Documenten door virus/malware verwijderd?

anoniem · 30 juni 2011

In mijn 'documents' map bevonden zich gister nog verschillende mappen met erg veel belangrijke bestanden. Nu had ik net een en ander nodig..blijkt bijna alles weg te zijn! Weet niet of het echt verwijderd is of op een of andere manier niet toegankelijk is of iets dergelijks. Door verborgen bestanden of mappen weer te geven kan ik het niet vinden in ieder geval. Omdat ik zelf denk aan een virus of malware ben ik nu Malwarebytes aan het runnen, weet nog niet wat daar uit komt, maar mocht dat programma iets vinden dan heb ik m'n bestanden nog niet terug neem ik aan. Als virusscanner gebruik ik AVG free edition 2011. Hoe krijg ik mijn bestanden weer terug?

anoniem · 3 juli 2011

Hallo Abraham54, Bedankt voor de hulp! Hijack This heb ik nog niet eerder gebruikt. Kan ik dat het best vanaf http://free.antivirus.com/hijackthis/ downloaden?

anoniem · 3 juli 2011

Sorry, hieronder de handleiding: [b:6580fd6850]Welk programma[/b:6580fd6850]: Trend Micro [b:6580fd6850]Hijack This Versie 2.0.4[/b:6580fd6850] [b:6580fd6850]Waarvoor/waarom[/b:6580fd6850]: maakt een duidelijk overzicht van Windows door middel van een scan. [b:6580fd6850]Moeilijkheidsgraad[/b:6580fd6850]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven. [b:6580fd6850]Download[/b:6580fd6850] de [url=http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi][b:6580fd6850]HijackThis Installer[/b:6580fd6850][/url] [b:6580fd6850]Installatie[/b:6580fd6850]: [list:6580fd6850][*:6580fd6850]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:6580fd6850] Gebruikers van [b:6580fd6850]Windows Vista[/b:6580fd6850] en [b:6580fd6850]Windows 7[/b:6580fd6850] gaan daarna naar de installatielokatie van HijackThis. [list:6580fd6850][*:6580fd6850]Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen. [*:6580fd6850]Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren". [*:6580fd6850]Als laatste wordt dan nog op [b:6580fd6850]Toepassen[/b:6580fd6850] en [b:6580fd6850]OK[/b:6580fd6850] geklikt[/list:u:6580fd6850] [b:6580fd6850]Hijack This gebruiken[/b:6580fd6850]: [list:6580fd6850][*:6580fd6850]Sluit eerst alle openstaande programma's en de webbrowsers. [*:6580fd6850]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile' [list:6580fd6850][*:6580fd6850]Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'[/list:u:6580fd6850] [*:6580fd6850]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'. [*:6580fd6850]Kopieer en plak de inhoud van het Hijack This-logfile in je aansluitende bericht. [*:6580fd6850]Hierna mag je Hijack This weer sluiten[/list:u:6580fd6850]

anoniem · 4 juli 2011

Hier de HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:14:07, on 4-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\realplayer\Update\realsched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-nl.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7343 bytes

anoniem · 4 juli 2011

Hoi Burdy op een kleinigheidje na, ziet het log er prima uit. Ook is Avast goed geïnstalleerd. Doe nu het volgende: Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:2563ef78a3]Fix checked[/b:2563ef78a3] klikt! Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop [b:2563ef78a3]Do a Scan only, O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)[/b:2563ef78a3] [list:2563ef78a3][*:2563ef78a3] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:2563ef78a3] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:2563ef78a3]Fix checked[/b:2563ef78a3] [*:2563ef78a3] Klik hierna HijackThis op uit.[/list:u:2563ef78a3] Vertel hoe jouw Windows nu draait en ben je tevreden met Avast?

anoniem · 4 juli 2011

Oke dat is gelukt. Windows start veel sneller op en Avast lijkt ook prima te werken. Kan ik nog meer doen?

