Documenten door virus/malware verwijderd?

[anoniem]

In mijn 'documents' map bevonden zich gister nog verschillende mappen met erg veel belangrijke bestanden. Nu had ik net een en ander nodig..blijkt bijna alles weg te zijn! Weet niet of het echt verwijderd is of op een of andere manier niet toegankelijk is of iets dergelijks. Door verborgen bestanden of mappen weer te geven kan ik het niet vinden in ieder geval. Omdat ik zelf denk aan een virus of malware ben ik nu Malwarebytes aan het runnen, weet nog niet wat daar uit komt, maar mocht dat programma iets vinden dan heb ik m'n bestanden nog niet terug neem ik aan. Als virusscanner gebruik ik AVG free edition 2011. Hoe krijg ik mijn bestanden weer terug?

[anoniem]

Hoi - heb jij toen jouw problemen begonnen een of ander popup scherm gekregen over betalen enz.? En dan die tweede partitie, de D-partitie dus, heb jij daar zelf nog bestanden op bewaard of gebruik jij die partitie niet?

[anoniem]

Volgens mij niet maar begin nu te twijfelen, maar dat komt vast doordat ik op gezocht heb wat de Trojan Fake alert doet. Gebruik de D-schijf hoofdzakelijk als opslag.

[anoniem]

Ik zit er namelijk over te denken om die jou die D-partitie middels Schijfbeheer te laten verwijderen. Dan moet daarna het opstarten normaal verlopen, zonder dat er ingrepen in het register worden gedaan en mogelijk ook dat daardoor je nu missende documenten ook weer boven water komen. Maar laten we nu eerst nog wat anders proberen: Download [b:4fc6cefe38][url=ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe]Dr.Web CureIt[/url][/b:4fc6cefe38] en plaats het op je bureaublad. [list:4fc6cefe38] [*:4fc6cefe38] Dubbelklik cureit.exe en sta het toe om de express scan te starten. Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten. [*:4fc6cefe38]De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. [list:4fc6cefe38][*:4fc6cefe38]Wanneer er iets gevonden wordt klik op '[b:4fc6cefe38]alles selecteren[/b:4fc6cefe38]' kies nu voor '[b:4fc6cefe38]repareren[/b:4fc6cefe38]' en uit het kleine menutje dat verschijnt kies je '[b:4fc6cefe38]verplaatsen[/b:4fc6cefe38]'.[/list:u:4fc6cefe38] [*:4fc6cefe38] Kies bovenaan in het menu voor [b:4fc6cefe38]Language/Taal[/b:4fc6cefe38] en wijzig deze naar [b:4fc6cefe38]Dutch (Nederlands)[/b:4fc6cefe38] indien deze bij jou anders staat ingesteld. [*:4fc6cefe38] Druk op [b:4fc6cefe38]F9[/b:4fc6cefe38], kies daarna voor het tabblad [b:4fc6cefe38]Acties[/b:4fc6cefe38] en stel daar het volgende in onder [b:4fc6cefe38]Malware:[/b:4fc6cefe38][list:4fc6cefe38] [*:4fc6cefe38] [b:4fc6cefe38]Adware[/b:4fc6cefe38]: Verplaats [*:4fc6cefe38] [b:4fc6cefe38]Dialers[/b:4fc6cefe38]: Verplaats [*:4fc6cefe38] [b:4fc6cefe38]Jokes[/b:4fc6cefe38]: Rapportage [*:4fc6cefe38] [b:4fc6cefe38]Riskware[/b:4fc6cefe38]: Rapportage [*:4fc6cefe38] [b:4fc6cefe38]Hacktools[/b:4fc6cefe38]: Verplaats [*:4fc6cefe38] Haal dan het vinkje weg bij '[b:4fc6cefe38]Prompt bij actie[/b:4fc6cefe38]'.[/list:u:4fc6cefe38] [*:4fc6cefe38]Kies daarna voor het tabblad [b:4fc6cefe38]Scan[/b:4fc6cefe38] en verwijder het vinkje bij [b:4fc6cefe38]Heuristische analyse[/b:4fc6cefe38]. Druk vervolgens op [b:4fc6cefe38]Toepassen[/b:4fc6cefe38] gevolgd door [b:4fc6cefe38]OK[/b:4fc6cefe38]. [*:4fc6cefe38] Eenmaal als de korte scan is beeindigd vink je aan: [b:4fc6cefe38]Volledige scan[/b:4fc6cefe38]. Druk daarna op het [b:4fc6cefe38][color=#006400:4fc6cefe38]groene pijltje[/color:4fc6cefe38][/b:4fc6cefe38] (start knop) om de scan te starten. [*:4fc6cefe38] Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is. [*:4fc6cefe38] Nadat de scan gedaan is ga dan naar [b:4fc6cefe38]Bestand[/b:4fc6cefe38] en kies [b:4fc6cefe38]Rapportage lijst opslaan[/b:4fc6cefe38]. Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt. [*:4fc6cefe38] [b:4fc6cefe38]Herstart vervolgens de computer!![/b:4fc6cefe38] Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart. [*:4fc6cefe38] Na het herstarten, [b:4fc6cefe38]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:4fc6cefe38].[/list:u:4fc6cefe38]

