Ga naar inhoud

security center


krid strea

Aanbevolen berichten

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Laat ons dan een omwegje proberen om je log te kunnen plaatsen :

Download RSIT.

Sla het op je Bureaublad op.

Dubbelklik op RSIT om het te starten.

Klik op Continue in het disclaimer venster.

Zodra de scan beëindigd is, zullen twee logs openen. Post de inhoud van log.txt (zal gemaximaliseerd zijn) en info.txt (zal geminimaliseerd zijn) in je volgende antwoord.

Link naar reactie
Delen op andere sites

Voor Kurtt of webmaster

Logfile of random's system information tool 1.08 (written by random/random)

Run by dirk at 2011-04-27 15:37:32

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 321 GB (72%) free of 446 GB

Total RAM: 3069 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:37:47, on 27/04/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Verdiem\Edison\Edison.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Gast\Downloads\RSIT.exe

C:\Program Files\trend micro\dirk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1446336886-1062152450-4152672085-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1446336886-1062152450-4152672085-1000\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-1446336886-1062152450-4152672085-501\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Gast')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - https://site03.remoteoffice.citigroup.com/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

--

End of file - 8323 bytes

======Scheduled tasks folder======

C:\Windows\tasks\EasyShare Registration Task.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\JkDefrag.job

C:\Windows\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2007-06-27 439512]

"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2007-06-27 215256]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-14 81920]

"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]

"Edison"=C:\Program Files\Verdiem\Edison\Edison.exe [2008-10-24 1799424]

"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2011-03-15 2071904]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-09 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

C:\Program Files\GoogleEULA\EULALauncher.exe [2007-02-09 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]

C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [2007-10-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2010-01-27 323584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-04-27 15:37:32 ----D---- C:\rsit

