w32 blaster worm

nickb · 3 april 2011

heb het oude logje verwijderd. Als ik mn scan wil opslaan staat er toch nog een logje in. Dan vraagt hij om de bestaande te vervangen. Als ik dit wil doen zegt hij dat hij het logje niet kan vinden..

Maar nog altijd wormvrij : )

kape · 3 april 2011

Dan gaan we even met een omweg op zoek naar een logje :

Download RSIT.

Sla het op je Bureaublad op.

Dubbelklik op RSIT om het te starten.

Klik op Continue in het disclaimer venster.

Zodra de scan beëindigd is, zullen twee logs openen. Post de inhoud van log.txt (zal gemaximaliseerd zijn) en info.txt (zal geminimaliseerd zijn) in je volgende antwoord.

nickb · 4 april 2011

Logfile of random's system information tool 1.08 (written by random/random)

Run by nick at 2011-04-04 11:49:54

Microsoft® Windows Vista™ Home Basic Service Pack 2

System drive C: has 70 GB (50%) free of 140 GB

Total RAM: 1790 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:49:58, on 4/04/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe

C:\Program Files\CyberLink\PlayMovie\PMVService.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\nick\Desktop\RSIT.exe

C:\Program Files\trend micro\nick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled

O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Polar Daemon - Unknown owner - C:\Program Files\Polar\Daemon\polard.exe

--

End of file - 7802 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\Uitgebreide garantie-nick.job

C:\Windows\tasks\User_Feed_Synchronization-{C82E0349-355E-4889-AA44-1A9F28865151}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]

RadioBar Toolbar - C:\Program Files\RadioBar\toolbar.ni.dll [2010-01-11 451808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-02-26 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]

"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]

"CarboniteSetupLite"=C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe [2008-04-07 306112]

"PCMAgent"=C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [2008-03-21 143360]

"CLMLServer"=C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [2008-04-12 196608]

"PlayMovie"=C:\Program Files\CyberLink\PlayMovie\PMVService.exe [2008-03-31 172032]

"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2008-02-04 1038136]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-01-14 1688872]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-11 68856]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-04 11:49:54 ----D---- C:\rsit

2011-04-01 15:14:12 ----ASH---- C:\hiberfil.sys

2011-04-01 15:03:32 ----D---- C:\Users\nick\AppData\Roaming\Malwarebytes

2011-04-01 15:03:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys

2011-04-01 15:03:20 ----D---- C:\ProgramData\Malwarebytes

2011-04-01 15:03:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2011-04-01 15:03:17 ----A---- C:\Windows\system32\drivers\mbam.sys