anoniem · 4 juli 2011

Indien jij in Windows geen problemen meer ondervindt, gaan we opruimen. ComboFix mag nu verwijderd worden: [list:c65b74065c][*:c65b74065c] ga daarvoor naar Start - Uitvoeren [*:c65b74065c] kopieer en plak hierin het volgende: [b:c65b74065c]Combofix /Uninstall[/b:c65b74065c] [*:c65b74065c] klik daarna op [b:c65b74065c]OK[/b:c65b74065c]. [*:c65b74065c] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:c65b74065c] Voorbeeld: [img:c65b74065c]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:c65b74065c] Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken. [i:c65b74065c]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:c65b74065c] Doe vervolgens dit: [b:c65b74065c]Welk programma[/b:c65b74065c]: TFC. [b:c65b74065c]Waarvoor/waarom[/b:c65b74065c]:grondige reiniging van Windows. [b:c65b74065c]Moeilijkheidsgraad[/b:c65b74065c]: geen. [b:c65b74065c]Download [url=http://oldtimer.geekstogo.com/TFC.exe][color=Blue:c65b74065c]TFC naar je bureaublad (klick)[/color:c65b74065c] [/b:c65b74065c][/url] [b:c65b74065c]TFC opstarten[/b:c65b74065c]: Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren". [list:c65b74065c][*:c65b74065c] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! [*:c65b74065c] Vervolgens klik je op de knop [b:c65b74065c]Start[/b:c65b74065c] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. [*:c65b74065c] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. [*:c65b74065c] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. [*:c65b74065c] Noot: TFC vertoont geen log![/list:u:c65b74065c] En daarna ook nog dit: een test, om te kijken hoe je huidige veiligheidssituatie is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:c65b74065c][color=darkblue:c65b74065c]Security Check[/color:c65b74065c][/b:c65b74065c] (klik)[/url]. [list:c65b74065c][*:c65b74065c] Klik/dubbelklik op [b:c65b74065c]SecurityCheck.exe[/b:c65b74065c] en let op de instrukties in het zwarte venster. [*:c65b74065c] Een Kladblok document genaamd [b:c65b74065c]checkup.txt[/b:c65b74065c] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:c65b74065c] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:c65b74065c] Post de inhoud van [b:c65b74065c]checkup.txt [/b:c65b74065c]in je volgende post.

anoniem · 4 juli 2011

Resultaat van de Checkup: Results of screen317's Security Check version 0.99.17 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 [b:e42c94bdcb]`````````````````````````````` [u:e42c94bdcb]Antivirus/Firewall Check:[/u:e42c94bdcb][/b:e42c94bdcb] avast! Free Antivirus ESET Online Scanner v3 [size=1:e42c94bdcb]WMI entry may not exist for antivirus; attempting automatic update.[/size:e42c94bdcb] [b:e42c94bdcb]``````````````````````````````` [u:e42c94bdcb]Anti-malware/Other Utilities Check:[/u:e42c94bdcb][/b:e42c94bdcb] Java(TM) 6 Update 26 Adobe Flash Player 10.3.181.34 Mozilla Firefox (x86 nl..) [b:e42c94bdcb]```````````````````````````````` Process Check: [u:e42c94bdcb]objlist.exe by Laurent[/u:e42c94bdcb][/b:e42c94bdcb] system32 AvastSvc.exe -?- AVAST Software Avast AvastUI.exe [b:e42c94bdcb]``````````End of Log````````````[/b:e42c94bdcb]

anoniem · 4 juli 2011

Weet niet waar dat Internet Explorer 8 op slaat, maar ik gebruik IE 9.

anoniem · 4 juli 2011

Hoi Burdy, dat het tool nog steeds niet IE9 herkent, snap ik ook niet! Welke versie Firefox gebruik jij?

anoniem · 4 juli 2011

Nadat die ESET test niet werkte alles met IE uitgevoerd. Firefox 5.0 heb een paar dagen terug de nieuwste versie gedownload. M'n webmail werkte niet met IE 9 dus een tijd terug FF ook maar geinstalleerd.

anoniem · 4 juli 2011

Welke webmail gebruik jij dan?

anoniem · 4 juli 2011

https://webmail.rug.nl/ het addressbook blijft bij het laden steken op 63% en daarna kom je dus niet bij je mail.

anoniem · 4 juli 2011

Het ligt nog iets anders zie ik net..bij het laden in FF. Er worden verschillende dingen geladen waaronder user theme , mail, e.d. en dan blijf hij dus bij IE 9 hangen bij addressbook en dat was niet zo bij de eerdere versie van IE.

