp 19.0s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF20C5.tmp 19.1s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2129.tmp 19.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013932.tmp 20.1s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B14.tmp 20.1s C:\Documents and Settings\XXXX\Local Settings\Temp\~DF2B24.tmp 20.8s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00027206.tmp 23.3s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00004982.tmp 28.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017498.tmp 28.9s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00031812.tmp 29.0s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017652.tmp 29.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00026892.tmp 29.2s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00021498.tmp 29.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00022654.tmp 29.4s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00023096.tmp 29.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00018857.tmp 29.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00013846.tmp 29.5s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00030251.tmp 30.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00017455.tmp 30.1s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00005572.tmp 30.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00000993.tmp 30.7s C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\00015638.tmpHeel hard bedankt!!!
Gelukkig bestaat er nog zo'n team als dat van jullie
-
Update:
In veilige modus is er geen internetverbinding om de licentie te activeren. Daarom opnieuw begonnen, deze keer via "veilige modus met netwerkmogelijkheden".
-
Met wat te prutsen en ongeoorloofd de aan- en uitknop indrukken kon ik tegelijk van de USB én in veilige modus opstarten. Nu is Kickstart er wel, na ongeveer 15 seconden te hebben gewacht bij het kiezen van een gebruiker.
Eens zien wat dit geeft, update komt er zometeen aan!
-
Jion,
Zoals je op de foto kan zien start de computer op via Kickstart. Toch neemt het virus nog steeds over vanaf het moment dat ik me heb aangemeld bij een gebruiker.
Mvg,
Bert
-
Ik heb kickstart kunnen installeren op de USB. Het lag domweg aan het feit dat het .exe bestand zelf op de USB stond... En niet op het bureaublad, zoals gevraagd was.
Na wat zoeken kon ik de pc opstarten vanop USB-device (via "boot setup") heb ik alle andere boot-opties uitgeschakeld. De pc start op, tot ik de gebruikers zie staan. Hier staat echter dat kickstart na 15seconden automatisch zou moeten starten, dat is niet het geval. Als ik dan een gebruiker aanklik, dan komt hetzelfde virus weer tevoorschijn en kan ik opnieuw niks meer doen...
-
Bedankt voor het snel antwoord.
Mijn onbesmette pc is echter een 64-bit besturingssysteem, de besmette is een 32-bit. Om de 32-bit Kickstart te installeren lukt het niet op een 64-bit laptop. Kan ik dan 64-bit Kickstart installeren om dan te gebruiken op een 32-bit computer?
Daarnaast heb ik wel nog een 32-bit laptop, maar het installeren van de Kickstart mislukt altijd als die op 100% staat. De foutmelding is:
"Het aanmalekn van de HitmanPro.Kickstart USB-stick is mislukt.
#5, lock "
Doe ik iets verkeerd?
Hartelijk dank voor uw reactie.
Mvg,
Bert
-
Hallo,
Ik hoef je waarschijnlijk niet meer uit te leggen wat het "Federal Computer Crime Unit Virus" precies inhoudt, gezien de vele topics rond dit onderwerp.
Ik zit dus ook met dit virus.
Het verschil met een aantal andere besmette computer(gebruiker)s is dat dit virus zelfs in veilige modus tevoorschijn komt, en ik dus geen logbestand met HiJackThis kan laten doen.
Ook als ik een andere gebruiker aanmeld, dan verschijnt dit virus. Kortom: elke gebruiker is besmet, ook in veilige modus.
Wat nu?
Alvast bedankt!
Bert
-
Fantastisch! Bedankt!!!
-
Hallo
ik dacht dat het ging opgelost zijn met te doen wat hierboven wordt gezegd, maar de schijfcontrole gebeurt nog steeds... Zijn er nog andere mogelijkheden om dit te omzeilen?
Bij voorbaat dank!
Bert
-
Mijn excuses, het is de D-schijf dat hij wil controleren!