[anoniem]

Even een berichtje vanaf andere computer. De snelle scan duurde ruim 2 uren en er is niks gevonden. Hij is nu bezig met de complete scan.

[anoniem]

Beste Abraham 54, Er is niks gevonden door CureIt! Jammer!

[anoniem]

Heb de rapportage lijst dus ook niet op kunnen slaan.. er is wel een log gemaakt maar aangezien het programma ruim 400.000 bestanden heeft gecheckd is dat nogal groot..

[anoniem]

Heb je nu het idee dat Dr.Web nu wel of niet iets verwijderd heeft?

[anoniem]

Volgens mij niets, het heeft ook niks gevonden. Neem aan dat het programma alleen dingen verwijderd als die dat aangeeft..

[anoniem]

Bon. Ik wil nu dat je wat je bwaren wil van partitie D, dat je dat zo mogelijk eerst kopieert naar C dan wel een externe opslag. Daarna wil ik, dat jij naar Schijfbeheer gaat en Partitie D gaat verwijderen. Schijfbeheheer bereik je via rechtsklikken op > Computer en dan kiezen voor > Beheren. Laat weten of dat lukt.

[anoniem]

Op D staan o.a. drivers voor m'n cardreader, webcam... als dat niet meer werkt is niet het grootste probleem. Gewoon verwijderen allemaal? Als ik veel naar de C schijf ga verplaatsen is de kans groter dat dan het probleem niet opgelost word?

[anoniem]

Die Drivers zijn dus allang geïnstalleerd in Windows neem ik aan? Want bij installatie worden die echt niet op een andere partitie geïnstalleerd! Dus maar even parkeren op C kan. Want uiteindelijk wordt D later weer aangemaakt.

[anoniem]

Dat denk ik wel dan...want dat werkt gewoon goed nu. Dan kunnen die dus ook wel mee weg.

[anoniem]

Mooi zo. Probeer dan maar of Partitie D zich laat verwijderen!

[anoniem]

Partitie D is verwijderd, heb de laptop opnieuw opgestart, maar zie geen verschillen. De documenten zijn niet terug in de map 'documents'.

[anoniem]

Wil jij RSIT opnieuw doen en dan alleen Attach.txt posten?

[anoniem]

Waar vind ik Attach.txt? Het programma heeft een log.txt aangemaakt.