anoniem · 4 juli 2011

Doe het volgende: Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] (gemaakt door Atribune) Dit is een krachtige reiniger! Belangrijk: Sluit al je browservensters (IE en/of Firefox en/of Opera) om ATF cleaner goed te kunnen laten werken. [list:15d4437dc9][*:15d4437dc9] Dubbelklik op ATF cleaner om het programma te starten. [*:15d4437dc9] Windows Vista en Windows 7 gebruikers starten ATF-Cleaner met administratorrechten. [*:15d4437dc9] Op het tabblad Main, plaats je een vinkje bij Select All. [*:15d4437dc9] Klik op de knop Empty Selected.[/list:u:15d4437dc9] [color=Blue:15d4437dc9]XP en Windows 7 gebruikers halen hierna het vinkje weer weg bij Prefetch, want bijv. zal het opstarten van XP daarna een tijd langzamer gaan![/color:15d4437dc9] Het volgende doen als je ook FireFox als browser hebt: [list:15d4437dc9][*:15d4437dc9] Klik op tabblad Firefox, plaats een vinkje bij Select All. [*:15d4437dc9] Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. (dit haalt het vinkje weer weg bij Firefox saved passwords) [*:15d4437dc9] Klik op de knop Empty Selected.[/list:u:15d4437dc9] Het volgende doen als je ook Opera als browser hebt: [list:15d4437dc9][*:15d4437dc9] Klik op tabblad Opera, plaats een vinkje bij Select All. [*:15d4437dc9] Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. [*:15d4437dc9] Klik op de knop Empty Selected.[/list:u:15d4437dc9] Ga vervolgens naar het tabblad Main en klik op de knop Exit om het programma af te sluiten. Laat weten of het geholpen heeft.

anoniem · 4 juli 2011

Wat bedoel je met geholpen? Of de bestanden terug zijn? Want die zijn nog steeds weg..

anoniem · 4 juli 2011

Hoi Burdy, jij bent een mooie hoor. Je schrijft: "Of de bestanden terug zijn? Want die zijn nog steeds weg.." Eerder schreef ik: "Indien jij in Windows geen problemen meer ondervindt, gaan we opruimen." Ergo: graag wat mededeelzamer zijn!" Doe het volgende: [b:2bb37eb6a3]Welk programma[/b:2bb37eb6a3]: RSIT [b:2bb37eb6a3]Waarvoor/waarom[/b:2bb37eb6a3]: geeft een zeer uitgebreid overzicht van Windows [b:2bb37eb6a3]Moeilijkheidsgraad[/b:2bb37eb6a3]: geen [b:2bb37eb6a3]Downloadlokatie[/b:2bb37eb6a3]: Dit programma absoluut naar het bureaublad downloaden! [b:2bb37eb6a3]Download RSIT[/b:2bb37eb6a3] [url=http://images.malwareremoval.com/random/RSIT.exe][b:2bb37eb6a3]hier[/b:2bb37eb6a3][/url] [b:2bb37eb6a3]Het gebruik van RSIT,[/b:2bb37eb6a3] [list:2bb37eb6a3][*:2bb37eb6a3]Windows 2000 en Windows XP: start RSIT middels dubbelklik op de snelkoppeling. [*:2bb37eb6a3]Windows Vista en Windows 7: start RSIT middels rechtsklik op de snelkoppeling en kies dan voor "Uitvoeren als administrator".[/list:u:2bb37eb6a3] [b:2bb37eb6a3]Nadat de scan beëindigd is, zullen twee logs openen.[/b:2bb37eb6a3] [list:2bb37eb6a3][*:2bb37eb6a3]'log.txt' zal gemaximaliseerd zijn en 'info.txt' geminimaliseert. [*:2bb37eb6a3] Post vervolgens de inhoud van "Log.txt" en 'info.txt' [*:2bb37eb6a3] Indien je [b:2bb37eb6a3]info.txt[/b:2bb37eb6a3] niet vindt, kijk dan in C:\RSIT er naar.[/list:u:2bb37eb6a3] RSIT produceert een behoorlijk groot log, dus kan het gebeuren, dat je het log moet splitsen en in twee of meerdere keren moet posten.

anoniem · 4 juli 2011

Dan heb ik het verkeerd begrepen..windows draait zoals ik al zei beter, de bestanden zijn alleen nog steeds weg, zag dat niet als onderdeel van windows.

anoniem · 4 juli 2011

De map Mijn documementen is een standaard onderdeel van Windows. En doe ook het volgende: start MBAM, klik op de tab Logbestanden en post dan de inhoud van het laatste log.

