Sargon
-
Items
139 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Sargon
-
-
Heb me gisteren eindelijk een mac aangekocht, maar nu zit ik al meteen met een klein probleem, aangezien ik niet deftig kan schrijven is het altijd wel handig als mijn spellingscontrole in WORD werkt. Het is dus Microsoft Office 2008 voor Mac.
Ik heb al eens bij WORD -> Preferences -> Spelling and Grammar -> die Custum Dictionary naar Default ACL Dutch gezet, maar dat lijkt niet echt veel te doen.
Hopelijk weten jullie raad! En heb ik misschien iets over het hoofd gezien. Hij corrigeert trouwens gewoon weg niets van woorden en als ik op spelling & grammar status klik zegt hij dat die voltooid is en geen fout in zitten.
-
Niemand die hier al ervaring mee heeft?
-
Binnenkort ga ik naar de VS en ik speel al langer met de plannen om een Mac Book Pro te kopen.
Nu is mijn vraag, zijn er verschillen buiten het stopcontact (zo'n adaptor zal ik hier wel apart kunnen kopen neem ik aan), het qwerty toetsenbord en de prijs die toch beduidend lager is??
Of kunnen er zich bepaalde problemen voor doen omdat het geen Europees/Belgisch model is?
Alvast bedankt
-
Door dat mapje weg te doen is het blijkbaar echt weg Ik kan beter virussen bestrijden dan u
Sluit de topic en nog eens 1000 maal dank!
-
Gereed - Geen virussen gevonden zegt hij ...
Mss omdat ik dat mapje weg gedaan heb? Ik wacht in ieder geval nog even af voor ik de topic sluit
-
Heb heel die map: c:\32788r22fwjfw eens weg gedaan ... kvin toch terug dat dat iets met spyware te maken had op google. Eens zien wat dat geeft
-
Vooral vreemd dat het altijd is als mijn pc eventjes opstaat (minuut of 20-25) en na het herstarten is het niet meer
;*************************************
ANALYSIS: 2010-01-13 21:32:17
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 1
;*************************************
PROTECTIONS
Description Version Active Updated
;=====================================
Symantec Endpoint Protection 11.0.777.1008 Yes Yes
;=====================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;====================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@tradedoubler[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@ad.yieldmanager[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@weborama[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@metriweb[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@metriweb[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\windows.old\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@metriweb[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@metriweb[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@metriweb[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\joey\appdata\roaming\microsoft\windows\cookies\joey@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\$windows.~q\data\users\joey\appdata\roaming\microsoft\windows\cookies\low\joey@bluestreak[1].txt
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No c:\windows\syswow64\drivers\rcgsbw.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No c:\windows\syswow64\drivers\cdsrqrf.sys
;=======================================
SUSPECTS
Sent Location
;========================================
No c:\32788r22fwjfw\pev.exe
;======================================
VULNERABILITIES
Id Severity Description
;=======================================
-
Enkele minuten later krijg ik toch weer het bericht van de infostealer.gamepass
-
Ok! Done!
Dus het zou nu opgelost moeten zijn ... zal meteen op de knop drukken, als het toch nog voorkomt, open ik hem wel weer.
-
Kan ik dat daar dan niet uit weg doen? Want het is toch niet altijd even handig dat ik mijn pc altijd opzet en daarna nog eens moet herstarten voor ik hem echt kan gebruiken...
-
Wednesday, January 13, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, January 12, 2010 19:41:47
Records in database: 3301412
Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes
Scan area My Computer C:\
D:\
F:\
Scan statistics Objects scanned 256515 Threats found 1 Infected objects found 1 Suspicious objects found 0 Scan duration 03:08:47
File name Threat Threats count C:\Windows.old\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E880000\4F889FEE.VBNInfected: Packed.Win32.Tdss.c1
Selected area has been scanned.
-
ja, nog steeds
-
Heb heel stap 4 gedaan:
4. To delete the value from the registry
Enkel bij deze:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "145"
Deed hij anders dan de anderen. Er staat zo altijd tussen ( ) hetzelfde getal en bij deze werd het 325 in plaats van 145
-
Een kladblok file met volgende naam heb ik ook nog gevonden: fzfau
Files to delete:
C:\Windows\system32\drivers\abkarffq.sys
Drivers to delete:
abkarffq
Het lijkt weg te zijn! Laat symantec nog eens een scan doen, als er niets te voorschijn komt, sluit ik na de scan de topic.