[anoniem]

Hier in ieder geval het logfile: Logfile of random's system information tool 1.08 (written by random/random) Run by Pieter at 2011-07-06 14:01:33 Microsoft® Windows Vista™ Home Basic Service Pack 2 System drive C: has 23 GB (32%) free of 71 GB Total RAM: 1278 MB (43% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:01:59, on 6-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\realplayer\Update\realsched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe C:\Users\Pieter\Desktop\RSIT.exe C:\Program Files\trend micro\Pieter.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-nl.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7377 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-22 386264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-03 13556256] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-03 92704] "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920] "TkBellExe"=c:\program files\real\realplayer\Update\realsched.exe [2011-06-22 273544] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2010-11-10 4240760] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2008-11-09 102400] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2011-07-04 23:21:37 ----ASH---- C:\hiberfil.sys 2011-07-04 23:14:33 ----A---- C:\Windows\ntbtlog.txt 2011-07-04 18:38:18 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-07-04 18:38:15 ----A---- C:\Windows\system32\drivers\mbam.sys 2011-07-04 18:38:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-07-04 16:39:39 ----D---- C:\rsit 2011-07-04 10:09:40 ----D---- C:\Program Files\Trend Micro 2011-07-03 19:10:31 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys 2011-07-03 19:10:30 ----A---- C:\Windows\system32\drivers\aswSP.sys 2011-07-03 19:10:26 ----A---- C:\Windows\system32\drivers\aswRdr.sys 2011-07-03 19:10:25 ----A---- C:\Windows\system32\drivers\aswTdi.sys 2011-07-03 19:10:25 ----A---- C:\Windows\system32\drivers\aswSnx.sys 2011-07-03 19:10:23 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys 2011-07-03 19:09:43 ----A---- C:\Windows\system32\aswBoot.exe 2011-07-03 19:09:10 ----D---- C:\ProgramData\AVAST Software 2011-07-03 19:09:10 ----D---- C:\Program Files\AVAST Software 2011-07-01 22:05:58 ----D---- C:\Windows\temp 2011-06-30 21:29:36 ----D---- C:\Program Files\ESET 2011-06-30 20:40:46 ----A---- C:\ComboFix.txt 2011-06-30 20:38:17 ----SHD---- C:\$RECYCLE.BIN 2011-06-30 16:59:57 ----SD---- C:\32788R22FWJFW 2011-06-30 16:59:14 ----D---- C:\Windows\ERDNT 2011-06-30 13:40:59 ----D---- C:\Users\Pieter\AppData\Roaming\Malwarebytes 2011-06-30 13:40:27 ----D---- C:\ProgramData\Malwarebytes 2011-06-29 09:17:28 ----A---- C:\Windows\system32\schannel.dll 2011-06-28 23:42:47 ----D---- C:\ProgramData\TorrentEasy 2011-06-22 10:57:00 ----D---- C:\Program Files\Common Files\xing shared 2011-06-18 11:55:25 ----D---- C:\Program Files\Common Files\Adobe 2011-06-17 01:36:04 ----A---- C:\Windows\system32\mshtmled.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\jscript9.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\jscript.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\ieui.dll 2011-06-17 01:36:03 ----A---- C:\Windows\system32\iertutil.dll 2011-06-17 01:36:01 ----A---- C:\Windows\system32\mshtml.dll 2011-06-17 01:36:00 ----A---- C:\Windows\system32\urlmon.dll 2011-06-17 01:36:00 ----A---- C:\Windows\system32\ieframe.dll 2011-06-16 18:09:31 ----A---- C:\Windows\system32\drivers\dfsc.sys 2011-06-16 18:09:26 ----A---- C:\Windows\system32\drivers\afd.sys 2011-06-16 18:09:24 ----A---- C:\Windows\system32\drivers\srvnet.sys 2011-06-16 18:09:24 ----A---- C:\Windows\system32\drivers\srv2.sys 2011-06-16 18:09:22 ----A---- C:\Windows\system32\oleaut32.dll 2011-06-16 18:09:15 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2011-06-16 18:09:14 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys 2011-06-16 18:09:14 ----A---- C:\Windows\system32\drivers\mrxsmb.sys 2011-06-16 18:09:12 ----A---- C:\Windows\system32\inetcomm.dll 2011-06-07 22:01:23 ----D---- C:\Program Files\Common Files\Java 2011-06-07 22:00:05 ----A---- C:\Windows\system32\javaws.exe 2011-06-07 22:00:05 ----A---- C:\Windows\system32\javaw.exe 2011-06-07 22:00:05 ----A---- C:\Windows\system32\java.exe ======List of files/folders modified in the last 1 months====== 2011-07-06 13:41:38 ----D---- C:\Windows\Prefetch 2011-07-06 13:41:17 ----SD---- C:\ProgramData\Microsoft 2011-07-06 01:00:54 ----D---- C:\Windows\system32\drivers 2011-07-05 00:39:17 ----D---- C:\Windows 2011-07-05 00:39:16 ----D---- C:\Windows\System32 2011-07-05 00:19:25 ----SHD---- C:\System Volume Information 2011-07-04 23:17:12 ----A---- C:\Windows\NeroDigital.ini 2011-07-04 18:38:14 ----RD---- C:\Program Files 2011-07-04 14:32:22 ----D---- C:\Windows\system32\WDI 2011-07-04 13:23:01 ----D---- C:\Users\Pieter\AppData\Roaming\fotofabriek Publisher 2011-07-04 10:09:43 ----SHD---- C:\Windows\Installer 2011-07-04 10:09:42 ----SD---- C:\Users\Pieter\AppData\Roaming\Microsoft 2011-07-03 19:09:10 ----D---- C:\ProgramData 2011-07-02 13:44:36 ----SD---- C:\Windows\Downloaded Program Files 2011-06-30 20:35:56 ----A---- C:\Windows\system.ini 2011-06-30 20:31:25 ----D---- C:\Windows\AppPatch 2011-06-30 20:31:23 ----D---- C:\Program Files\Common Files 2011-06-30 19:58:26 ----D---- C:\Windows\system32\catroot 2011-06-30 19:56:43 ----D---- C:\Windows\winsxs 2011-06-30 19:56:29 ----D---- C:\ProgramData\Lavasoft 2011-06-30 19:56:27 ----DC---- C:\Windows\system32\DRVSTORE 2011-06-30 19:48:56 ----D---- C:\Windows\system32\Tasks 2011-06-30 19:48:27 ----D---- C:\Windows\Minidump 2011-06-30 17:49:11 ----D---- C:\Windows\Microsoft.NET 2011-06-30 17:49:10 ----RSD---- C:\Windows\assembly 2011-06-30 17:14:54 ----D---- C:\Windows\system32\drivers\etc 2011-06-30 14:04:03 ----HDC---- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2011-06-30 13:31:57 ----D---- C:\Program Files\Mozilla Firefox 2011-06-30 12:58:37 ----D---- C:\Program Files\Microsoft Office 2011-06-30 12:48:52 ----D---- C:\Users\Pieter\AppData\Roaming\BitTorrent 2011-06-30 08:17:20 ----RSD---- C:\Windows\Fonts 2011-06-29 22:00:35 ----D---- C:\Windows\system32\catroot2 2011-06-28 22:09:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-06-28 22:09:26 ----D---- C:\Windows\inf 2011-06-26 19:44:26 ----D---- C:\Windows\Tasks 2011-06-23 23:07:23 ----D---- C:\Windows\Debug 2011-06-22 10:57:08 ----D---- C:\Program Files\Real 2011-06-22 10:55:21 ----A---- C:\Windows\system32\rmoc3260.dll 2011-06-22 10:53:21 ----A---- C:\Windows\system32\pndx5032.dll 2011-06-22 10:53:21 ----A---- C:\Windows\system32\pndx5016.dll 2011-06-22 10:53:07 ----A---- C:\Windows\system32\pncrt.dll 2011-06-22 10:52:37 ----A---- C:\Windows\system32\msvcr71.dll 2011-06-22 10:52:36 ----A---- C:\Windows\system32\msvcp71.dll 2011-06-18 15:44:52 ----D---- C:\ProgramData\fotofabriek Publisher 2011-06-18 11:56:51 ----D---- C:\ProgramData\Adobe 2011-06-18 11:55:25 ----D---- C:\Program Files\Adobe 2011-06-17 04:46:41 ----D---- C:\Program Files\Internet Explorer 2011-06-17 01:47:09 ----D---- C:\ProgramData\Microsoft Help 2011-06-17 01:42:21 ----A---- C:\Windows\system32\mrt.exe 2011-06-17 01:37:36 ----D---- C:\Program Files\Microsoft Silverlight 2011-06-17 01:34:02 ----D---- C:\Program Files\Windows Mail 2011-06-07 21:59:24 ----D---- C:\Program Files\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-30 743424] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256] R3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648] R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-12-03 1040544] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-03 7606688] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-11-09 192816] R3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336] S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [] S3 catchme;catchme; \??\C:\Users\Pieter\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 FNETTBOH;FNETTBOH; C:\Windows\System32\drivers\FNETTBOH.SYS [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-06-21 101376] S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984] S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888] S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456] S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264] S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952] S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344] S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-03 203296] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-14 135664] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-14 135664] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF-----------------