anoniem · 4 juli 2011

Logfile of random's system information tool 1.08 (written by random/random) Run by Pieter at 2011-07-04 16:39:39 Microsoft® Windows Vista™ Home Basic Service Pack 2 System drive C: has 38 GB (54%) free of 71 GB Total RAM: 1278 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:39:47, on 4-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\realplayer\Update\realsched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Users\Pieter\Desktop\RSIT.exe C:\Program Files\trend micro\Pieter.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-nl.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7250 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-22 386264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-03 13556256] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-03 92704] "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920] "TkBellExe"=c:\program files\real\realplayer\Update\realsched.exe [2011-06-22 273544] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2010-11-10 4240760] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2008-11-09 102400] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2011-07-04 16:39:39 ----D---- C:\rsit 2011-07-04 10:09:40 ----D---- C:\Program Files\Trend Micro 2011-07-03 19:10:31 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys 2011-07-03 19:10:30 ----A---- C:\Windows\system32\drivers\aswSP.sys 2011-07-03 19:10:26 ----A---- C:\Windows\system32\drivers\aswRdr.sys 2011-07-03 19:10:25 ----A---- C:\Windows\system32\drivers\aswTdi.sys 2011-07-03 19:10:25 ----A---- C:\Windows\system32\drivers\aswSnx.sys 2011-07-03 19:10:23 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys 2011-07-03 19:09:43 ----A---- C:\Windows\system32\aswBoot.exe 2011-07-03 19:09:10 ----D---- C:\ProgramData\AVAST Software 2011-07-03 19:09:10 ----D---- C:\Program Files\AVAST Software 2011-07-01 22:05:58 ----D---- C:\Windows\temp 2011-06-30 21:29:36 ----D---- C:\Program Files\ESET 2011-06-30 20:40:46 ----A---- C:\ComboFix.txt 2011-06-30 20:38:17 ----SHD---- C:\$RECYCLE.BIN 2011-06-30 16:59:57 ----SD---- C:\32788R22FWJFW 2011-06-30 16:59:14 ----D---- C:\Windows\ERDNT 2011-06-30 13:40:59 ----D---- C:\Users\Pieter\AppData\Roaming\Malwarebytes 2011-06-30 13:40:27 ----D---- C:\ProgramData\Malwarebytes 2011-06-29 09:17:28 ----A---- C:\Windows\system32\schannel.dll 2011-06-28 23:42:47 ----D---- C:\ProgramData\TorrentEasy 2011-06-22 10:57:00 ----D---- C:\Program Files\Common Files\xing shared 2011-06-18 11:55:25 ----D---- C:\Program Files\Common Files\Adobe 2011-06-17 01:36:04 ----A---- C:\Windows\system32\mshtmled.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\jscript9.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\jscript.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\ieui.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\iertutil.dll 2011-06-17 01:36:01 ----A---- C:\Windows\system32\mshtml.dll 2011-06-17 01:36:00 ----A---- C:\Windows\system32\urlmon.dll 2011-06-17 01:36:00 ----A---- C:\Windows\system32\ieframe.dll 2011-06-16 18:09:31 ----A---- C:\Windows\system32\drivers\dfsc.sys 2011-06-16 18:09:26 ----A---- C:\Windows\system32\drivers\afd.sys 2011-06-16 18:09:24 ----A---- C:\Windows\system32\drivers\srvnet.sys 2011-06-16 18:09:24 ----A---- C:\Windows\system32\drivers\srv2.sys 2011-06-16 18:09:22 ----A---- C:\Windows\system32\oleaut32.dll 2011-06-16 18:09:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2011-06-16 18:09:14 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys 2011-06-16 18:09:14 ----A---- C:\Windows\system32\drivers\mrxsmb.sys 2011-06-16 18:09:12 ----A---- C:\Windows\system32\inetcomm.dll 2011-06-07 22:01:23 ----D---- C:\Program Files\Common Files\Java 2011-06-07 22:00:05 ----A---- C:\Windows\system32\javaws.exe 2011-06-07 22:00:05 ----A---- C:\Windows\system32\javaw.exe 2011-06-07 22:00:05 ----A---- C:\Windows\system32\java.exe ======List of files/folders modified in the last 1 months====== 2011-07-04 16:39:47 ----D---- C:\Windows\Prefetch 2011-07-04 14:32:22 ----D---- C:\Windows\system32\WDI 2011-07-04 13:46:59 ----D---- C:\Windows 2011-07-04 13:39:49 ----D---- C:\Windows\system32\drivers 2011-07-04 13:23:01 ----D---- C:\Users\Pieter\AppData\Roaming\fotofabriek