Dit is wat ik te zien krijg:
-
CCleaner gedownload en uitgevoerd.
Combofix gedownload en uitgevoerd met dit als resultaat:
ComboFix 12-06-28.01 - Filip 28/06/2012 12:16:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1084 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Filip\Bureaublad\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\invokesi.exe
c:\documents and settings\Filip\WINDOWS
C:\test.txt
c:\windows\IsUn0413.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-28 10:07 . 2012-06-28 10:07 -------- d--h--r- c:\documents and settings\Filip\Onlangs geopend
2012-06-28 10:00 . 2012-06-28 10:07 -------- d-----w- c:\program files\CCleaner
2012-06-26 16:11 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D9E34FB2-92AF-4F9C-8246-5218870B6406}\mpengine.dll
2012-06-23 14:37 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2012-06-23 14:18 . 2012-06-23 14:18 -------- d-----w- c:\documents and settings\Filip\Application Data\Malwarebytes
2012-06-23 14:18 . 2012-06-23 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-23 14:18 . 2012-06-23 14:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-23 14:18 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 13:52 . 2012-06-22 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-06-22 13:06 . 2012-06-22 13:06 388096 ----a-r- c:\documents and settings\Filip\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 13:06 . 2012-06-22 13:06 -------- d-----w- c:\program files\Trend Micro
2012-06-13 20:31 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 16:37 . 2012-04-12 06:34 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-18 16:37 . 2011-06-11 12:12 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-22 14:15 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-05-03 12:38 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-05-03 12:38 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-05-03 12:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-05-03 14:00 45080 -c--a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-05-03 12:38 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-05-03 12:38 35864 -c--a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-22 14:15 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-06-22 14:15 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-05-03 12:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-06-22 14:15 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-05-03 12:38 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-09-28 06:57 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-09-28 06:57 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-09-28 06:57 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-31 03:41 . 2009-04-29 11:49 6762896 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-16 15:09 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-04 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2004-08-04 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2007-05-03 12:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 17:30 . 2012-01-06 07:03 97208 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"ExtraFilmHemmaAgent"="c:\program files\Spector Photo Software\Agent.exe" [2010-10-27 323584]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]
"IsaKbcCertUpdate"="c:\program files\Common Files\Isabel\isa_kbc_certupdate.exe" [2010-07-06 1023576]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2003-03-20 07:21 1855488 -c--a-r- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 16:48 98304 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 16:47 81920 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-05 19:51 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Mijn documenten\\Thijs\\BearShare\\BearShare.exe"=
"d:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 2005\\cmr5.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\IPCamera.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23/06/2012 16:18 654408]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 10:18 202016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/06/2012 16:18 22344]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23/06/2005 19:27 124608]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - EraserUtilDrv11210
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-02 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4182406226.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
2012-06-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{DFC984F9-C404-45D9-A4CD-D6135A44C127}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.iepersebc.be/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kbc.be
Trusted Zone: kbcgroup.eu
Trusted Zone: cbc.be\cbc-pdf
Trusted Zone: cbc.be\cbconline
Trusted Zone: cbc.be\static
Trusted Zone: cbc.be\www
Trusted Zone: cbc.eu\www
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu\upgrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\kbc-pdf
Trusted Zone: kbc.be\kbconline
Trusted Zone: kbc.be\static
Trusted Zone: kbc.be\www
Trusted Zone: kbc.com\www
Trusted Zone: kbc.eu\www
Trusted Zone: kbcam.be\www
Trusted Zone: kbcam.com\www
Trusted Zone: kbcbankingforbusiness.com\www
Trusted Zone: kbcgroup.eu\multimediafiles
Trusted Zone: kbcgroup.eu\www
Trusted Zone: kbcmerchantbanking.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Filip\Application Data\Mozilla\Firefox\Profiles\sn07wbf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.iepersebc.be/|Welkom op Brielen.Be !