Bedankt!
---------- Post toegevoegd om 11:44 ---------- Vorige post was om 11:37 ----------
Enkele minuten later krijg ik weer de melding, zal eens wat meer info geven: Infostealer.gamepass
File name: DWHBAA7.tmp
Original Location: C:\Users\Joey\AppData\Local\Temp\
Current Location: C:\Users\Joey\AppData\Local\Temp\
En voor het verwijderen vraagt de pc altijd om te herstarten. Ik doe altijd mijn onzichtbare mappen weg, maar na het verwijderen van dit staan ze altijd terug op zichtbaar.
-
Wederom geen logfile en met de zoekfunctie lijkt hij niets te vinden ... wat goed is neem ik aan
-
Heb het gedaan, er opende wel geen logfile en kan er ook nergens een vinden. Toen ik op execute drukte zei VIPRE iets van a known threat was blocked from opening en zag ik ook iets taan van trojan.exe ... ging allemaal nogal snel want enkele seconden later was hij aan het heropstarten. Tot hiertoe geen melding van Symantec anti-virus, maar uit ondervinden is het meestal als de pc even heeft afgestaan.
Heb wel enkele bestandjes gevonden die zijn aangemaakt net voor de pc heropstarten. Deze staan bij Lokaal station (C:) het is 1 backup, 1 cleanup, 1 zip bestand en een txt bestandje waar het volgende instaat (geen idee of je hier iets mee bent):
Just before processing loop...
C:\Program Files (x86)\GIGABYTE\EnergySaver\info.dat
Current = 0
Total = 0
savetime = 0
Type=60,Port=b2,BiosAddr=cfeeecd0
Current=0.000000,Total=0.000000,MaxVid=1.200000,Rev=0x20
-
Chapeau da gij daar aan uit kunt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Joey at 2010-01-08 10:33:15
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 668 GB (70%) free of 954 GB
Total RAM: 4094 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:19, on 8/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Joey\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Joey.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.10.209.11 breakz.be
O1 - Hosts: 85.10.209.11 www.breakz.be
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9658 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [2007-08-06 115560]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"OpwareSE4"=C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-10 417792]
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-11-30 198160]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SBAMTray"=C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [2009-10-27 959824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2009-10-30 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
======File associations======
.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*
======List of files/folders created in the last 2 months======
2010-01-08 10:33:15 ----D---- C:\rsit
2010-01-06 21:10:08 ----D---- C:\ProgramData\Sunbelt
2010-01-06 21:09:59 ----D---- C:\Users\Joey\AppData\Roaming\Sunbelt
2010-01-06 21:07:35 ----D---- C:\Program Files (x86)\Sunbelt Software
2010-01-06 20:57:02 ----D---- C:\32788R22FWJFW
2009-12-30 10:52:14 ----D---- C:\Users\Joey\AppData\Roaming\Malwarebytes
2009-12-30 10:52:09 ----D---- C:\ProgramData\Malwarebytes
2009-12-30 10:52:09 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-12-29 21:38:18 ----D---- C:\Program Files (x86)\URUSoft
2009-12-29 11:40:07 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2009-12-23 09:27:37 ----D---- C:\Program Files (x86)\Trend Micro
2009-12-22 13:18:39 ----D---- C:\ProgramData\TEMP
2009-12-12 08:03:55 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 08:03:52 ----A---- C:\Windows\system32\httpapi.dll
2009-12-12 08:03:00 ----A---- C:\Windows\system32\mshtml.dll
2009-12-12 08:02:58 ----A---- C:\Windows\system32\urlmon.dll
2009-12-12 08:02:58 ----A---- C:\Windows\system32\iertutil.dll
2009-12-12 08:02:58 ----A---- C:\Windows\system32\ieframe.dll
2009-12-12 08:02:57 ----A---- C:\Windows\system32\wininet.dll
2009-12-12 08:02:57 ----A---- C:\Windows\system32\occache.dll
2009-12-12 08:02:57 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-12 08:02:57 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-12 08:02:56 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-12 08:02:56 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-12 08:02:56 ----A---- C:\Windows\system32\ieui.dll
2009-12-12 08:02:56 ----A---- C:\Windows\system32\iepeers.dll
2009-12-12 08:02:55 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-12 08:02:55 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-12 08:02:55 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-12 08:02:55 ----A---- C:\Windows\system32\iesetup.dll
2009-12-12 08:02:55 ----A---- C:\Windows\system32\iernonce.dll
2009-12-12 08:02:55 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-12 08:02:34 ----A---- C:\Windows\system32\rastls.dll
2009-12-12 08:02:34 ----A---- C:\Windows\system32\raschap.dll
2009-12-12 08:02:31 ----A---- C:\Windows\system32\winhttp.dll
2009-12-08 20:50:13 ----D---- C:\Program Files (x86)\YouTube Downloader
2009-12-02 23:09:19 ----D---- C:\Windows\Freecorder
2009-12-02 23:09:19 ----D---- C:\Program Files (x86)\Freecorder