[anoniem]

Hoi Burdy, dat is nu net het log dat ik niet wou hebben! Mogelijk dat [b:052c0d4161]info.txt[/b:052c0d4161] (door mij eerder abusievelijk als Attach.txt aangeduid) niet is gemaakt! Daarom nu eerst het volgende: Je mag RSIT weer verwijderen: open een nieuw kladblok bestand, via Start>Alle programma’s>Bureau-accessoires>Kladblok. Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [color=Blue:052c0d4161][b:052c0d4161]Code: rd /q /s "C:\rsit" del %0[/b:052c0d4161][/color:052c0d4161] Sla dit kladblokbestand op je bureaublad op als [b:052c0d4161]xixo.bat[/b:052c0d4161]; bij "Oplaan als" kies je voor "Alle bestanden". Het moet er als dit uitzien : [url]http://img301.imageshack.us/img301/6459/batqb.jpg[/url] Klik\dubbelklik op [b:052c0d4161]xixo.bat[/b:052c0d4161]; de batchfile zal de opdracht uitvoeren en zichzelf daarna automatisch verwijderen. [url=http://images.malwareremoval.com/random/RSIT.exe][color=#0000FF:052c0d4161]download RSIT naar jouw bureaublad[/color:052c0d4161][/url] [list:052c0d4161][*:052c0d4161] Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor 'Als administrator uitvoeren'! [*:052c0d4161] Denk eraan, dat RSIT vanaf het bureaublad gestart dient te worden. [*:052c0d4161] Klik\dubbelklik op 'RSIT.exe' om het tool te starten. [*:052c0d4161] Klik op 'Continue' in het disclaimer venster.[/list:u:052c0d4161] [list:052c0d4161][*:052c0d4161] Nadat de scan beëindigd is, zullen twee logs openen. [*:052c0d4161] Post enkel de inhoud van [b:052c0d4161]info.txt[/b:052c0d4161] ('info.txt' zal eerst geminimaliseerd zijn in de Taakbalk) [*:052c0d4161] Indien je [b:052c0d4161]info.txt[/b:052c0d4161] niet vindt, kijk dan in C er naar.[/list:u:052c0d4161]