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-CarmageddonII - c:\program files\Interplay\Carmageddon II Demo\DeIsL1.isu
AddRemove-GT Interactive - Driver - c:\program files\GT Interactive\Driver\Uninst.isu
AddRemove-Van Dale Grote woordenboeken Duits - c:\windows\ISUN0413.EXE
AddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXE
AddRemove-Van Dale Grote woordenboeken Frans - c:\windows\ISUN0413.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-28 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2012-06-28 12:23:13
ComboFix-quarantined-files.txt 2012-06-28 10:23
.
Pre-Run: 24.227.508.224 bytes beschikbaar
Post-Run: 24.472.592.384 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4FF0A0B5F6268FE299A43999A079483D
-
Hallo
Een behoorlijk oude Dell (bouwjaar 2007) vraagt dikwijls bij het opstarten om een schijfcontrole (van de C-schijf) te doen. Dit duurt meestal heel lang, en met dat de computer al zo traag is, is dit wel irritant. We kunnen de schijfcontrole annuleren, maar enkel als we bij de computer blijven zitten en op een toets drukken als hij dit vraagt. Als we hiervoor te laat zijn begint hij aan de schijfcontrole en duurt het opstarten enorm lang...
Zoals in het onderwerp aangegeven komt daar ook de afkorting "NTFS" in voor. Na wat opzoekingswerk heeft dit te maken met de indeling van de schijf of iets dergelijks... Ik ken er niet erg veel van ;-)
Is deze schijfcontrole noodzakelijk? Betekent dit dat er ergens een fout is?
Via een ander forum vond ik deze tip:
Start --> uitvoeren --> cmd
chkdsk /F /X C:
Ik deed dit in de cmd, en kreeg toen de volgende tekst:
Het type bestandssysteem is NTFS.
Kan actieve station niet vergrendelen.
Kan Chkdsk niet uitvoeren omdat het volume door een ander proces wordt gebruikt. Wilt u dat dit volume wordt gecontroleerd zodra de computer de volgende keer wordt opgestart? (J/N) --> Hier antwoordde ik "N".
Geen idee of het probleem nu opgelost is, ik ontzie het wat om de pc opnieuw op te starten
Zouden jullie mij hierbij kunnen helpen?
Alvast hartelijk dank!
Bert
-
Hij werkt al ietsje sneller, bedankt. Het laatste wat ik nog moet, wil en zal doen is hem eens goed stofzuigen. Blllijkbaar helpt dat ook nog veel. Zijn er daarnaast nog dingen die ik kan doen?
-
Logje MBAM:
Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400
Databaseversie: v2012.06.23.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Filip :: PC_DEWEERDT [administrator]
Realtime bescherming: Ingeschakeld
23/06/2012 16:22:18
mbam-log-2012-06-23 (16-22-18).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 304394
Verstreken tijd: 21 minuut/minuten, 45 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 9
HKCR\CLSID\{7F25839C-CB93-4394-A938-2194851C544F} (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB} (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{19D21F2D-455C-4AAA-8DF0-58F3D76962B4} (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\VAC.Video (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7} (Adware.SmartShopper) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{9024FB63-4FBA-4A65-B607-5D13B76CF13F} (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Purchased Products (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RichVideoCodec (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpMedia (Adware.SmartShopper) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BMN (Rogue.SystemDoctor) -> Data: "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Local Page (Hijack.SearchPage) -> Slecht: (IESearch Start) Goed: (Google) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 4
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 3
C:\Program Files\RichVideoCodec\RichVideoCodec.ocx (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\RichVideoCodec\install.ico (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\WINDOWS\system32\UpMedia\uninstallSE.exe (Adware.SmartShopper) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
______________________________________________
Logje HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:35:02, on 23/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Spector Photo Software\Agent.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Een badminton club in Ieper voor jong en oud. - IBC - Ieperse Badminton Club
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.kbcgroup.eu
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: CBC (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: KBC (HKLM)
O15 - Trusted Zone: KBC Asset Management (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 11354 bytes
-
Hallo
Mijn ouders vroegen mij of ik iets kon doen aan het feit dat hun pc enorm traag is geworden. Een schijfcontrole is op dit moment bezig en ik schakelde al een aantal programma's uit via "msconfig". Dit laatste deed ik via de website die door jullie wordt aanbevolen (SystemLookup - Global Search). Daar zag ik echter ook dat een aantal programma's spyware zijn (wat mij niks verwondert...), dus bij deze even het logje. Zouden jullie dit even kunnen bekijken?