2009-12-01 19:47:05 ----A---- C:\Windows\system32\javaws.exe
2009-12-01 19:47:05 ----A---- C:\Windows\system32\javaw.exe
2009-12-01 19:47:05 ----A---- C:\Windows\system32\java.exe
2009-11-30 10:06:33 ----A---- C:\Windows\system32\rmoc3260.dll
2009-11-30 10:06:28 ----A---- C:\Windows\system32\pndx5032.dll
2009-11-30 10:06:28 ----A---- C:\Windows\system32\pndx5016.dll
2009-11-30 10:06:26 ----D---- C:\Program Files (x86)\Common Files\xing shared
2009-11-30 10:06:13 ----A---- C:\Windows\system32\pncrt.dll
2009-11-27 09:58:13 ----A---- C:\Windows\system32\tzres.dll
2009-11-27 09:56:53 ----A---- C:\Windows\system32\msxml6.dll
2009-11-27 09:56:53 ----A---- C:\Windows\system32\msxml3.dll
2009-11-24 23:49:02 ----D---- C:\ProgramData\Real
2009-11-22 14:00:00 ----D---- C:\Program Files (x86)\QuickTime
2009-11-22 13:59:59 ----D---- C:\ProgramData\Apple Computer
2009-11-20 21:56:20 ----D---- C:\Program Files (x86)\PS3 Media Server
2009-11-14 09:39:04 ----D---- C:\ProgramData\FLEXnet
2009-11-14 09:31:12 ----D---- C:\Program Files (x86)\Bonjour
2009-11-14 09:27:29 ----D---- C:\Windows\system32\spool
2009-11-14 09:23:58 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2009-11-11 13:23:08 ----A---- C:\Windows\system32\WSDApi.dll
======List of files/folders modified in the last 2 months======
2010-01-08 10:33:17 ----D---- C:\Windows\Temp
2010-01-08 10:05:26 ----D---- C:\Program Files (x86)\Steam
2010-01-08 10:05:01 ----D---- C:\Windows\System32
2010-01-07 23:31:38 ----SHD---- C:\Windows\Installer
2010-01-07 23:31:38 ----RD---- C:\Program Files (x86)
2010-01-07 23:31:31 ----SHD---- C:\System Volume Information
2010-01-07 23:30:21 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-01-07 23:29:41 ----D---- C:\Users\Joey\AppData\Roaming\Adobe
2010-01-07 23:28:24 ----D---- C:\ProgramData\Adobe
2010-01-07 23:28:24 ----D---- C:\Program Files (x86)\Adobe
2010-01-07 23:25:14 ----D---- C:\Windows\system32\drivers
2010-01-07 23:23:46 ----D---- C:\ProgramData
2010-01-07 23:21:34 ----D---- C:\Program Files (x86)\CCleaner
2010-01-07 21:41:09 ----D---- C:\Users\Joey\AppData\Roaming\BitTorrent
2010-01-06 23:08:40 ----D---- C:\Windows\Prefetch
2010-01-06 21:54:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-01-06 21:07:36 ----D---- C:\Windows\SysWOW64
2010-01-05 08:40:13 ----D---- C:\Windows\inf
2010-01-03 16:00:54 ----RSD---- C:\Windows\Fonts
2009-12-31 22:29:36 ----D---- C:\Users\Joey\AppData\Roaming\Skype
2009-12-31 19:17:16 ----D---- C:\Users\Joey\AppData\Roaming\skypePM
2009-12-30 20:45:23 ----D---- C:\Users\Joey\AppData\Roaming\Real
2009-12-29 11:57:08 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-12-29 11:40:07 ----D---- C:\Program Files (x86)\Common Files
2009-12-23 11:14:41 ----D---- C:\Windows
2009-12-23 08:42:57 ----D---- C:\Windows\Minidump
2009-12-23 08:42:57 ----D---- C:\Windows\Debug
2009-12-22 12:46:15 ----D---- C:\Windows\Tasks
2009-12-22 12:46:13 ----D---- C:\Windows\registration
2009-12-12 19:22:22 ----D---- C:\Windows\rescache
2009-12-12 19:19:02 ----D---- C:\Windows\winsxs
2009-12-12 08:11:48 ----D---- C:\Windows\system32\migration
2009-12-12 08:11:48 ----D---- C:\Program Files (x86)\Internet Explorer
2009-12-12 08:11:47 ----D---- C:\Windows\system32\nl-NL
2009-12-12 08:11:47 ----D---- C:\Program Files (x86)\Windows Mail
2009-12-12 08:07:48 ----D---- C:\ProgramData\Microsoft Help
2009-12-12 08:05:23 ----RSD---- C:\Windows\assembly
2009-12-01 19:46:38 ----D---- C:\Program Files (x86)\Java
2009-11-30 10:06:35 ----D---- C:\Program Files (x86)\Common Files\Real
2009-11-30 10:06:12 ----RD---- C:\Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-08-26 475696]
R1 sbtis;sbtis; C:\Windows\system32\drivers\sbtis.sys []
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [2007-08-14 397872]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [2007-08-14 32304]
R1 WPS;WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys []
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
R2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 132656]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-01-08 25640]
R3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100107.049\ENG64.SYS [2009-08-27 116272]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100107.049\EX64.SYS [2009-08-27 1742896]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys []
R3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys []
R3 WpsHelper;WpsHelper; \??\C:\Windows\system32\drivers\WpsHelper.sys []
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S3 abkarffq;abkarffq; C:\Windows\system32\drivers\abkarffq.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys []
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys []
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys []
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys []
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys []
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys []
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys []
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [2007-08-14 429616]