Publisher 2011-07-04 10:09:43 ----SHD---- C:\Windows\Installer 2011-07-04 10:09:42 ----SD---- C:\Users\Pieter\AppData\Roaming\Microsoft 2011-07-04 10:09:40 ----RD---- C:\Program Files 2011-07-04 10:09:12 ----SHD---- C:\System Volume Information 2011-07-03 19:09:43 ----D---- C:\Windows\System32 2011-07-03 19:09:10 ----D---- C:\ProgramData 2011-07-02 13:44:36 ----SD---- C:\Windows\Downloaded Program Files 2011-06-30 20:35:56 ----A---- C:\Windows\system.ini 2011-06-30 20:31:25 ----D---- C:\Windows\AppPatch 2011-06-30 20:31:23 ----D---- C:\Program Files\Common Files 2011-06-30 19:58:26 ----D---- C:\Windows\system32\catroot 2011-06-30 19:56:43 ----D---- C:\Windows\winsxs 2011-06-30 19:56:29 ----D---- C:\ProgramData\Lavasoft 2011-06-30 19:56:27 ----DC---- C:\Windows\system32\DRVSTORE 2011-06-30 19:48:56 ----D---- C:\Windows\system32\Tasks 2011-06-30 19:48:27 ----D---- C:\Windows\Minidump 2011-06-30 17:49:11 ----D---- C:\Windows\Microsoft.NET 2011-06-30 17:49:10 ----RSD---- C:\Windows\assembly 2011-06-30 17:14:54 ----D---- C:\Windows\system32\drivers\etc 2011-06-30 14:04:03 ----HDC---- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2011-06-30 13:31:57 ----D---- C:\Program Files\Mozilla Firefox 2011-06-30 12:58:37 ----D---- C:\Program Files\Microsoft Office 2011-06-30 12:48:52 ----D---- C:\Users\Pieter\AppData\Roaming\BitTorrent 2011-06-30 08:17:20 ----RSD---- C:\Windows\Fonts 2011-06-29 22:00:35 ----D---- C:\Windows\system32\catroot2 2011-06-28 22:09:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-06-28 22:09:26 ----D---- C:\Windows\inf 2011-06-26 19:44:26 ----D---- C:\Windows\Tasks 2011-06-23 23:07:23 ----D---- C:\Windows\Debug 2011-06-22 10:57:08 ----D---- C:\Program Files\Real 2011-06-22 10:55:21 ----A---- C:\Windows\system32\rmoc3260.dll 2011-06-22 10:53:21 ----A---- C:\Windows\system32\pndx5032.dll 2011-06-22 10:53:21 ----A---- C:\Windows\system32\pndx5016.dll 2011-06-22 10:53:07 ----A---- C:\Windows\system32\pncrt.dll 2011-06-22 10:52:37 ----A---- C:\Windows\system32\msvcr71.dll 2011-06-22 10:52:36 ----A---- C:\Windows\system32\msvcp71.dll 2011-06-18 15:44:52 ----D---- C:\ProgramData\fotofabriek Publisher 2011-06-18 11:56:51 ----D---- C:\ProgramData\Adobe 2011-06-18 11:55:25 ----D---- C:\Program Files\Adobe 2011-06-17 04:46:41 ----D---- C:\Program Files\Internet Explorer 2011-06-17 01:47:09 ----D---- C:\ProgramData\Microsoft Help 2011-06-17 01:42:21 ----A---- C:\Windows\system32\mrt.exe 2011-06-17 01:37:36 ----D---- C:\Program Files\Microsoft Silverlight 2011-06-17 01:34:02 ----D---- C:\Program Files\Windows Mail 2011-06-07 21:59:24 ----D---- C:\Program Files\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 25432] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 441176] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 307928] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 49240] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-30 743424] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256] R3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648] R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-12-03 1040544] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-03 7606688] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-11-09 192816] R3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336] S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [] S3 catchme;catchme; \??\C:\Users\Pieter\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 FNETTBOH;FNETTBOH; C:\Windows\System32\drivers\FNETTBOH.SYS [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-06-21 101376] S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984] S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888] S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456] S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264] S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952] S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344] S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-03 203296] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-14 135664] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-14 135664] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF-----------------