Heel erg bedankt!!
Bert
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:33, on 22/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Spector Photo Software\Agent.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Een badminton club in Ieper voor jong en oud. - IBC - Ieperse Badminton Club
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Thijs\Local Settings\Temporary Internet Files\Content.IE5\LMVD1UB0\setup_sbd_nl[1].exe
O4 - HKLM\..\Run: [bMN] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Spector Photo Software\Agent.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [isaKbcCertUpdate] C:\Program Files\Common Files\Isabel\isa_kbc_certupdate.exe
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.kbcgroup.eu
O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM)
O15 - Trusted Zone: CBC (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM)
O15 - Trusted Zone: Welcome to Isabel (HKLM)
O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM)
O15 - Trusted Zone: KBC (HKLM)
O15 - Trusted Zone: KBC Asset Management (HKLM)
O15 - Trusted Zone: http://www.kbcam.com (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O15 - Trusted Zone: KBC Merchant Banking (HKLM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://beurt1990.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://beurt1990.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 14246 bytes
-
Ik installeerde Soluto. Bedankt!
Federal Computer Crime Unit Virus
in Archief Bestrijding malware & virussen
Geplaatst:
Nogmaals dank!
# DelFix v10.2 - Logfile created 21/05/2013 at 11:30:47
# Updated 02/04/2013 by Xplode
# Username : Filip - PC_DEWEERDT
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\AdwCleaner[s1].txt
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Documents and Settings\Filip\Bureaublad\HiJackThis.lnk
Deleted : C:\Documents and Settings\Filip\Bureaublad\hijackthis.log
Deleted : C:\Documents and Settings\Filip\Bureaublad\zoek.exe
Deleted : C:\Documents and Settings\Filip\Mijn documenten\Downloads\adwcleaner.exe
Deleted : C:\Documents and Settings\Filip\Mijn documenten\Downloads\HiJackThis.msi
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #1 [Controlepunt van systeem | 05/10/2013 16:57:13]
Deleted : RP #2 [Controlepunt van systeem | 05/11/2013 17:30:41]
Deleted : RP #3 [Controlepunt van systeem | 05/12/2013 17:59:55]
Deleted : RP #4 [Controlepunt van systeem | 05/13/2013 18:15:02]
Deleted : RP #5 [software Distribution Service 3.0 | 05/14/2013 15:45:46]
Deleted : RP #6 [software Distribution Service 3.0 | 05/15/2013 16:19:13]
Deleted : RP #7 [software Distribution Service 3.0 | 05/15/2013 21:14:05]
Deleted : RP #8 [software Distribution Service 3.0 | 05/16/2013 15:58:19]
Deleted : RP #9 [Removed Java 6 Update 11 | 05/16/2013 19:20:03]
Deleted : RP #10 [Removed Java 6 Update 3 | 05/16/2013 19:20:53]
Deleted : RP #11 [Removed Java SE Runtime Environment 6 Update 1 | 05/16/2013 19:21:43]
Deleted : RP #12 [installed Java 7 Update 21 | 05/16/2013 19:56:51]
Deleted : RP #13 [software Distribution Service 3.0 | 05/17/2013 12:12:54]
Deleted : RP #14 [Controlepunt van systeem | 05/20/2013 20:19:32]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########