2011-04-01 10:15:19 ----D---- C:\Program Files\Trend Micro

2011-03-27 12:34:59 ----D---- C:\ComboFix

2011-03-27 12:22:57 ----D---- C:\Qoobox

2011-03-27 11:38:19 ----A---- C:\Windows\ntbtlog.txt

2011-03-27 11:20:32 ----D---- C:\Program Files\FindyKill

2011-03-19 10:30:19 ----A---- C:\Windows\system32\shsvcs.dll

2011-03-09 10:35:16 ----A---- C:\Windows\system32\mstscax.dll

2011-03-09 10:35:15 ----A---- C:\Windows\system32\mstsc.exe

2011-03-09 10:34:50 ----A---- C:\Windows\system32\EncDec.dll

2011-03-09 10:34:47 ----A---- C:\Windows\system32\sbe.dll

2011-03-09 10:34:46 ----A---- C:\Windows\system32\sbeio.dll

======List of files/folders modified in the last 1 months======

2011-04-04 11:49:50 ----D---- C:\Windows\Temp

2011-04-04 11:41:57 ----D---- C:\Windows\inf

2011-04-04 11:41:57 ----AD---- C:\Windows\System32

2011-04-04 11:41:57 ----A---- C:\Windows\system32\PerfStringBackup.INI

2011-04-01 16:19:54 ----D---- C:\Windows\prefetch

2011-04-01 15:14:02 ----D---- C:\Windows\system32\drivers

2011-04-01 15:14:02 ----D---- C:\Windows\IME

2011-04-01 15:03:20 ----HD---- C:\ProgramData

2011-04-01 15:03:17 ----RD---- C:\Program Files

2011-04-01 10:15:20 ----SHD---- C:\Windows\Installer

2011-04-01 10:11:41 ----SHD---- C:\System Volume Information

2011-03-27 12:36:32 ----D---- C:\Users\nick\AppData\Roaming\LimeWire

2011-03-27 11:38:19 ----D---- C:\Windows

2011-03-27 11:16:31 ----D---- C:\Windows\winsxs

2011-03-27 11:16:29 ----D---- C:\Windows\system32\catroot

2011-03-27 11:14:33 ----D---- C:\Windows\system32\Tasks

2011-03-27 10:33:48 ----D---- C:\Windows\system32\catroot2

2011-03-26 15:49:00 ----D---- C:\Windows\system32\config

2011-03-26 15:48:55 ----D---- C:\Windows\Tasks

2011-03-26 15:48:54 ----D---- C:\Windows\system32\wbem

2011-03-26 15:48:54 ----D---- C:\Windows\system32\spool

2011-03-26 15:48:54 ----D---- C:\Windows\system32\Msdtc

2011-03-26 15:48:54 ----D---- C:\Windows\registration

2011-03-11 20:53:10 ----D---- C:\Program Files\Microsoft Silverlight

2011-03-10 10:18:02 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-11 43528]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-30 743424]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-24 2609152]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]

R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-24 602112]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]

R2 Polar Daemon;Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [2009-08-25 163840]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-01-14 447784]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-11 647680]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe []

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

---------- Post toegevoegd om 12:03 ---------- Vorige post was om 12:02 ----------

info.txt logfile of random's system information tool 1.08 2011-04-04 11:50:02

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe -maintain activex

Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}

Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}

Adobe Photoshop Elements 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobePE6*

Adobe Reader 8.1.3 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81300000003}

Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0013 -removeonly

Bescherm uw gegevens-->"C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled /uninstall

BitLord 1.1-->C:\Program Files\BitLord\uninst.exe

Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"

Carbonite-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Carbonite*

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall

FindyKill-->C:\Program Files\FindyKill\Uninstal.exe

Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Toolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop_XX*

HDRegBENL-->MsiExec.exe /I{6372DAC4-7E35-48A6-B216-79415ACD34B3}

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Infocentre Rev. 2.0.0.1-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*

Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

K-Lite Mega Codec Pack 4.6.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0413-0000-0000000FF1CE}

Microsoft Office Professional Editie 2003-->MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nero 8 Essentials-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Nero8*

Nero 8 Essentials-->MsiExec.exe /X{980B9958-1239-4FC5-8C88-AC5650321043}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*

Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*

Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*

Polar Daemon-->MsiExec.exe /X{AA8C0785-3F20-43E0-BFA3-223FFB5D25AA}

Polar WebLink 2.4.11-->MsiExec.exe /X{12C8466B-9E6E-4C0C-BBA3-F05EDF5C8ECA}

Polar WebSync-->MsiExec.exe /X{D4B75A5A-2BA2-4761-BC27-9EA30FA5B483}

Power Cinema 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PowerCinema6*

RadioBar Toolbar-->C:\Program Files\RadioBar\UNINSTALL.exe

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything

SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""

SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_NL*

Skype 3.6.2.248-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*

Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}

Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}

Windows Live Mail-->MsiExec.exe /I{2869F5EA-93C3-48E5-80DF-DB696BC84A91}

Windows Live Messenger-->MsiExec.exe /X{10F5387D-1728-423A-A578-B00982CF2646}

Windows Live Movie Maker-->MsiExec.exe /X{62012DD0-5B43-464C-BC62-68DE5B1B73DE}

Windows Live Photo Gallery-->MsiExec.exe /X{11005483-57F9-400C-BF9F-CBC47540705A}

Windows Live Sync-->MsiExec.exe /X{CD19EDD9-1632-4002-9212-7478E4BA0423}

Windows Live Writer-->MsiExec.exe /X{35CA031C-D3CD-4A28-8D9B-C71466C4F045}

Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC_van_nick

Event Code: 7036

Message: De SSDP Discovery-service heeft nu de status wordt uitgevoerd.

Record Number: 120543

Source Name: Service Control Manager

Time Written: 20100617164203.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_nick

Event Code: 7036

Message: De WinHTTP Web Proxy Auto-Discovery-service-service heeft nu de status wordt uitgevoerd.

Record Number: 120542

Source Name: Service Control Manager

Time Written: 20100617164203.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_nick

Event Code: 7036

Message: De Background Intelligent Transfer Service-service heeft nu de status wordt uitgevoerd.

Record Number: 120541

Source Name: Service Control Manager

Time Written: 20100617164203.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_nick

Event Code: 7036

Message: De Application Information-service heeft nu de status wordt uitgevoerd.

Record Number: 120540

Source Name: Service Control Manager

Time Written: 20100617164203.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_nick

Event Code: 7036

Message: De Diagnostic System Host-service heeft nu de status wordt uitgevoerd.