anoniem · 4 juli 2011

info.txt logfile of random's system information tool 1.08 2011-07-04 16:39:52 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Acer Crystal Eye-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0009 -removeonly Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain plugin Adobe Reader X (10.1.0) - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA1000000001} Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Distance 4.0-->C:\PROGRA~1\DISTAN~1\UNWISE.EXE C:\PROGRA~1\DISTAN~1\INSTALL.LOG EAP-->MsiExec.exe /I{3DC02D18-95A9-40BB-923D-BEE2149385BF} Easy FLV Player 2.0-->"C:\Program Files\Easy FLV Player\unins000.exe" erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564} ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ExtractNow-->"C:\Program Files\ExtractNow\unins000.exe" FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe focus booster-->msiexec /qb /x {06ED8674-1191-5DF4-88E9-5732C927ADF7} focus booster-->MsiExec.exe /I{06ED8674-1191-5DF4-88E9-5732C927ADF7} fotofabriek Publisher 2.9.1-->"C:\Program Files\FotoFabriek\unins000.exe" Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} K-Lite Codec Pack 4.3.4 (Basic)-->"D:\Programma's\K-Lite Codec Pack\unins000.exe" Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0013 -removeonly Media Player Codec Pack 3.3.1-->C:\Windows\system32\C2MP\Uninst.exe Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07} Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE} Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Mozilla Firefox 5.0 (x86 nl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Nero 7 Essentials-->MsiExec.exe /X{BCB002B8-493D-4C3F-A968-774FC0881043} NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0 RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0} Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1} Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062} Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA} Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Smart PDF Creator 4.2.3.302-->"D:\Smart PDF Creator\unins000.exe" Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP Toetsing en Ontwerp VERbindingszones-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7AFF705-7063-11D5-8C55-005004540646}\Setup.exe" -l0x9 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4} Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC} Update for Outlook 2007 Junk Email Filter (KB2536413)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {95DF5260-331D-4FFD-A2D5-C64164751945} Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA} Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5} Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" What'sBest!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF411993-A3BA-48D1-A095-6FE9428E714C}\setup.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C} Windows Live Messenger-->MsiExec.exe /X{6A563426-3474-41C6-B847-42B39F1485B2} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92} Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA} Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{CD19EDD9-1632-4002-9212-7478E4BA0423} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218} Windows Live Writer-->MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Write-N-Cite-->C:\PROGRA~1\Refworks\UNWISE.EXE C:\PROGRA~1\Refworks\INSTALL.LOG ZIP Reader 8.00.0018-->MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD} ======Security center information====== AS: Windows Defender =====Application event log===== Computer Name: PC_van_Pieter Event Code: 1531 Message: De User Profile-service is gestart. Record Number: 4288 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090110213543.000000-000 Event Type: Informatie User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Pieter Event Code: 900 Message: De Software Licensing-service wordt gestart. Record Number: 4287 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090110213543.000000-000 Event Type: Informatie User: Computer Name: PC_van_Pieter Event Code: 2 Message: Client van Certificate Services is gestopt. Record Number: 4286 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090110191224.123000-000 Event Type: Informatie User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Pieter Event Code: 1530 Message: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1792423158-1950490446-230869030-1000_Classes: Process 956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1792423158-1950490446-230869030-1000_CLASSES Record Number: 4285 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090110191216.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Pieter Event Code: 1530 Message: Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-1792423158-1950490446-230869030-1000: Process 956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1792423158-1950490446-230869030-1000 Process 3176 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1792423158-1950490446-230869030-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner Process 3176 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1792423158-1950490446-230869030-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner Process 3176 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1792423158-1950490446-230869030-1000\Software\Ahead\Nero Home\MediaLibrary Process 3176 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1792423158-1950490446-230869030-1000\Software\Ahead\Nero Home\MediaLibrary Process 3176 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1792423158-1950490446-230869030-1000\Software\Ahead\Nero Home\MediaLibrary Record Number: 4284 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090110191216.000000-000 Event Type: Waarschuwing User: NT AUTHORITY\SYSTEEM =====Security event log===== Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 114655 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110426234413.606493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 114654 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110426234413.426493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 114653 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110426234410.115493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 114652 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110426234409.554493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 114651 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110426234404.152493-000 Event Type: Controle mislukt User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=6801 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF-----------------

Documenten door virus/malware verwijderd?

Vraag

Link naar reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

99 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics