• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

HJT Controle - help

Status
Niet open voor verdere reacties.

larsvink

Junior lid
Lid geworden
16 aug 2010
Berichten
30
Waarderingsscore
0
Beste...helpers?:D,

Ik heb wel vaker last van wat malware/keyloggers, maar nooit echt stappen ondernomen behalve zo af en toe een adaware scan te doen. Tot ik vandaag het zat was, (wow-account gehacked) en de shit gegoogled tot ik hier, tot mijn grote blijdschap terecht kwam:D).
Ik heb de eerste stappen ondernomen, maar helaas liet s&d niet toe na een scan dat ik nog maar iets download of als ik toch voor elkaar kreeg het niet liet openen. Dit kan eraan liggen dat ik enorme problemen met windows security had, maar dat S&D dit weer activeerde? en daardoor problemen creerde.
Iig ik had een system restore point gemaakt, en daarna die stap niet herhaald, maar meteen een hijackthis log gemaakt (inclu kleurtjes), en as we speak de uninstall log.

de Hijackthis log:

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:08:53, on 16/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
d:\games\steam\steam.exe
c:\program files (x86)\daemon tools lite\dtlite.exe
c:\program files (x86)\mozilla firefox\firefox.exe
c:\users\leftbird\desktop\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = http=127.0.0.1:5555
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
f2 - reg:system.ini: userinit=userinit.exe
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: sky-banners browser enhancer smuup - {3d27d6ab-1c4d-433e-bf46-654dee19ec50} - c:\windows\syswow64\smuup.dll (file missing)
o2 - bho: street-ads browser enhancer omuup - {5f27e8c9-1a54-4a1d-b3ca-32a643b74215} - c:\windows\syswow64\omuup.dll (file missing)
o2 - bho: windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [adobecs4servicemanager] c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe -launchedbylogin
o4 - hklm\..\run: [isusscheduler] c:\program files (x86)\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [sta] rundll32 "smuup.dll",,run
o4 - hklm\..\run: [mchk] c:\windows\system32\fmuup.exe
o4 - hklm\..\run: [dfttuyo] c:\windows\system32\dfttuyo.exe
o4 - hklm\..\run: [dfttuyox] c:\windows\system32\dfttuyox.exe
o4 - hklm\..\run: [rmnzhp] rundll32.exe c:\windows\system32\mswyxtnd.dll,w
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [aticustomercare] c:\program files (x86)\ati\aticustomercare\aticustomercare.exe
o4 - hkcu\..\run: [steam] d:\games\steam\steam.exe -silent
o4 - hkcu\..\run: [lmljrevl] c:\users\leftbird\appdata\local\nbyiyojbv\isoircvtssd.exe
o4 - hkcu\..\run: [isuspm startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
o4 - hkcu\..\run: [daemon tools lite] c:\program files (x86)\daemon tools lite\dtlite.exe -autorun
o4 - hkcu\..\run: [070700setup.exe] c:\users\leftbird\appdata\roaming\e5a27456fb13b764e1abf72601b9bf70\070700setup.exe
o4 - hkcu\..\run: [komxgbxo] c:\users\leftbird\appdata\local\kjqmxskpi\dwlkkkctssd.exe
o4 - hklm\..\policies\explorer\run: [z7b6s8] c:\users\leftbird\appdata\local\temp\r3ghaz.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - startup: antimalware doctor.lnk = leftbird\appdata\roaming\e5a27456fb13b764e1abf72601b9bf70\070700setup.exe
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: asp.net state service (aspnet_state) - unknown owner - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
o23 - service: dragon age: origins - content updater (daupdatersvc) - bioware - d:\games\dragon age\bin_ship\daupdatersvc.service.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: flexnet licensing service - acresso software inc. - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: flexnet licensing service 64 - acresso software inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: steam client service - valve corporation - c:\program files (x86)\common files\steam\steamservice.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: vtingwinie - unknown owner - c:\windows\system32\drivers\svchost.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 7798 bytes

