Ga naar inhoud

Sargon

Lid
  • Items

    139
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door Sargon

  1. Nederlands staat ook op Nederlands zoals je op het prentje weergeeft en volgens mij heb ik alles correct gedaan zoals die handleiding zegt. Sommige dingen zijn wel lastig om uit te zoeken, daar ik nederlandse office heb ... maar toch al bedankt! Is er hier niemand die een mac heeft ?
  2. Heb me gisteren eindelijk een mac aangekocht, maar nu zit ik al meteen met een klein probleem, aangezien ik niet deftig kan schrijven is het altijd wel handig als mijn spellingscontrole in WORD werkt. Het is dus Microsoft Office 2008 voor Mac. Ik heb al eens bij WORD -> Preferences -> Spelling and Grammar -> die Custum Dictionary naar Default ACL Dutch gezet, maar dat lijkt niet echt veel te doen. Hopelijk weten jullie raad! En heb ik misschien iets over het hoofd gezien. Hij corrigeert trouwens gewoon weg niets van woorden en als ik op spelling & grammar status klik zegt hij dat die voltooid is en geen fout in zitten.
  3. Niemand die hier al ervaring mee heeft?
  4. Binnenkort ga ik naar de VS en ik speel al langer met de plannen om een Mac Book Pro te kopen. Nu is mijn vraag, zijn er verschillen buiten het stopcontact (zo'n adaptor zal ik hier wel apart kunnen kopen neem ik aan), het qwerty toetsenbord en de prijs die toch beduidend lager is?? Of kunnen er zich bepaalde problemen voor doen omdat het geen Europees/Belgisch model is? Alvast bedankt
  5. Door dat mapje weg te doen is het blijkbaar echt weg Ik kan beter virussen bestrijden dan u Sluit de topic en nog eens 1000 maal dank!
  6. Gereed - Geen virussen gevonden zegt hij ... Mss omdat ik dat mapje weg gedaan heb? Ik wacht in ieder geval nog even af voor ik de topic sluit
  7. Heb heel die map: c:\32788r22fwjfw eens weg gedaan ... kvin toch terug dat dat iets met spyware te maken had op google. Eens zien wat dat geeft
  8. Vooral vreemd dat het altijd is als mijn pc eventjes opstaat (minuut of 20-25) en na het herstarten is het niet meer ;************************************* ANALYSIS: 2010-01-13 21:32:17 PROTECTIONS: 1 MALWARE: 11 SUSPECTS: 1 ;************************************* PROTECTIONS Description Version Active Updated ;===================================== Symantec Endpoint Protection 11.0.777.1008 Yes Yes ;===================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;==================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[3].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@atdmt[3].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@tradedoubler[1].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@tradedoubler[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@tradedoubler[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@ad.yieldmanager[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@burstnet[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@bs.serving-sys[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@weborama[1].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@metriweb[1].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@metriweb[1].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@metriweb[1].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@metriweb[1].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@metriweb[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@bluestreak[1].txt 00590315 Rootkit/Agent.LNB HackTools No 0 Yes No c:\windows\syswow64\drivers\rcgsbw.sys 00590315 Rootkit/Agent.LNB HackTools No 0 Yes No c:\windows\syswow64\drivers\cdsrqrf.sys ;======================================= SUSPECTS Sent Location ;======================================== No c:\32788r22fwjfw\pev.exe ;====================================== VULNERABILITIES Id Severity Description ;=======================================
  9. Enkele minuten later krijg ik toch weer het bericht van de infostealer.gamepass
  10. Ok! Done! Dus het zou nu opgelost moeten zijn ... zal meteen op de knop drukken, als het toch nog voorkomt, open ik hem wel weer.
  11. Kan ik dat daar dan niet uit weg doen? Want het is toch niet altijd even handig dat ik mijn pc altijd opzet en daarna nog eens moet herstarten voor ik hem echt kan gebruiken...
  12. Wednesday, January 13, 2010 Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, January 12, 2010 19:41:47 Records in database: 3301412 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ F:\ Scan statistics Objects scanned 256515 Threats found 1 Infected objects found 1 Suspicious objects found 0 Scan duration 03:08:47 File name Threat Threats count C:\Windows.old\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E880000\4F889FEE.VBNInfected: Packed.Win32.Tdss.c1 Selected area has been scanned.
  13. Heb heel stap 4 gedaan: 4. To delete the value from the registry Enkel bij deze: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "145" Deed hij anders dan de anderen. Er staat zo altijd tussen ( ) hetzelfde getal en bij deze werd het 325 in plaats van 145
  14. Een kladblok file met volgende naam heb ik ook nog gevonden: fzfau Files to delete: C:\Windows\system32\drivers\abkarffq.sys Drivers to delete: abkarffq Het lijkt weg te zijn! Laat symantec nog eens een scan doen, als er niets te voorschijn komt, sluit ik na de scan de topic. Bedankt! ---------- Post toegevoegd om 11:44 ---------- Vorige post was om 11:37 ---------- Enkele minuten later krijg ik weer de melding, zal eens wat meer info geven: Infostealer.gamepass File name: DWHBAA7.tmp Original Location: C:\Users\Joey\AppData\Local\Temp\ Current Location: C:\Users\Joey\AppData\Local\Temp\ En voor het verwijderen vraagt de pc altijd om te herstarten. Ik doe altijd mijn onzichtbare mappen weg, maar na het verwijderen van dit staan ze altijd terug op zichtbaar.
  15. Wederom geen logfile en met de zoekfunctie lijkt hij niets te vinden ... wat goed is neem ik aan
  16. Heb het gedaan, er opende wel geen logfile en kan er ook nergens een vinden. Toen ik op execute drukte zei VIPRE iets van a known threat was blocked from opening en zag ik ook iets taan van trojan.exe ... ging allemaal nogal snel want enkele seconden later was hij aan het heropstarten. Tot hiertoe geen melding van Symantec anti-virus, maar uit ondervinden is het meestal als de pc even heeft afgestaan. Heb wel enkele bestandjes gevonden die zijn aangemaakt net voor de pc heropstarten. Deze staan bij Lokaal station (C:) het is 1 backup, 1 cleanup, 1 zip bestand en een txt bestandje waar het volgende instaat (geen idee of je hier iets mee bent): Just before processing loop... C:\Program Files (x86)\GIGABYTE\EnergySaver\info.dat Current = 0 Total = 0 savetime = 0 Type=60,Port=b2,BiosAddr=cfeeecd0 Current=0.000000,Total=0.000000,MaxVid=1.200000,Rev=0x20
  17. Chapeau da gij daar aan uit kunt Logfile of random's system information tool 1.06 (written by random/random) Run by Joey at 2010-01-08 10:33:15 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 668 GB (70%) free of 954 GB Total RAM: 4094 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:33:19, on 8/01/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\vVX1000.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Joey\Desktop\RSIT.exe C:\Program Files (x86)\Trend Micro\HijackThis\Joey.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O1 - Hosts: 85.10.209.11 breakz.be O1 - Hosts: 85.10.209.11 www.breakz.be O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9658 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ccApp"=C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2007-08-06 115560] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "OpwareSE4"=C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400] "LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-10 417792] "TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-11-30 198160] "SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280] "SBAMTray"=C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [2009-10-27 959824] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240] "Steam"=C:\Program Files (x86)\Steam\Steam.exe [2009-10-30 1217808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "ForceActiveDesktopOn"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a ======File associations====== .js - edit - C:\Windows\SysWOW64\Notepad.exe %1 .js - open - C:\Windows\SysWOW64\WScript.exe "%1" %* ======List of files/folders created in the last 2 months====== 2010-01-08 10:33:15 ----D---- C:\rsit 2010-01-06 21:10:08 ----D---- C:\ProgramData\Sunbelt 2010-01-06 21:09:59 ----D---- C:\Users\Joey\AppData\Roaming\Sunbelt 2010-01-06 21:07:35 ----D---- C:\Program Files (x86)\Sunbelt Software 2010-01-06 20:57:02 ----D---- C:\32788R22FWJFW 2009-12-30 10:52:14 ----D---- C:\Users\Joey\AppData\Roaming\Malwarebytes 2009-12-30 10:52:09 ----D---- C:\ProgramData\Malwarebytes 2009-12-30 10:52:09 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2009-12-29 21:38:18 ----D---- C:\Program Files (x86)\URUSoft 2009-12-29 11:40:07 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR 2009-12-23 09:27:37 ----D---- C:\Program Files (x86)\Trend Micro 2009-12-22 13:18:39 ----D---- C:\ProgramData\TEMP 2009-12-12 08:03:55 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-12 08:03:52 ----A---- C:\Windows\system32\httpapi.dll 2009-12-12 08:03:00 ----A---- C:\Windows\system32\mshtml.dll 2009-12-12 08:02:58 ----A---- C:\Windows\system32\urlmon.dll 2009-12-12 08:02:58 ----A---- C:\Windows\system32\iertutil.dll 2009-12-12 08:02:58 ----A---- C:\Windows\system32\ieframe.dll 2009-12-12 08:02:57 ----A---- C:\Windows\system32\wininet.dll 2009-12-12 08:02:57 ----A---- C:\Windows\system32\occache.dll 2009-12-12 08:02:57 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-12 08:02:57 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-12 08:02:56 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-12 08:02:56 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-12 08:02:56 ----A---- C:\Windows\system32\ieui.dll 2009-12-12 08:02:56 ----A---- C:\Windows\system32\iepeers.dll 2009-12-12 08:02:55 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-12 08:02:55 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-12 08:02:55 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-12 08:02:55 ----A---- C:\Windows\system32\iesetup.dll 2009-12-12 08:02:55 ----A---- C:\Windows\system32\iernonce.dll 2009-12-12 08:02:55 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-12 08:02:34 ----A---- C:\Windows\system32\rastls.dll 2009-12-12 08:02:34 ----A---- C:\Windows\system32\raschap.dll 2009-12-12 08:02:31 ----A---- C:\Windows\system32\winhttp.dll 2009-12-08 20:50:13 ----D---- C:\Program Files (x86)\YouTube Downloader 2009-12-02 23:09:19 ----D---- C:\Windows\Freecorder 2009-12-02 23:09:19 ----D---- C:\Program Files (x86)\Freecorder 2009-12-01 19:47:05 ----A---- C:\Windows\system32\javaws.exe 2009-12-01 19:47:05 ----A---- C:\Windows\system32\javaw.exe 2009-12-01 19:47:05 ----A---- C:\Windows\system32\java.exe 2009-11-30 10:06:33 ----A---- C:\Windows\system32\rmoc3260.dll 2009-11-30 10:06:28 ----A---- C:\Windows\system32\pndx5032.dll 2009-11-30 10:06:28 ----A---- C:\Windows\system32\pndx5016.dll 2009-11-30 10:06:26 ----D---- C:\Program Files (x86)\Common Files\xing shared 2009-11-30 10:06:13 ----A---- C:\Windows\system32\pncrt.dll 2009-11-27 09:58:13 ----A---- C:\Windows\system32\tzres.dll 2009-11-27 09:56:53 ----A---- C:\Windows\system32\msxml6.dll 2009-11-27 09:56:53 ----A---- C:\Windows\system32\msxml3.dll 2009-11-24 23:49:02 ----D---- C:\ProgramData\Real 2009-11-22 14:00:00 ----D---- C:\Program Files (x86)\QuickTime 2009-11-22 13:59:59 ----D---- C:\ProgramData\Apple Computer 2009-11-20 21:56:20 ----D---- C:\Program Files (x86)\PS3 Media Server 2009-11-14 09:39:04 ----D---- C:\ProgramData\FLEXnet 2009-11-14 09:31:12 ----D---- C:\Program Files (x86)\Bonjour 2009-11-14 09:27:29 ----D---- C:\Windows\system32\spool 2009-11-14 09:23:58 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared 2009-11-11 13:23:08 ----A---- C:\Windows\system32\WSDApi.dll ======List of files/folders modified in the last 2 months====== 2010-01-08 10:33:17 ----D---- C:\Windows\Temp 2010-01-08 10:05:26 ----D---- C:\Program Files (x86)\Steam 2010-01-08 10:05:01 ----D---- C:\Windows\System32 2010-01-07 23:31:38 ----SHD---- C:\Windows\Installer 2010-01-07 23:31:38 ----RD---- C:\Program Files (x86) 2010-01-07 23:31:31 ----SHD---- C:\System Volume Information 2010-01-07 23:30:21 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-01-07 23:29:41 ----D---- C:\Users\Joey\AppData\Roaming\Adobe 2010-01-07 23:28:24 ----D---- C:\ProgramData\Adobe 2010-01-07 23:28:24 ----D---- C:\Program