Record Number: 120539

Source Name: Service Control Manager

Time Written: 20100617164203.000000-000

Event Type: Informatie

User:

=====Application event log=====

Computer Name: WIN-8832VDIV95L

Event Code: 901

Message: De Software Licensing-service wordt gestopt.

Record Number: 543

Source Name: Microsoft-Windows-Security-Licensing-SLC

Time Written: 20081111045455.000000-000

Event Type: Informatie

User:

Computer Name: WIN-8832VDIV95L

Event Code: 8225

Message: De VSS-service is afgesloten vanwege een gebeurtenis voor afsluiten in Servicebeheer.

Record Number: 542

Source Name: VSS

Time Written: 20081111045455.000000-000

Event Type: Informatie

User:

Computer Name: WIN-8832VDIV95L

Event Code: 1003

Message: De statuscontrole van de licentie door de Software Licensing-service is voltooid.

Id van toepassing=55c92734-d682-4d71-983e-d6ec3f16059f

Licentiestatus=

{1,[199086aa-6cb8-4e5b-b698-f2be56f1e8ee, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[26241618-ffd9-4440-af04-2ab852b2767f, 8, 0xC004F014,0x0]}

{1,[8cc39469-8bf4-4859-9f14-639320501a1f, 8, 0xC004F014,0x0]}

{1,[91dbad68-4713-4f9c-b351-6e77a8361741, 8, 0xC004F014,0x0]}

{1,[95c6e80a-0ff8-4bd0-95f2-c4a39b79d09e, 8, 0xC004F014,0x0]}

{1,[b4b150d0-ec09-4f74-910d-371ed161b2ac, 8, 0xC004F014,0x0]}

{1,[bb4c2c10-dc0d-4ce6-8824-ee71ddb63c07, 8, 0xC004F014,0x0]}

{1,[c2f2d79e-121d-482c-b665-83f052c8cbcc, 8, 0xC004F014,0x0]}

{1,[cd2e414a-e728-421e-a934-73506387d641, 8, 0xC004F014,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 0, 0xC004F055,0x0]}

Record Number: 541

Source Name: Microsoft-Windows-Security-Licensing-SLC

Time Written: 20081111045421.000000-000

Event Type: Informatie

User:

Computer Name: WIN-8832VDIV95L

Event Code: 1033

Message: Deze beleidsinstellingen zijn uitgesloten omdat ze alleen zijn gedefinieerd met het kenmerk 'alleen overschrijven'.

Beleidsnamen=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w)

Id van toepassing=55c92734-d682-4d71-983e-d6ec3f16059f

Id van SKU=199086aa-6cb8-4e5b-b698-f2be56f1e8ee

Record Number: 540

Source Name: Microsoft-Windows-Security-Licensing-SLC

Time Written: 20081111045421.000000-000

Event Type: Informatie

User:

Computer Name: WIN-8832VDIV95L

Event Code: 1013

Message: De Windows Search-service is normaal gestopt.

Record Number: 539

Source Name: Microsoft-Windows-Search

Time Written: 20081111045309.000000-000

Event Type: Informatie

User:

=====Security event log=====

Computer Name: PC_van_nick

Event Code: 5032

Message: De gebruiker heeft geen bericht ontvangen dat binnenkomende verbindingen via het netwerk niet door een toepassing kunnen worden geaccepteerd.

Foutcode: 2

Record Number: 16687

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091010105502.894399-000

Event Type: Controle mislukt

User:

Computer Name: PC_van_nick

Event Code: 5032

Message: De gebruiker heeft geen bericht ontvangen dat binnenkomende verbindingen via het netwerk niet door een toepassing kunnen worden geaccepteerd.

Foutcode: 2

Record Number: 16686

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091010105502.894399-000

Event Type: Controle mislukt

User:

Computer Name: PC_van_nick

Event Code: 5032

Message: De gebruiker heeft geen bericht ontvangen dat binnenkomende verbindingen via het netwerk niet door een toepassing kunnen worden geaccepteerd.

Foutcode: 2

Record Number: 16685

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091010105502.894399-000

Event Type: Controle mislukt

User:

Computer Name: PC_van_nick

Event Code: 5032

Message: De gebruiker heeft geen bericht ontvangen dat binnenkomende verbindingen via het netwerk niet door een toepassing kunnen worden geaccepteerd.

Foutcode: 2

Record Number: 16684

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091010105502.894399-000

Event Type: Controle mislukt

User:

Computer Name: PC_van_nick

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 16683

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091010105501.552799-000

Event Type: Controle geslaagd

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 124 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=7c02

"NUMBER_OF_PROCESSORS"=1

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

-----------------EOF-----------------

---------- Post toegevoegd om 12:04 ---------- Vorige post was om 12:03 ----------