[anoniem]

info.txt logfile of random's system information tool 1.08 2011-07-06 19:38:04 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Acer Crystal Eye-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0009 -removeonly Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain plugin Adobe Reader X (10.1.0) - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA1000000001} Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Distance 4.0-->C:\PROGRA~1\DISTAN~1\UNWISE.EXE C:\PROGRA~1\DISTAN~1\INSTALL.LOG EAP-->MsiExec.exe /I{3DC02D18-95A9-40BB-923D-BEE2149385BF} Easy FLV Player 2.0-->"C:\Program Files\Easy FLV Player\unins000.exe" erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564} ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ExtractNow-->"C:\Program Files\ExtractNow\unins000.exe" FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe focus booster-->msiexec /qb /x {06ED8674-1191-5DF4-88E9-5732C927ADF7} focus booster-->MsiExec.exe /I{06ED8674-1191-5DF4-88E9-5732C927ADF7} fotofabriek Publisher 2.9.1-->"C:\Program Files\FotoFabriek\unins000.exe" Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} K-Lite Codec Pack 4.3.4 (Basic)-->"D:\Programma's\K-Lite Codec Pack\unins000.exe" Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0013 -removeonly Malwarebytes' Anti-Malware versie 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Codec Pack 3.3.1-->C:\Windows\system32\C2MP\Uninst.exe Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07} Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE} Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Mozilla Firefox 5.0 (x86 nl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Nero 7 Essentials-->MsiExec.exe /X{BCB002B8-493D-4C3F-A968-774FC0881043} NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0 RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0} Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1} Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062} Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA} Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Smart PDF Creator 4.2.3.302-->"D:\Smart PDF Creator\unins000.exe" Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP Toetsing en Ontwerp VERbindingszones-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7AFF705-7063-11D5-8C55-005004540646}\Setup.exe" -l0x9 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4} Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC} Update for Outlook 2007 Junk Email Filter (KB2536413)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {95DF5260-331D-4FFD-A2D5-C64164751945} Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA} Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5} Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" What'sBest!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF411993-A3BA-48D1-A095-6FE9428E714C}\setup.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C} Windows Live Messenger-->MsiExec.exe /X{6A563426-3474-41C6-B847-42B39F1485B2} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92} Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA} Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{CD19EDD9-1632-4002-9212-7478E4BA0423} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218} Windows Live Writer-->MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Write-N-Cite-->C:\PROGRA~1\Refworks\UNWISE.EXE C:\PROGRA~1\Refworks\INSTALL.LOG ZIP Reader 8.00.0018-->MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD} ======Security center information====== AS: Windows Defender =====Application event log===== Computer Name: PC_van_Pieter Event Code: 1 Message: Client van Certificate Services is gestart. Record Number: 4408 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090111114207.083192-000 Event Type: Informatie User: NT AUTHORITY\SYSTEEM Computer Name: PC_van_Pieter Event Code: 1 Message: Client van Certificate Services is gestart. Record Number: 4407 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090111114157.097192-000 Event Type: Informatie User: PC_van_Pieter\Pieter Computer Name: PC_van_Pieter Event Code: 302 Message: msnmsgr (1984) \\.\C:\Users\Pieter\AppData\Local\Microsoft\Messenger\komttijd_komthoop@hotmail.com\SharingMetadata\Working\database_7236_553C_3655_311\dfsr.db: De database-engine heeft de herstelstappen uitgevoerd. Record Number: 4406 Source Name: ESENT Time Written: 20090111114135.000000-000 Event Type: Informatie User: Computer Name: PC_van_Pieter Event Code: 301 Message: msnmsgr (1984) \\.\C:\Users\Pieter\AppData\Local\Microsoft\Messenger\komttijd_komthoop@hotmail.com\SharingMetadata\Working\database_7236_553C_3655_311\dfsr.db: De database-engine is begonnen met het opnieuw afspelen van logboekbestand \\.\C:\Users\Pieter\AppData\Local\Microsoft\Messenger\komttijd_komthoop@hotmail.com\SharingMetadata\Working\database_7236_553C_3655_311\fsr.log. Record Number: 4405 Source Name: ESENT Time Written: 20090111114135.000000-000 Event Type: Informatie User: Computer Name: PC_van_Pieter Event Code: 301 Message: msnmsgr (1984) \\.\C:\Users\Pieter\AppData\Local\Microsoft\Messenger\komttijd_komthoop@hotmail.com\SharingMetadata\Working\database_7236_553C_3655_311\dfsr.db: De database-engine is begonnen met het opnieuw afspelen van logboekbestand \\.\C:\Users\Pieter\AppData\Local\Microsoft\Messenger\komttijd_komthoop@hotmail.com\SharingMetadata\Working\database_7236_553C_3655_311\fsr00182.log. Record Number: 4404 Source Name: ESENT Time Written: 20090111114134.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 118129 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110427002021.513493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 118128 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110427002019.768493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 118127 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110427002019.257493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 118126 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110427002015.594493-000 Event Type: Controle mislukt User: Computer Name: PC_van_Pieter Event Code: 5038 Message: De kopie-hash van een bestand is ongeldig. Mogelijk is het bestand beschadigd vanwege een onbevoegde wijziging of duidt de ongeldige hash op een schijffout. Bestandsnaam: \Device\HarddiskVolume2\Program Files\Logitech\SetPoint\lgscroll.dll Record Number: 118125 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110427002014.363493-000 Event Type: Controle mislukt User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=6801 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF-----------------