Files (x86)\Adobe 2010-01-07 23:25:14 ----D---- C:\Windows\system32\drivers 2010-01-07 23:23:46 ----D---- C:\ProgramData 2010-01-07 23:21:34 ----D---- C:\Program Files (x86)\CCleaner 2010-01-07 21:41:09 ----D---- C:\Users\Joey\AppData\Roaming\BitTorrent 2010-01-06 23:08:40 ----D---- C:\Windows\Prefetch 2010-01-06 21:54:35 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-01-06 21:07:36 ----D---- C:\Windows\SysWOW64 2010-01-05 08:40:13 ----D---- C:\Windows\inf 2010-01-03 16:00:54 ----RSD---- C:\Windows\Fonts 2009-12-31 22:29:36 ----D---- C:\Users\Joey\AppData\Roaming\Skype 2009-12-31 19:17:16 ----D---- C:\Users\Joey\AppData\Roaming\skypePM 2009-12-30 20:45:23 ----D---- C:\Users\Joey\AppData\Roaming\Real 2009-12-29 11:57:08 ----D---- C:\Program Files (x86)\Common Files\Steam 2009-12-29 11:40:07 ----D---- C:\Program Files (x86)\Common Files 2009-12-23 11:14:41 ----D---- C:\Windows 2009-12-23 08:42:57 ----D---- C:\Windows\Minidump 2009-12-23 08:42:57 ----D---- C:\Windows\Debug 2009-12-22 12:46:15 ----D---- C:\Windows\Tasks 2009-12-22 12:46:13 ----D---- C:\Windows\registration 2009-12-12 19:22:22 ----D---- C:\Windows\rescache 2009-12-12 19:19:02 ----D---- C:\Windows\winsxs 2009-12-12 08:11:48 ----D---- C:\Windows\system32\migration 2009-12-12 08:11:48 ----D---- C:\Program Files (x86)\Internet Explorer 2009-12-12 08:11:47 ----D---- C:\Windows\system32\nl-NL 2009-12-12 08:11:47 ----D---- C:\Program Files (x86)\Windows Mail 2009-12-12 08:07:48 ----D---- C:\ProgramData\Microsoft Help 2009-12-12 08:05:23 ----RSD---- C:\Windows\assembly 2009-12-01 19:46:38 ----D---- C:\Program Files (x86)\Java 2009-11-30 10:06:35 ----D---- C:\Program Files (x86)\Common Files\Real 2009-11-30 10:06:12 ----RD---- C:\Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-08-26 475696] R1 sbtis;sbtis; C:\Windows\system32\drivers\sbtis.sys [] R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [2007-08-14 397872] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [2007-08-14 32304] R1 WPS;WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [] R2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 132656] R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-01-08 25640] R3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100107.049\ENG64.SYS [2009-08-27 116272] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100107.049\EX64.SYS [2009-08-27 1742896] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [] R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys [] R3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [] R3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [] R3 WpsHelper;WpsHelper; \??\C:\Windows\system32\drivers\WpsHelper.sys [] S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys [] S3 abkarffq;abkarffq; C:\Windows\system32\drivers\abkarffq.sys [] S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [] S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [2007-08-14 429616] S3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [] S4 vsdatant;vsdatant; a [] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-06 108392] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-06 108392] R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-02-06 68136] R2 MSCamSvc;MSCamSvc; C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe [2007-05-17 443752] R2 SBAMSvc;VIPRE Antivirus + Antispyware; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2009-10-27 1012080] R2 SmcService;Symantec Management Client; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [2007-09-07 4392832] R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2007-09-06 2177464] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-08-07 92008] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 2297216] R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-12-29 321320] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-29 655624] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 LiveUpdate;LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968] S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [2007-09-07 287112] S4 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528] info.txt logfile of random's system information tool 1.06 2010-01-08 10:33:21 ======Uninstall list====== -->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files (x86)\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Reader 9.2 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A92000000001} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 Avanquest update-->C:\Program Files (x86)\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0013 -removeonly AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe" Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe" De Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0013 -removeonly Demigod-->C:\ProgramData\{67C33A62-5B1D-43D1-9600-16006F36EB2B}\setup.exe DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMindMaps-->C:\PROGRA~2\MindJET\EMINDM~1\UNWISE.EXE C:\PROGRA~2\MindJET\EMINDM~1\INSTALL.LOG Energy Saver Advance B9.0316.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly EVEREST Home Edition v2.20-->"C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe" Football Manager 2010-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/34000 Gebruikersregistratie voor Canon iP2600 series-->C:\Program Files (x86)\Canon\IJEREG\iP2600 series\UNINST.EXE Gebruikersregistratie voor Canon MP970 series-->C:\Program Files (x86)\Canon\IJEREG\MP970 series\UNINST.EXE HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} K-Lite Codec Pack 4.7.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0413-1000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0100-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0101-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office Language Pack 2007 - Dutch/Nederlands-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OMUI.NL-NL /dll OSETUP.DLL Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8} Microsoft Office O MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0100-0413-0000-0000000FF1CE} Microsoft Office OneNote MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0017-0413-0000-0000000FF1CE} /uninstall {2E9BD56A-2290-46DA-869F-2EDCF0A24E8B} Microsoft Office SharePoint Designer MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0017-0413-0000-0000000FF1CE} Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office X MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0101-0413-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mozilla Firefox (3.5.7)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} PIXMA Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R PIXresizer 2.0.2-->"C:\Program Files (x86)\PIXresizer\unins000.exe" QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -l0x0013 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sony Ericsson PC Suite 4.010.00-->C:\Program Files (x86)\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0013 -removeonly SoulSeek 157 NS 13d-->"C:\Program Files (x86)\SoulseekNS\uninstall.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Subtitle Workshop 2.51-->"C:\Program Files (x86)\URUSoft\Subtitle Workshop\uninstall.exe" Switch Sound File Converter-->C:\Program Files (x86)\NCH Swift Sound\Switch\uninst.exe TomTom HOME 2.7.0.1785-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0} Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA} Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5} Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809} Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{562B9CA4-6E52-4F87-ACEC-912FC004F1F0} Windows Live Messenger-->MsiExec.exe /X{10F5387D-1728-423A-A578-B00982CF2646} Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe" Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe YouTube Downloader 2.5.3-->"C:\Program Files (x86)\YouTube Downloader\uninstall.exe" =====HijackThis Backups===== R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2009-12-30] O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-12-30] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-12-30] F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe [2009-12-30] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-12-30] ======Hosts File====== 85.10.209.11 breakz.be 85.10.209.11 www.breakz.be ======Security center information====== AV: Symantec Endpoint Protection FW: Symantec Endpoint Protection AS: Symantec Endpoint