2011-04-26 09:16:29 ----D---- C:\Program Files\Trend Micro

2011-04-20 21:07:03 ----D---- C:\0d087d704fc93428a58a1aad51df

2011-04-15 12:57:50 ----A---- C:\Windows\system32\atmfd.dll

2011-04-15 12:57:49 ----A---- C:\Windows\system32\atmlib.dll

2011-04-15 12:57:48 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys

2011-04-15 12:57:48 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys

2011-04-15 12:57:48 ----A---- C:\Windows\system32\drivers\mrxsmb.sys

2011-04-15 12:57:48 ----A---- C:\Windows\system32\drivers\bowser.sys

2011-04-15 12:57:46 ----A---- C:\Windows\system32\mfc42u.dll

2011-04-15 12:57:46 ----A---- C:\Windows\system32\mfc42.dll

2011-04-15 12:57:45 ----A---- C:\Windows\system32\drivers\srv.sys

2011-04-15 12:57:44 ----A---- C:\Windows\system32\drivers\srvnet.sys

2011-04-15 12:57:44 ----A---- C:\Windows\system32\drivers\srv2.sys

2011-04-15 12:57:43 ----A---- C:\Windows\system32\dnsrslvr.dll

2011-04-15 12:57:43 ----A---- C:\Windows\system32\dnscacheugc.exe

2011-04-15 12:57:43 ----A---- C:\Windows\system32\dnsapi.dll

2011-04-15 12:57:38 ----A---- C:\Windows\system32\urlmon.dll

2011-04-15 12:57:38 ----A---- C:\Windows\system32\mshtmled.dll

2011-04-15 12:57:38 ----A---- C:\Windows\system32\mshtml.dll

2011-04-15 12:57:37 ----A---- C:\Windows\system32\wininet.dll

2011-04-15 12:57:37 ----A---- C:\Windows\system32\mstime.dll

2011-04-15 12:57:37 ----A---- C:\Windows\system32\ieframe.dll

2011-04-15 12:57:36 ----A---- C:\Windows\system32\msfeeds.dll

2011-04-15 12:57:36 ----A---- C:\Windows\system32\iepeers.dll

2011-04-15 12:57:36 ----A---- C:\Windows\system32\ieencode.dll

2011-04-15 12:57:36 ----A---- C:\Windows\system32\ieapfltr.dll

2011-04-15 12:57:32 ----A---- C:\Windows\system32\win32k.sys

2011-04-15 12:57:31 ----A---- C:\Windows\system32\vbscript.dll

2011-04-15 12:57:31 ----A---- C:\Windows\system32\jscript.dll

2011-04-15 12:57:31 ----A---- C:\Windows\system32\inetcomm.dll

2011-04-12 15:43:36 ----D---- C:\Program Files\WhatsRunning

======List of files/folders modified in the last 1 months======

2011-04-27 15:37:45 ----D---- C:\Windows\Prefetch

2011-04-27 15:37:36 ----D---- C:\Windows\Temp

2011-04-27 14:52:12 ----SHD---- C:\System Volume Information

2011-04-27 13:45:17 ----D---- C:\Windows\system32\drivers\Avg

2011-04-27 09:42:21 ----D---- C:\Windows\System32

2011-04-27 09:42:21 ----D---- C:\Windows\inf

2011-04-27 09:42:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2011-04-27 09:36:47 ----D---- C:\Windows\system32\Tasks

2011-04-26 09:16:29 ----SHD---- C:\Windows\Installer

2011-04-26 09:16:29 ----RD---- C:\Program Files

2011-04-25 14:03:02 ----HD---- C:\ProgramData

2011-04-23 09:42:28 ----D---- C:\Windows\system32\catroot2

2011-04-22 09:41:28 ----D---- C:\Program Files\Microsoft Silverlight

2011-04-20 21:07:05 ----A---- C:\Windows\system32\mrt.exe

2011-04-16 11:19:37 ----D---- C:\Program Files\TweakNow WinSecret

2011-04-16 11:11:20 ----SD---- C:\ProgramData\Microsoft

2011-04-15 18:36:17 ----D---- C:\Windows\Microsoft.NET

2011-04-15 18:35:59 ----RSD---- C:\Windows\assembly

2011-04-15 18:34:22 ----D---- C:\Windows\winsxs

2011-04-15 18:24:15 ----D---- C:\Windows\system32\catroot

2011-04-15 18:21:25 ----D---- C:\Windows\system32\drivers

2011-04-15 18:21:24 ----D---- C:\Program Files\Windows Mail

2011-04-12 16:16:51 ----D---- C:\Program Files\Vistumbler

2011-04-11 13:15:28 ----D---- C:\Windows\Tasks

2011-03-30 18:01:04 ----D---- C:\Program Files\Windows Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-10-09 306200]

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]

R0 PCGenFAM;PCGenFAM; C:\Windows\system32\DRIVERS\PCGenFAM.sys [2010-09-22 183240]

R1 a00a6aa2-1398-447e-b8d8-9bc1ea73aa86;a00a6aa2-1398-447e-b8d8-9bc1ea73aa86; \??\C:\Windows\iprot\a00a6aa2-1398-447e-b8d8-9bc1ea73aa86\PhysMem.sys [2009-01-20 3584]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-04 29584]

R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020; \??\C:\Windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [2010-05-31 3584]

R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]

R3 3xHybrid;Philips SAA713x PCI Card; C:\Windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-06-19 229248]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-14 2016920]

R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2007-10-30 5632]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-14 8244320]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2005-11-28 7040]

R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver-service; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]

S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 hitmanpro3;Hitman Pro 3 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro3.sys []

S3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter; C:\Windows\system32\DRIVERS\iansw60.sys [2007-05-22 100240]

S3 iANSProtocol;Intel® Advanced Network Services Protocol; C:\Windows\system32\DRIVERS\iansw60.sys [2007-05-22 100240]

S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2007-06-27 14552]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2007-06-27 223448]

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]

R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]

R2 edsvc;Edison Power Management Service; C:\Program Files\Verdiem\Edison\edsvc.exe [2008-10-24 75008]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-09 358936]

R2 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2007-06-27 59096]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-21 2146496]

R2 M1 Server;Intel® Viiv Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2007-06-27 268504]

R2 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2007-06-27 157912]

R2 NMSCore;Intel® NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]

R2 QualityManager;Intel® Quality Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]

R2 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2007-06-27 446680]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]

R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2010-09-22 330784]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-10-19 290909]

R2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2007-10-19 114779]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]

S3 DHTRACE;Intel® DHTrace Controller; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]

S3 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-24 136176]

S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]

S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]

S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-15 382248]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]

S4 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]

-info.txt logfile of random's system information tool 1.08 2011-04-27 15:37:51

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->"C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin

Adobe Reader 9.4.2 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A94000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}

Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}

Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}

ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13 -1AlbumPage

ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13 -1Funhouse

ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13 -1GreetingCard

ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13 -1PhotoBook

ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13 -1Calendar

ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13 -1ScrapBook

ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13 -1Slimline

ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x13

AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL

Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

Cd 2 van Microsoft Office 2000-->MsiExec.exe /I{00040413-78E1-11D2-B60F-006097C998E7}

CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"

CodeStuff Starter-->"C:\Program Files\CodeStuff\Starter\unStarter.exe"

Compatibiliteitspakket voor het 2007 Microsoft Office system-->MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}

Corel WordPerfect Office - iFilter-->MsiExec.exe /X{1DF03ECE-6AF4-414E-B118-C316F151A9A2}

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Edison-->MsiExec.exe /X{9542A589-9E34-4D25-BBED-E4AFA039AF56}

ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}

ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}

ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

Google Earth Plug-in-->MsiExec.exe /X{05AB8EF0-F783-11DF-83AC-001279CD8240}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Identity Finder-->MsiExec.exe /I{27D8D00F-0DC2-4E8C-8EA2-AB5547197071}

Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe

Intel® PRO Network Connections 12.2.41.0-->MsiExec.exe /i{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85} ARPREMOVE=1

Intel® PRO Network Connections 12.2.41.0-->MsiExec.exe /i{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85} ARPREMOVE=1

Intel® Viiv™ software-->MsiExec.exe /X{A7472CEE-6E85-4D43-9C71-BDFC0D471F70} /qb!

iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}

Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Kodak EasyShare-software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_2a34a7\Setup.exe /APR-REMOVE

MakeDisc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\Setup.exe" -uninstall

MCE Software Encoder 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall

MediaShow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\Setup.exe" -uninstall

Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Automated Troubleshooting Services Shim-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb"

Microsoft Fix it Center-->MsiExec.exe /X{B7588D45-AFDC-4C93-9E2E-A100F3554B64}

Microsoft Office 2000 Professional-->MsiExec.exe /I{00010413-78E1-11D2-B60F-006097C998E7}

Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}

Microsoft Office PowerPoint Viewer 2007 (Dutch)-->MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Works-->MsiExec.exe /I{5158F1F5-FA1B-4D49-B546-55A5004B89BD}

Mozilla Firefox 4.0 (x86 nl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nero 8 Essentials-->MsiExec.exe /X{5BB977A4-E843-4E31-9859-745F442B1043}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

OpenOffice.org 3.2-->MsiExec.exe /I{9C43D327-EC1E-4FCC-8F40-D4ACCCCA0BF6}

PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

PIXresizer 2.0.4-->"C:\Program Files\PIXresizer\unins000.exe"

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Recuva-->"C:\Program Files\Recuva\uninst.exe"

Remote Wonder Series Driver and Control Panel-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

RidNacs 2.0.3-->"C:\Program Files\RidNacs\unins000.exe"

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}

SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}

SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}

Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"

Soluto-->MsiExec.exe /X{8109E5E7-A23D-4B67-A26D-7DAC358D46A2}

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000004}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP

TV Enhance-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4C891D6-6844-41B8-86E8-633CACCC644F}\Setup.exe" -uninstall

TweakNow WinSecret Professional-->"C:\Program Files\TweakNow WinSecret\unins000.exe"

Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x9

Undelete 360-->"C:\Program Files\File Recovery\undelete360\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}

Windows Live Messenger-->MsiExec.exe /X{6A563426-3474-41C6-B847-42B39F1485B2}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}

Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

Wise Registry Cleaner Free 5.11-->"C:\Program Files\Wise Registry Cleaner\unins000.exe"

WordPerfect Office X4 - MAIL-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}

Youtube Video Downloader 3.19-->"C:\Program Files\DownloadToolz\Youtube Video Downloader\unins000.exe"

======Hosts File======

127.0.0.1 007guard.com - 007guard and Free Antivirus

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 008k.com

127.0.0.1 008k.com

127.0.0.1 00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

AS: AVG Anti-Virus Free (disabled)

AS: Lavasoft Ad-Watch Live! (disabled)

AS: Windows Defender

======System event log======

Computer Name: PC_van_dirk

Event Code: 4372

Message: De status van pakket KB905866(Update) wordt ingesteld op Tijdelijk opslaan(Staging)

Record Number: 277793

Source Name: Microsoft-Windows-Servicing

Time Written: 20101110191500.000000-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEEM

Computer Name: PC_van_dirk

Event Code: 4372

Message: De status van pakket KB905866(Update) wordt ingesteld op Tijdelijk opslaan(Staging)

Record Number: 277792

Source Name: Microsoft-Windows-Servicing

Time Written: 20101110191500.000000-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEEM

Computer Name: PC_van_dirk

Event Code: 4372

Message: De status van pakket KB905866(Update) wordt ingesteld op Opgelost(Resolved)

Record Number: 277791

Source Name: Microsoft-Windows-Servicing

Time Written: 20101110191500.000000-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEEM

Computer Name: PC_van_dirk

Event Code: 18

Message: Gereed voor installatie: de volgende updates zijn gedownload en gereed voor installatie. De installatie van deze updates is gepland op ?donderdag ?11 ?november ?2010 om 18:00:

- KB890830: Windows-programma voor het verwijderen van schadelijke software - november 2010

- KB2413381: Beveiligingsupdate voor Microsoft Office PowerPoint Viewer 2007 uur

Record Number: 277790

Source Name: Microsoft-Windows-WindowsUpdateClient

Time Written: 20101110191457.880000-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEEM

Computer Name: PC_van_dirk

Event Code: 18

Message: Gereed voor installatie: de volgende updates zijn gedownload en gereed voor installatie. De installatie van deze updates is gepland op ?donderdag ?11 ?november ?2010 om 18:00:

- KB890830: Windows-programma voor het verwijderen van schadelijke software - november 2010 uur

Record Number: 277789

Source Name: Microsoft-Windows-WindowsUpdateClient

Time Written: 20101110191457.880000-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEEM

=====Application event log=====

Computer Name: PC_van_dirk

Event Code: 1

Message: De Windows Security Center-service is gestart.

Record Number: 31935

Source Name: SecurityCenter

Time Written: 20090914075904.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_dirk

Event Code: 7500

Message: Intel RAID-controller: Onbekende controller

Aantal seriële ATA-poorten: 6

Versie RAID Option ROM: Onbekend

Stuurprogrammaversie: 7.6.3.1004

Versie RAID-module: 7.6.3.1004

Versie taalresources van RAID-module: Bestand niet gevonden

Versie van wizard Volume maken: 7.6.3.1004

Versie taalresources voor wizard Volume maken: Bestand niet gevonden

Versie van wizard Volume maken op basis van bestaande harde schijf: 7.6.3.1004

Versie taalresources voor wizard Volume maken op basis van bestaande harde schijf: Bestand niet gevonden

Versie van wizard Volume wijzigen: 7.6.3.1004

Versie taalresources voor wizard Volume wijzigen: Bestand niet gevonden

Versie van wizard Volume verwijderen: 7.6.3.1004

Versie taalresources voor wizard Volume verwijderen: Bestand niet gevonden

ISDI-bibliotheekversie: 7.6.3.1004

Versie hulpmiddel voor gebruikersmeldingen van controleprogramma voor gebeurtenissen: 7.6.3.1004

Versie taalresources voor hulpmiddel voor gebruikersmeldingen van controleprogramma voor gebeurtenissen: Bestand niet gevonden

Versie controleprogramma voor gebeurtenissen: 7.6.3.1004

Harde schijf 0

Gebruik: Onbekend gebruik harde schijf

Status: Normaal

Apparaatpoort: 0

Locatie apparaatpoort: Intern

Huidige SATA-overdrachtmodus: Generatie 2

Model: WDC WD5000AACS-00ZUB0

Serienummer: WD-WCASU0699226

Firmware: 01.01B01

Ondersteuning voor geïntegreerde opdrachtwachtrijen: Ja

Systeemschijf: Ja

Grootte: 465.7 GB

Grootte van fysieke sector: 512 bytes

Grootte van logische sector: 512 bytes

Niet gebruikte poort 0

Apparaatpoort: 2

Locatie apparaatpoort: Extern

Niet gebruikte poort 1

Apparaatpoort: 3

Locatie apparaatpoort: Extern

Niet gebruikte poort 2

Apparaatpoort: 4

Locatie apparaatpoort: Extern

Niet gebruikte poort 3

Apparaatpoort: 5

Locatie apparaatpoort: Extern

CD/DVD-station 0

Apparaatpoort: 1

Locatie apparaatpoort: Intern

Huidige SATA-overdrachtmodus: Generatie 1

Model: HL-DT-ST DVDRAM GH20NS10

Serienummer: K7L7CQE5152

Firmware: EL00

Record Number: 31934

Source Name: IAANTmon

Time Written: 20090914075704.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_dirk

Event Code: 0

Message:

Record Number: 31933

Source Name: M1 Server

Time Written: 20090914075703.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_dirk

Event Code: 1003

Message: De Windows Search-service is gestart.

Record Number: 31932

Source Name: Microsoft-Windows-Search

Time Written: 20090914075700.000000-000

Event Type: Informatie

User:

Computer Name: PC_van_dirk

Event Code: 0

Message:

Record Number: 31931

Source Name: ISSM

Time Written: 20090914075657.000000-000

Event Type: Informatie

User:

=====Security event log=====

Computer Name: PC_van_dirk

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 122937

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100728134154.008600-000

Event Type: Controle geslaagd

User:

Computer Name: PC_van_dirk

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: PC_VAN_DIRK$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x2f8

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 122936

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100728134154.008600-000

Event Type: Controle geslaagd

User:

Computer Name: PC_van_dirk

Event Code: 4648

Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: PC_VAN_DIRK$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:

Accountnaam: SYSTEEM

Accountdomein: NT AUTHORITY

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Doelserver:

Naam van doelserver: localhost

Aanvullende gegevens: localhost

Procesgegevens:

Proces-id: 0x2f8

Procesnaam: C:\Windows\System32\services.exe

Netwerkgegevens:

Netwerkadres: -

Poort: -

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.

Record Number: 122935

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100728134154.008600-000

Event Type: Controle geslaagd

User:

Computer Name: PC_van_dirk

Event Code: 5038

Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam: \Device\HarddiskVolume1\Program Files\BillP Studios\WinPatrol\patrolpro.dll

Record Number: 122934

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100728133405.261600-000

Event Type: Controle mislukt

User:

Computer Name: PC_van_dirk

Event Code: 5038

Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout.

Bestandsnaam: \Device\HarddiskVolume1\Program Files\BillP Studios\WinPatrol\patrolpro.dll

Record Number: 122933

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100728133405.178600-000

Event Type: Controle mislukt

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=4

"asl.log"=Destination=file

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

----------------EOF-----------------

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download HostsXpert

Unzip het programma naar je Bureaublad.

Open de map en dubbelklik op Hoster.exe

Klik op "Restore Microsofts Original Hosts File"

Klik op "OK" en sluit het programma.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

voor Kape

Het heeft wel een tijdje geduurd, maar hier is alvast de log van Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 6463

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

28/04/2011 16:23:08

mbam-log-2011-04-28 (16-23-08).txt

Scantype: Snelle scan

Objecten gescand: 199892

Verstreken tijd: 5 minuut/minuten, 42 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 1

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 4

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (File Type Info - File Extension Search) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\programdata\d2a19a2f-c985-4076-abc0-31c24ef67457.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\dirk\AppData\Local\Temp\wrk1E8E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\dirk\AppData\Local\Temp\wrk604E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\dirk\AppData\Local\Temp\ins2396.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

Wat bedoel je met "Heb je de host-file al opgeruimd"? Was dat die massa bestanden die ik manueel heb verwijderd? Ja dan.

Maar ik slaag er niet in de log van HijackThis door te sturen. Het lukt me niet met Ctrl+A en Ctrl+C en Ctrl+V. Ik vind ook "Uitvoeren als administrator" niet als ik rechts klik op het HijackThis-icoon. Ik werk met Vista en dan zou dat misschien de reden kunnen zijn dat het niet lukt?

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.