[anoniem]

Hoi Pieter, ik ga er van uit dat de D-partitie door jouw nog niet opnieuw is aangegemaakt! Doe het volgende: [b:f2f8a95b57]Welk programma[/b:f2f8a95b57]: ComboFix [b:f2f8a95b57]Waarvoor/waarom[/b:f2f8a95b57]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:f2f8a95b57]Moeilijkheidsgraad[/b:f2f8a95b57]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:f2f8a95b57]Downloadlokatie[/b:f2f8a95b57]: Dit programma absoluut naar het bureaublad downloaden! [b:f2f8a95b57]Download ComboFix via één van deze locaties[/b:f2f8a95b57]: [list:f2f8a95b57][*:f2f8a95b57][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:f2f8a95b57]Bleepingcomputer[/b:f2f8a95b57][/url] [*:f2f8a95b57][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:f2f8a95b57]ForoSpyware[/b:f2f8a95b57][/url] [*:f2f8a95b57][url=http://subs.geekstogo.com/ComboFix.exe][b:f2f8a95b57]Geekstogo[/b:f2f8a95b57][/url][/list:u:f2f8a95b57] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:f2f8a95b57]Hier[/b:f2f8a95b57][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:f2f8a95b57]Hier[/b:f2f8a95b57][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:f2f8a95b57]hier[/b:f2f8a95b57][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:f2f8a95b57]Voor alle duidelijkheid nogmaals[/b:f2f8a95b57]: ComboFix dient vanaf het bureaublad gestart te worden. [b:f2f8a95b57]Opmerkingen[/b:f2f8a95b57]: [list:f2f8a95b57][*:f2f8a95b57] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:f2f8a95b57]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:f2f8a95b57]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:f2f8a95b57] [b:f2f8a95b57]ComboFix is opgestart[/b:f2f8a95b57]: [list:f2f8a95b57][*:f2f8a95b57]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:f2f8a95b57]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:f2f8a95b57]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:f2f8a95b57]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:f2f8a95b57]Post de inhoud van dit logbestand in je volgende bericht. [*:f2f8a95b57]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:f2f8a95b57] [b:f2f8a95b57]Belangrijke opmerking[/b:f2f8a95b57]: [list:f2f8a95b57][*:f2f8a95b57][b:f2f8a95b57][color=Red:f2f8a95b57]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:f2f8a95b57][/b:f2f8a95b57] [*:f2f8a95b57][b:f2f8a95b57][color=blue:f2f8a95b57]Illegal operation attempted on a registery key that has been marked for deletion.[/color:f2f8a95b57][/b:f2f8a95b57] [*:f2f8a95b57][b:f2f8a95b57][color=Red:f2f8a95b57]Start dan de computer opnieuw op.[/color:f2f8a95b57][/b:f2f8a95b57][/list:u:f2f8a95b57]