Protection AS: Windows Defender ======System event log====== Computer Name: PC_van_Joey Event Code: 7036 Message: De Windows Media Center Service Launcher-service heeft nu de status gestopt. Record Number: 1471016 Source Name: Service Control Manager Time Written: 20100108090707.000000-000 Event Type: Informatie User: Computer Name: PC_van_Joey Event Code: 537 Message: Kan geen compatibel TPM (Trusted Platform Module)-beveiligingsapparaat op deze computer vinden. Kan TBS niet starten. Record Number: 1471017 Source Name: Microsoft-Windows-TBS Time Written: 20100108090706.543014-000 Event Type: Informatie User: NT AUTHORITY\LOCAL SERVICE Computer Name: PC_van_Joey Event Code: 7036 Message: De Windows Update-service heeft nu de status wordt uitgevoerd. Record Number: 1471018 Source Name: Service Control Manager Time Written: 20100108090718.000000-000 Event Type: Informatie User: Computer Name: PC_van_Joey Event Code: 7036 Message: De Application Information-service heeft nu de status wordt uitgevoerd. Record Number: 1471019 Source Name: Service Control Manager Time Written: 20100108092933.000000-000 Event Type: Informatie User: Computer Name: PC_van_Joey Event Code: 7036 Message: De WinHTTP Web Proxy Auto-Discovery-service-service heeft nu de status wordt uitgevoerd. Record Number: 1471020 Source Name: Service Control Manager Time Written: 20100108093142.000000-000 Event Type: Informatie User: =====Application event log===== Computer Name: PC_van_Joey Event Code: 1 Message: Client van Certificate Services is gestart. Record Number: 34982 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20100108090553.642214-000 Event Type: Informatie User: PC_van_Joey\Joey Computer Name: PC_van_Joey Event Code: 1 Message: De Windows Security Center-service is gestart. Record Number: 34983 Source Name: SecurityCenter Time Written: 20100108090706.000000-000 Event Type: Informatie User: Computer Name: PC_van_Joey Event Code: 1001 Message: Fault bucket 407419358, type 5 Naam van gebeurtenis: AppHangB1 Antwoord: Geen Id van CAB-bestand: 0 Handtekening van probleem: P1: Explorer.EXE P2: 6.0.6001.18164 P3: 4907e791 P4: 1f42 P5: 4 P6: P7: P8: P9: P10: Ingevoegde bestanden: C:\Users\Joey\AppData\Local\Temp\WER10F1.tmp.version.txt C:\Users\Joey\AppData\Local\Temp\WER2694.tmp.appcompat.txt Deze bestanden zijn mogelijk hier beschikbaar: C:\Users\Joey\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report108d2970 Record Number: 34984 Source Name: Windows Error Reporting Time Written: 20100108093142.000000-000 Event Type: Informatie User: Computer Name: PC_van_Joey Event Code: 1002 Message: De shell is onverwacht beëindigd en explorer.exe is opnieuw gestart. Record Number: 34985 Source Name: Microsoft-Windows-Winlogon Time Written: 20100108093142.000000-000 Event Type: Informatie User: Computer Name: PC_van_Joey Event Code: 1002 Message: Programma Explorer.EXE, versie 6.0.6001.18164 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 4b4 Starttijd: 01ca9041a453419f Eindtijd: 14 Record Number: 34986 Source Name: Application Hang Time Written: 20100108093142.000000-000 Event Type: Fout User: =====Security event log===== Computer Name: PC_van_Joey Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PC_VAN_JOEY$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2a4 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 48944 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100108090502.082214-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Joey Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 48945 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100108090502.082214-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Joey Event Code: 4648 Message: Poging tot aanmelden met expliciete referenties. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PC_VAN_JOEY$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Account waarvan de referenties zijn gebruikt: Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Doelserver: Naam van doelserver: localhost Aanvullende gegevens: localhost Procesgegevens: Proces-id: 0x2a4 Procesnaam: C:\Windows\System32\services.exe Netwerkgegevens: Netwerkadres: - Poort: - Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als. Record Number: 48946 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100108090502.378614-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Joey Event Code: 4624 Message: Er is een account aangemeld. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: PC_VAN_JOEY$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3e7 Aanmeldingstype: 5 Nieuwe aanmelding: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000} Procesgegevens: Proces-id: 0x2a4 Naam proces: C:\Windows\System32\services.exe Netwerkgegevens: Naam van werkstation: Netwerkadres van bron: - Poort van bron: - Gedetailleerde verificatiegegevens: Aanmeldingsproces: Advapi Verificatiepakket: Negotiate Doorgezette services: - Pakketnaam (alleen NTLM): - Sleutellengte: 0 Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen. De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe. In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk). Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld. In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn. De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag. - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis. - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt. - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt. - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd. Record Number: 48947 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100108090502.378614-000 Event Type: Controle geslaagd User: Computer Name: PC_van_Joey Event Code: 4672 Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: SYSTEEM Accountdomein: NT AUTHORITY Aanmeldings-id: 0x3e7 Bevoegdheden: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 48948 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100108090502.378614-000 Event Type: Controle geslaagd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=1707 "NUMBER_OF_PROCESSORS"=4 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat "DFSTRACINGON"=FALSE "CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  18. Ja, zegt nog net hetzelfde. Infostealer.gamepass
  19. Vipre vond deze terug MyWebSearch Toolbar - Potentially Unwanted Program Cookie: Tracking Cookies - Cookie (General) Trojan.Win32.Generic!BT - Trojan Ik heb maar op remove gedrukt en daarna op clean. Moet je nog andere dingen weten?
  20. Ok, is dat niet slecht om een tweede anti-virus te installeren? Hij is op dit ogenblik aan het installeren ...
  21. Error Win32 Only zegt hij, installeren lukt niet ...
  22. Heb deze even terug open gedaan. Het is blijkbaar toch niet helemaal van de baan. Elke keer wanneer ik de computer opzet zegt Symantec Endpoint Protection dat er een virus is, genaamd: infostealer gamepass ( Infostealer.Gampass | Symantec ). Hij zou dit elke keer wegdoen en daarna start de pc opnieuw op. Dan krijg ik geen meldingen meer tot de volgende dag. Heb net nog eens die Malwarebytes' Anti-Malware gedaan, zonder resultaat. Het is ook elke keer dat al mijn verborgen bestanden zichtbaar geworden zijn ...
  23. oei, er is precies een stuk niet aangekomen. Ik had daarna al ontdekt dat het kwam omdat mijn verborgen bestanden ineens zichtbaar waren. Ik was hier niet aangekomen, maar plots waren ze daar. Nu zijn die bestandjes dus allemaal terug weg. Als het er prima uit ziet dan zal het ook wel in orde zijn! Nog eens bedankt Opgelost!
  24. Breakz.be is een gekende site: www.breakzforum.be - Index page , heb die zo eens moeten instellen omdat die anders niet meer werkte. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:04:51, on 30/12/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\vVX1000.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O1 - Hosts: 85.10.209.11 breakz.be O1 - Hosts: 85.10.209.11 www.breakz.be O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9295 bytes Malwarebytes' Anti-Malware 1.42 Database versie: 3454 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18865 30/12/2009 10:58:19 mbam-log-2009-12-30 (10-58-19).txt Scan type: Snelle Scan Objecten gescand: 95391 Verstreken tijd: 3 minute(s), 28 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 1 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden)
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.