S3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys []
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 vsdatant;vsdatant; a []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-06 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-06 108392]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-02-06 68136]
R2 MSCamSvc;MSCamSvc; C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe [2007-05-17 443752]
R2 SBAMSvc;VIPRE Antivirus + Antispyware; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2009-10-27 1012080]
R2 SmcService;Symantec Management Client; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [2007-09-07 4392832]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2007-09-06 2177464]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-08-07 92008]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 2297216]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-12-29 321320]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-29 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [2007-09-07 287112]
S4 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
info.txt logfile of random's system information tool 1.06 2010-01-08 10:33:21
======Uninstall list======
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files (x86)\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9.2 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Avanquest update-->C:\Program Files (x86)\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0013 -removeonly
AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
De Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0013 -removeonly
Demigod-->C:\ProgramData\{67C33A62-5B1D-43D1-9600-16006F36EB2B}\setup.exe
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMindMaps-->C:\PROGRA~2\MindJET\EMINDM~1\UNWISE.EXE C:\PROGRA~2\MindJET\EMINDM~1\INSTALL.LOG
Energy Saver Advance B9.0316.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly
EVEREST Home Edition v2.20-->"C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Football Manager 2010-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/34000
Gebruikersregistratie voor Canon iP2600 series-->C:\Program Files (x86)\Canon\IJEREG\iP2600 series\UNINST.EXE
Gebruikersregistratie voor Canon MP970 series-->C:\Program Files (x86)\Canon\IJEREG\MP970 series\UNINST.EXE
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Codec Pack 4.7.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0413-1000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0100-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0101-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 - Dutch/Nederlands-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OMUI.NL-NL /dll OSETUP.DLL
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office O MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0100-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0017-0413-0000-0000000FF1CE} /uninstall {2E9BD56A-2290-46DA-869F-2EDCF0A24E8B}
Microsoft Office SharePoint Designer MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0017-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office X MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0101-0413-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5.7)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PIXMA Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
PIXresizer 2.0.2-->"C:\Program Files (x86)\PIXresizer\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -l0x0013 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files (x86)\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0013 -removeonly
SoulSeek 157 NS 13d-->"C:\Program Files (x86)\SoulseekNS\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Subtitle Workshop 2.51-->"C:\Program Files (x86)\URUSoft\Subtitle Workshop\uninstall.exe"
Switch Sound File Converter-->C:\Program Files (x86)\NCH Swift Sound\Switch\uninst.exe
TomTom HOME 2.7.0.1785-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA}
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}
Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809}
Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}
Windows Live Messenger-->MsiExec.exe /X{10F5387D-1728-423A-A578-B00982CF2646}
Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
YouTube Downloader 2.5.3-->"C:\Program Files (x86)\YouTube Downloader\uninstall.exe"
=====HijackThis Backups=====
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2009-12-30]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-12-30]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-12-30]
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe [2009-12-30]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-12-30]
======Hosts File======
85.10.209.11 breakz.be
85.10.209.11 www.breakz.be
======Security center information======
AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection
AS: Symantec Endpoint Protection
AS: Windows Defender
======System event log======
Computer Name: PC_van_Joey
Event Code: 7036
Message: De Windows Media Center Service Launcher-service heeft nu de status gestopt.
Record Number: 1471016
Source Name: Service Control Manager
Time Written: 20100108090707.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_Joey
Event Code: 537
Message: Kan geen compatibel TPM (Trusted Platform Module)-beveiligingsapparaat op deze computer vinden. Kan TBS niet starten.
Record Number: 1471017
Source Name: Microsoft-Windows-TBS
Time Written: 20100108090706.543014-000
Event Type: Informatie
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: PC_van_Joey
Event Code: 7036
Message: De Windows Update-service heeft nu de status wordt uitgevoerd.
Record Number: 1471018
Source Name: Service Control Manager
Time Written: 20100108090718.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_Joey
Event Code: 7036
Message: De Application Information-service heeft nu de status wordt uitgevoerd.
Record Number: 1471019
Source Name: Service Control Manager
Time Written: 20100108092933.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_Joey
Event Code: 7036
Message: De WinHTTP Web Proxy Auto-Discovery-service-service heeft nu de status wordt uitgevoerd.
Record Number: 1471020
Source Name: Service Control Manager
Time Written: 20100108093142.000000-000
Event Type: Informatie
User:
=====Application event log=====
Computer Name: PC_van_Joey
Event Code: 1
Message: Client van Certificate Services is gestart.
Record Number: 34982
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100108090553.642214-000
Event Type: Informatie
User: PC_van_Joey\Joey
Computer Name: PC_van_Joey
Event Code: 1
Message: De Windows Security Center-service is gestart.
Record Number: 34983
Source Name: SecurityCenter
Time Written: 20100108090706.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_Joey
Event Code: 1001
Message: Fault bucket 407419358, type 5
Naam van gebeurtenis: AppHangB1
Antwoord: Geen
Id van CAB-bestand: 0
Handtekening van probleem:
P1: Explorer.EXE
P2: 6.0.6001.18164
P3: 4907e791
P4: 1f42
P5: 4
P6:
P7:
P8:
P9:
P10:
Ingevoegde bestanden:
C:\Users\Joey\AppData\Local\Temp\WER10F1.tmp.version.txt
C:\Users\Joey\AppData\Local\Temp\WER2694.tmp.appcompat.txt
Deze bestanden zijn mogelijk hier beschikbaar:
C:\Users\Joey\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report108d2970
Record Number: 34984
Source Name: Windows Error Reporting
Time Written: 20100108093142.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_Joey
Event Code: 1002
Message: De shell is onverwacht beëindigd en explorer.exe is opnieuw gestart.
Record Number: 34985
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100108093142.000000-000
Event Type: Informatie
User:
Computer Name: PC_van_Joey
Event Code: 1002
Message: Programma Explorer.EXE, versie 6.0.6001.18164 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: 4b4 Starttijd: 01ca9041a453419f Eindtijd: 14
Record Number: 34986
Source Name: Application Hang
Time Written: 20100108093142.000000-000
Event Type: Fout
User:
=====Security event log=====
Computer Name: PC_van_Joey
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: PC_VAN_JOEY$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x2a4
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 48944
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108090502.082214-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_Joey
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 48945
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108090502.082214-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_Joey
Event Code: 4648
Message: Poging tot aanmelden met expliciete referenties.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: PC_VAN_JOEY$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Account waarvan de referenties zijn gebruikt:
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Doelserver:
Naam van doelserver: localhost
Aanvullende gegevens: localhost
Procesgegevens:
Proces-id: 0x2a4
Procesnaam: C:\Windows\System32\services.exe
Netwerkgegevens:
Netwerkadres: -
Poort: -
Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.