[/hjt]


De uninstall.log:
Torrent
Activision(R)
Activision(R)
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Assassin's Creed II
ATI Catalyst Registration
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Catalyst Control Center - Branding
Connect
DiRT2
Disciples III
Divinity II - Ego Draconis
DivX Web Player
Dragon Age: Origins
EAX Unified
Empire: Total War
Fallout 3
FIFA 10
Football Manager 2010
Gothic III
Gothic III Release Update
Java(TM) 6 Update 17
K-Lite Codec Pack 5.5.1 (Full)
kuler
LG PC Suite II
LG USB Modem driver
Mafia
Mafia II - Demo
Mass Effect 2
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (3.6.8)
MSVCRT
MSXML4 Parser
NVIDIA PhysX
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OpenAL
OpenOffice.org 3.1
PDF Settings CS4
Photoshop Camera Raw
Prince of Persia The Forgotten Sands
Prism Video Converter
Rapture3D 2.3.22 Game
Real Alternative 2.0.1
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Singularity(TM)
Sniper Ghost Warrior
SopCast 3.2.4
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
StarCraft II
Steam
STREET FIGHTER IV
Suite Shared Configuration CS4
The Matrix - Path of Neo
The Settlers 7 - Paths to a Kingdom
The Witcher Enhanced Edition
Tom Clancy's Splinter Cell Conviction
Transformers - War for Cybertron
TVAnts 1.0
Two Worlds
Ubisoft Game Launcher
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.16
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Movie Maker 2.6
 
Re: Controle - help

Hoi Lars, ben jij onderstaande ook tegengekomen in jouw Windows?

4c69a2aca13eb-antiviruslive.jpg


En wil je additioneel deze scan doen?

Download CKScanner by askey 127 en sla het op je bueaublad op.

Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.

Klik/dubbelklik op CKScanner by askey 127 om het tool te starten en klik op Search for Files.
Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
Een berichtvenster zal bevestigen dat het dokument is opgelagen.
Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopier en plak de inhoud in je volgende post.
 
Re: Controle - help

Nee ben dat niet tegen gekomen.

Hier de resultaten van de cks scan (tot lichte schande toegegeven dat ik nog wel wat (illegale?) cracks heb:S):


CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\leftbird\desktop\programs\plugins\crypt.dll
c:\users\leftbird\downloads\call of duty 5\crack\cod 1.5 privateserverfix\server.exe
c:\users\leftbird\downloads\call of duty 5\crack\codwaw 1.5-lanfix\codwaw-lanfix 1.5.exe
c:\users\leftbird\downloads\call of duty 5\crack\cod_5_1.5_privat_client_patch_update\cod 5 1.5 privat client patch.exe
c:\users\leftbird\downloads\call of duty 5\crack\cod_5_1.5_privat_client_patch_update\instrues de uso.txt
c:\users\leftbird\downloads\call of duty 5\crack\cod_5_1.5_privat_client_patch_update\server list.txt
c:\users\leftbird\downloads\call of duty 5\crack\crack v1.5\codwaw.exe
c:\users\leftbird\downloads\call of duty 5\keygen\keygen.exe
c:\users\leftbird\downloads\mass effect 2 dlc - equalizer pack\dlc crack.exe
c:\users\leftbird\downloads\mass effect 2 dlc pack\dlc crack.exe
c:\users\leftbird\downloads\mass effect 2 dlc pack\mass effect 2 v1.01 no-cd crack.zip
c:\users\leftbird\downloads\mass effect 2 update 1.01 + crack\masseffect2-1.01.exe
c:\users\leftbird\downloads\mass effect 2 update 1.01 + crack\crack\masseffect2.exe
c:\users\leftbird\downloads\mass effect 2 update 1.01 + crack\crack\update.txt
c:\users\leftbird\downloads\mass effect 2 update 1.01 + crack\crack\vitality.nfo
c:\users\leftbird\downloads\star wars empire at war forces of corruption\02 empire at war - forces of corruption\keygen.exe
c:\users\leftbird\downloads\star wars empire at war forces of corruption\02 empire at war - forces of corruption\keygen.rar
c:\users\leftbird\downloads\the.elder.scrolls.iv.oblivion.game.of.the.year_edition-.bethesda_softworks.-2007\nodvd\the.elder.scrolls.iv.oblivion.the.shivering.isles.v1.2.0416.nodvd.crack-pwz\pwz-osi6.rar
c:\users\leftbird\downloads\the.elder.scrolls.iv.oblivion.game.of.the.year_edition-.bethesda_softworks.-2007\nodvd\the.elder.scrolls.iv.oblivion.the.shivering.isles.v1.2.0416.nodvd.crack-pwz\pwz-osi6.sfv
c:\users\leftbird\downloads\the.elder.scrolls.iv.oblivion.game.of.the.year_edition-.bethesda_softworks.-2007\nodvd\the.elder.scrolls.iv.oblivion.the.shivering.isles.v1.2.0416.nodvd.crack-pwz\pwz.nfo
hosts 127.0.0.1 practivate.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----
 