Record Number: 48946
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108090502.378614-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_Joey
Event Code: 4624
Message: Er is een account aangemeld.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: PC_VAN_JOEY$
Accountdomein: WORKGROUP
Aanmeldings-id: 0x3e7
Aanmeldingstype: 5
Nieuwe aanmelding:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}
Procesgegevens:
Proces-id: 0x2a4
Naam proces: C:\Windows\System32\services.exe
Netwerkgegevens:
Naam van werkstation:
Netwerkadres van bron: -
Poort van bron: -
Gedetailleerde verificatiegegevens:
Aanmeldingsproces: Advapi
Verificatiepakket: Negotiate
Doorgezette services: -
Pakketnaam (alleen NTLM): -
Sleutellengte: 0
Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.
De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.
In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).
Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.
In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.
De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
Record Number: 48947
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108090502.378614-000
Event Type: Controle geslaagd
User:
Computer Name: PC_van_Joey
Event Code: 4672
Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.
Onderwerp:
Beveiligings-id: S-1-5-18
Accountnaam: SYSTEEM
Accountdomein: NT AUTHORITY
Aanmeldings-id: 0x3e7
Bevoegdheden: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 48948
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100108090502.378614-000
Event Type: Controle geslaagd
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
-
Ja, zegt nog net hetzelfde. Infostealer.gamepass
-
Vipre vond deze terug
MyWebSearch Toolbar - Potentially Unwanted Program
Cookie: Tracking Cookies - Cookie (General)
Trojan.Win32.Generic!BT - Trojan
Ik heb maar op remove gedrukt en daarna op clean. Moet je nog andere dingen weten?
-
Ok, is dat niet slecht om een tweede anti-virus te installeren? Hij is op dit ogenblik aan het installeren ...
-
Error Win32 Only zegt hij, installeren lukt niet ...
-
Heb deze even terug open gedaan. Het is blijkbaar toch niet helemaal van de baan. Elke keer wanneer ik de computer opzet zegt Symantec Endpoint Protection dat er een virus is, genaamd: infostealer gamepass ( Infostealer.Gampass | Symantec ). Hij zou dit elke keer wegdoen en daarna start de pc opnieuw op. Dan krijg ik geen meldingen meer tot de volgende dag.
Heb net nog eens die Malwarebytes' Anti-Malware gedaan, zonder resultaat.
Het is ook elke keer dat al mijn verborgen bestanden zichtbaar geworden zijn ...
-
oei, er is precies een stuk niet aangekomen. Ik had daarna al ontdekt dat het kwam omdat mijn verborgen bestanden ineens zichtbaar waren. Ik was hier niet aangekomen, maar plots waren ze daar. Nu zijn die bestandjes dus allemaal terug weg. Als het er prima uit ziet dan zal het ook wel in orde zijn!
Nog eens bedankt
Opgelost!
-
Breakz.be is een gekende site: www.breakzforum.be - Index page , heb die zo eens moeten instellen omdat die anders niet meer werkte.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:51, on 30/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 85.10.209.11 breakz.be
O1 - Hosts: 85.10.209.11 www.breakz.be
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACFA183-9A8E-4CD3-A7C8-EC3272F2CE83}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9295 bytes
Malwarebytes' Anti-Malware 1.42
Database versie: 3454
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
30/12/2009 10:58:19
mbam-log-2009-12-30 (10-58-19).txt
Scan type: Snelle Scan
Objecten gescand: 95391
Verstreken tijd: 3 minute(s), 28 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
MS Office 2008 spellingscontrole
in Archief Linux, Mac OS & andere besturingssystemen
Geplaatst:
Nederlands staat ook op Nederlands zoals je op het prentje weergeeft en volgens mij heb ik alles correct gedaan zoals die handleiding zegt.
Sommige dingen zijn wel lastig om uit te zoeken, daar ik nederlandse office heb ... maar toch al bedankt!
Is er hier niemand die een mac heeft ?