Re: Controle - help

Hoi Lars, al die cracks zijn telkens het begin van nieuwe ellende!

In en andere topic heb ik dit geschreven:

En zo te zien heb je dus ook illegale software in je Windows.

Dat is natuurlijk niet goed - wel begrijpbaar - maar toch.
Want keygens en cracks zijn voor het overgote deel afkomstig uit het cybercrime milieu.
En die lieden willen eigenlijk meer van jouw terug, dan jij nu hebt uitgespaart!
En daardoor heb je dus ook een fikse besmetting in je PC!

Bovendien is het volledig onverantwooord van je, om niet eens een antivirus in je Windows te hebben!

Mocht je denken dat antimalware doctor daarvoor dient: dat is een roque-scanner!

Dus ik wil graag van jouw weten, waarom jij helemaal geen AV in je Windows hebt.


Stap 1

Sluit alle openstaande vensters (dus kopieer eerst deze pagina naar kladblok) en start dan HijackThis en klik op de knop Do a Scan only,


r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyserver = http=127.0.0.1:5555
o2 - bho: sky-banners browser enhancer smuup - {3d27d6ab-1c4d-433e-bf46-654dee19ec50} - c:\windows\syswow64\smuup.dll (file missing)
o2 - bho: street-ads browser enhancer omuup - {5f27e8c9-1a54-4a1d-b3ca-32a643b74215} - c:\windows\syswow64\omuup.dll (file missing)
o4 - hklm\..\run: [sta] rundll32 "smuup.dll",,run
o4 - hklm\..\run: [mchk] c:\windows\system32\fmuup.exe
o4 - hklm\..\run: [dfttuyo] c:\windows\system32\dfttuyo.exe
o4 - hklm\..\run: [dfttuyox] c:\windows\system32\dfttuyox.exe
o4 - hklm\..\run: [rmnzhp] rundll32.exe c:\windows\system32\mswyxtnd.dll,w
o4 - hkcu\..\run: [lmljrevl] c:\users\leftbird\appdata\local\nbyiyojbv\isoircvtssd.exe
o4 - hkcu\..\run: [070700setup.exe] c:\users\leftbird\appdata\roaming\e5a27456fb13b764 e1abf72601b9bf70\070700setup.exe
o4 - hkcu\..\run: [komxgbxo] c:\users\leftbird\appdata\local\kjqmxskpi\dwlkkkctssd.exe
o4 - hklm\..\policies\explorer\run: [z7b6s8] c:\users\leftbird\appdata\local\temp\r3ghaz.exe
o4 - startup: antimalware doctor.lnk = leftbird\appdata\roaming\e5a27456fb13b764e1abf7260 1b9bf70\070700setup.exe

  • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
  • vervolgens klik je daarna op de knop Fix checked
  • Klik hierna HijackThis op uit.
Start de computer na de fix opnieuw op
Stap 2

Typ in de zoekregel direkt boven de Startknop mrt.
Bovenaan het startmenu klik je met rechts op de snelkoppeling van MRT en kies je voor Uitvoeren als administrator.
MRT is het windows eigen Malicious Removal Tool.
Laat de instelling op Snelle scan staan en kies scannen!


Stap 3

Download, installeer en blijf MBAM gebruiken (KLIK)
(klik op de blaue knop om de gratis versie te downloaden!)
  • Al meteen na de installatie wil MBAM zijn database opwaarderen toestaan dus.
  • Ook bij herhaald gebruik: eerst MBAM updaten via de tab Update!
  • Start MBAM en kies voor Snelle Scan
  • N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Indien de scan voltooid is, klik dan op de knop OK
  • Klik daarna op de knop Bekijk Resultaten om de resultaten te zien.
  • Zorg ervoor, dat alles aangevinkt is.
  • Vervolgens klik je op: Verwijder geselecteerde .
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Het log wordt automatisch bewaard door MBAM en dat kan je terugvinden door op de tab Logs te klikken in MBAM .
  • Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op OK klikken!
  • Daarna zal MBAM vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen.


Hierna post je de inhoud van de volgende logs:
  • een nieuw Hijackthis-log
  • MBAM scanlog
  • Tevens een Uninstall-lijst posten:
  • start HijackThis,
  • klik op de knop Open the Misc Tools section,
  • klik op de knop Open Uninstall Manager
  • Klik op de knop Save.
 
Re: Controle - help

Ik heb een acer desktop aangeschaft, maar bij de installatie werd ik gek van alle onzin programmas die acer dr op had geplaatst, dus heb ik een hele bende er van af gepleurd (waarna de pc wonderwel goed liep ;)), denk dat daarbij wel wat noodzakelijke veiligheids progs zijn gesneuveld;S.
Ow en toen ik last kreeg van dat dokter programma had ik meteen door dat het niet van mij was, dus had het verwijderd, maar niet volledig, waardoor het niet meer werkte, maar nog steeds een paar files ergens verstopt had ofzo.

Anyways, genoeg slappe excuses; hier de gevraagde stappen:

Moest MRT eerst downloaden, want zat niet op mijn pc, gescanned, geen resultaten.

Toen mbam (en hoop rotzooi).

Hier de logs:

Hijackthis:
[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:24:33, on 17/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
d:\games\steam\steam.exe
c:\program files (x86)\daemon tools lite\dtlite.exe
c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
c:\users\leftbird\desktop\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = http=127.0.0.1:5555
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [adobecs4servicemanager] c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe -launchedbylogin
o4 - hklm\..\run: [isusscheduler] c:\program files (x86)\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [aticustomercare] c:\program files (x86)\ati\aticustomercare\aticustomercare.exe
o4 - hkcu\..\run: [steam] d:\games\steam\steam.exe -silent
o4 - hkcu\..\run: [isuspm startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
o4 - hkcu\..\run: [daemon tools lite] c:\program files (x86)\daemon tools lite\dtlite.exe -autorun
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: asp.net state service (aspnet_state) - unknown owner - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
o23 - service: dragon age: origins - content updater (daupdatersvc) - bioware - d:\games\dragon age\bin_ship\daupdatersvc.service.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: flexnet licensing service - acresso software inc. - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: flexnet licensing service 64 - acresso software inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: steam client service - valve corporation - c:\program files (x86)\common files\steam\steamservice.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: vtingwinie - unknown owner - c:\windows\system32\drivers\svchost.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 6574 bytes

[/hjt]

Mbam:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4438

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/08/2010 00:22:32
mbam-log-2010-08-17 (00-22-32).txt

Scan type: Quick scan
Objects scanned: 129776
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Files Infected:
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> No action taken.
C:\Users\LeftBird\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Windows\System32\comsats.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\service.sys (Rootkit.Agent) -> No action taken.



En ten slotte, de uninstall list:
Torrent
Activision(R)
Activision(R)
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Assassin's Creed II
ATI Catalyst Registration
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Catalyst Control Center - Branding
Connect
DiRT2
Disciples III
Divinity II - Ego Draconis
DivX Web Player
Dragon Age: Origins
EAX Unified
Empire: Total War
Fallout 3
FIFA 10
Football Manager 2010
Gothic III
Gothic III Release Update
Java(TM) 6 Update 17
K-Lite Codec Pack 5.5.1 (Full)
kuler
LG PC Suite II
LG USB Modem driver
Mafia
Mafia II - Demo
Malwarebytes' Anti-Malware
Mass Effect 2
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (3.6.8)
MSVCRT
MSXML4 Parser
NVIDIA PhysX
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OpenAL
OpenOffice.org 3.1
PDF Settings CS4
Photoshop Camera Raw
Prince of Persia The Forgotten Sands™
Prism Video Converter
Rapture3D 2.3.22 Game
Real Alternative 2.0.1
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Singularity(TM)
Sniper Ghost Warrior
SopCast 3.2.4
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
StarCraft II
Steam
STREET FIGHTER IV
Suite Shared Configuration CS4
The Matrix - Path of Neo
The Settlers 7 - Paths to a Kingdom
The Witcher Enhanced Edition
Tom Clancy's Splinter Cell Conviction
Transformers - War for Cybertron
TVAnts 1.0
Two Worlds
Ubisoft Game Launcher
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.16
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Movie Maker 2.6

Tot zo ver enorm bedankt voor de tips/waarschuwingen en snelle hulp-reacties:D.
 
Re: Controle - help

Hoi Lars, wat is dat toch.
Ook jij hebt de Verwijderen knop van MBAM niet gebruikt!

Maar ik wil dat je nu allereerst een antivirus installeert en wel de nummer 1 op gratis gebied: Avast 5!

Want om nu alleen op de firewallvan Windows 7 te vertrouwen, dat werkt niet!

http://download.cnet.com/Avast-Free...0019223.html?part=dl-85737&subj=dl&tag=button

Na download, installatie, registratie, updaten van zowel de database alsook de versie, doe je er een volledige systeemscan mee.
Installeer Avast met alle opties!
Dan komt de speciale module die onbekende malware kan herkennen ook mee.
Avast is de enigste gratis antivirus, die dat onderdeel aan boord heeft!

Post daarna wederom een HijackThis-log!
 
Laatst bewerkt:
Re: Controle - help

Goedemorgen!

Ik heb volgens mij wel op verwijderen gedrukt (99.9% zeker), ook moeten herstarten etc, misschien had ik het log al voor het herstarten bewaard.

Iig, avast gedownload, lange scan (ben maar gaan slapen:D), trojan in warcraft folder gevonden, en verplaatst naar 'virus chest'. Moet ik hier nu verder iets mee (deleten/restore etc)?

En hier de Hijackthis log:

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:43, on 17/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
d:\games\steam\steam.exe
c:\program files (x86)\daemon tools lite\dtlite.exe
c:\program files\alwil software\avast5\avastui.exe
c:\program files (x86)\portrait displays\pivot software\wpctrl.exe
c:\program files (x86)\acer display\edisplay management\dthtml.exe
c:\program files (x86)\portrait displays\pivot software\floater.exe
c:\program files (x86)\mozilla firefox\firefox.exe
c:\users\leftbird\desktop\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = http=127.0.0.1:5555
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [adobecs4servicemanager] c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe -launchedbylogin
o4 - hklm\..\run: [isusscheduler] c:\program files (x86)\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [avast5] c:\program files\alwil software\avast5\avastui.exe /nogui
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [aticustomercare] c:\program files (x86)\ati\aticustomercare\aticustomercare.exe
o4 - hklm\..\run: [pivotsoftware] c:\program files (x86)\portrait displays\pivot software\wpctrl.exe
o4 - hklm\..\run: [dt acr] c:\program files (x86)\common files\portrait displays\shared\dt_startup.exe -acr
o4 - hkcu\..\run: [steam] d:\games\steam\steam.exe -silent
o4 - hkcu\..\run: [isuspm startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
o4 - hkcu\..\run: [daemon tools lite] c:\program files (x86)\daemon tools lite\dtlite.exe -autorun
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: asp.net state service (aspnet_state) - unknown owner - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
o23 - service: asset management daemon - unknown owner - c:\program files (x86)\common files\portrait displays\plugins\am\dtsslsrv.exe
o23 - service: avast! antivirus - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: avast! mail scanner - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: avast! web scanner - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: dragon age: origins - content updater (daupdatersvc) - bioware - d:\games\dragon age\bin_ship\daupdatersvc.service.exe
o23 - service: portrait displays display tune service (dtsrvc) - unknown owner - c:\program files (x86)\common files\portrait displays\shared\dtsrvc.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: flexnet licensing service - acresso software inc. - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: flexnet licensing service 64 - acresso software inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: portrait displays sdk service (pdiservice) - portrait displays, inc. - c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: steam client service - valve corporation - c:\program files (x86)\common files\steam\steamservice.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: vtingwinie - unknown owner - c:\windows\system32\drivers\svchost.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 7890 bytes

[/hjt]
 
Re: Controle - help

Hallo Lars - Avast zit er goedd in! Mooi dus.

Maar er is nog altijd een probleem aanwezig!


Stap 1

De proxie-instellingen van Internet Explorer herstellen (want door malware veranderd):
  • Ga via Start naar Configuratiescherm en klik op Internetopties; alternatief klik je inde menubalk van Internet Explorer op "Extra" in da kies je in het uitklapmenu voor Internetopties.
  • Klik vervolgens op de tab "Verbindingen" en klik daar op de knop "Lan-instellingen
  • Verwijder het vinkje bij "Een proxyserver voor het LAN-netwerk gebruiken"
  • Vervolgens zet je een vinkje bij "Instellingen automatisch detecteren"
  • Klik achtereenvolgens tweemaal op de knop "OK"; heb je deze instellingen via Internet Explorer veranderd, dan de browser afsluiten.


Stap 2

Sluit alle openstaande vensters (dus kopieer eerst deze pagina naar kladblok) en start dan HijackThis en klik op de knop Do a Scan only,

r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyserver = http=127.0.0.1:5555
o23 - service: vtingwinie - unknown owner - c:\windows\system32\drivers\svchost.exe (file missing)

  • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
  • vervolgens klik je daarna op de knop Fix checked
  • Klik hierna HijackThis op uit.


Stap 3

Download Dr.Web CureIt en plaats het op je bureaublad: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

Dubbelklik op cureit.exe, en klik daarna op Start om het programma een snelle scan te laten uitvoeren.
Deze snelle scan zal de bestanden scannen die momenteel in het geheugen geladen zijn.
Wordt er wat gevonden, dan laat je CureIt dit repareren.
- Verschijnt er een venster met een aanbieding tot kopen met 50% korting, dan klik je deze weg met het kruisje.
Daarna zal het hoofdvenster zichtbaar worden.
- Kies bovenaan in het menu Optie voor Taal en wijzig deze naar Dutch (Nederlands), indien deze anders ingesteld staat.
- In het menu Opties kies je voor Instellingen veranderen (F9).
Op het tabblad "Scan" haal je het vinkje weg bij Heuristic Analyse.
Druk op Toepassen.
Op het tabblad "Bestandstypen" moet bij Scan mode geselecteerd zijn: Alle bestanden.
Op het tabblad "Acties" stel je het volgende in bij Malware:
-Adware: Verplaats
-Dialers: Verplaats
-Jokes: Rapportage
-Riskware: Rapportage
-Hacktools: Verplaats
Nog steeds op het tabblad "Acties" stel je het volgende in bij Objecten:
- Genfecteerde objecten: Repareer
- Onrepareerbare: Verplaats
- Verdachte objecten: Rapportage
Haal dan het vinkje weg bij: Prompt bij actie.
Druk op Toepassen.
Druk daarna op OK.
Terug in het hoofdvenster kan je selecteren welke scan je wil uitvoeren.
- Selecteer Volledige scan
Klik op de groene pijl aan de rechterkant om de scan te starten.
Indien de genfecteerde bestanden niet kunnen gedesinfecteerd worden, zullen deze verplaatst worden naar de map %userprofile%\DoctorWeb\Quarantine.
- Als de scan klaar is kies je in het menu voor Bestand voor Rapportagelijst opslaan en sla je de log op op je bureaublad.
- Sluit daarna Dr.Web Cureit.

Herstart je computer.
Dit moet je zeker uitvoeren, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen of verwijderen na een herstart.

Als de computer opnieuw gestart is, kopieer en plak je de inhoud van de log die je eerder hebt opgeslagen op je bureaublad, in je volgende post.
Post ook een nieuwe hijackthislog.
 
Re: Controle - help

Heya,
Scan duurde even (uurtje of 6-7), log is enorm lang (1+million regels), dus ik copy wel t eerste gedeelte (virus records?) en het laatste (overzicht):

Dr.Web Scanner for Windows v6.00.03 (6.00.03.08100)
(c) Doctor Web, Ltd., 1992-2010
Log generated on: 2010-08-17, 13:47:29 [MAINFRAME][LeftBird]
Command line: "C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\e3728_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Seven Ultimate x64/WOW (Build 7600)
=============================================================================
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\637cda0e - 1426 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\58307e52 - 636 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\679c1557 - 6904 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\604ad1eb - 6503 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\a807ef2a - 9823 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\2ea93801 - 7572 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\f099396e - 6996 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\ac7f3dde - 16360 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\fd597a2a - 29168 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\486e5c94 - 34202 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\9c6e5981 - 28292 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\3e68d721 - 27164 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\bfc4684d - 25131 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\20b4d991 - 31464 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\268916f2 - 18281 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\85dd670d - 18009 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\a0aa2bda - 24685 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\33709f8b - 13715 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\21630332 - 16025 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\57731daa - 15644 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\6577690a - 23265 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\1fc920a3 - 23135 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\094b6c45 - 20510 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\b618fff6 - 25475 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\06b43b61 - 16298 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\aed23609 - 19357 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\0ba7a636 - 18381 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\bfef918d - 19562 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\8a0c87c0 - 27102 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\7973c921 - 21223 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\96edba89 - 26228 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\a2732cdf - 23251 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\fda77ecc - 14982 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\b9bba054 - 17748 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\cdd90c56 - 18725 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\e8a31c68 - 18429 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\e45641ee - 6228 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\f5f3f67a - 142240 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\996d1cab - 66726 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\9e81f665 - 24512 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\b7f498bc - 82762 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\9e94e9f0 - 508543 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\ffd288c3 - 886 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\f15bff45 - 1959 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\a63c2fb9 - 2033 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\b57c0b80 - 1812 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\47844402 - 1738 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\e156e7c5 - 1885 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\81c83c01 - 2091 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\6181237a - 1569 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\53b914a7 - 1834 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\d1348c5d - 1564 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\d0ee8559 - 2297 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\cf45fb99 - 2110 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\0e063eda - 2007 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\b5f0a9c2 - 2370 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\c33497c5 - 2241 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\00f092c9 - 2596 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\9996f8c4 - 2024 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\8ba79e3e - 1609 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\8e29b675 - 1471 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\049de5e3 - 1445 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\6bec4867 - 1895 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\0001093f - 2312 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\8605d274 - 3006 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\760c63b5 - 2146 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\f205aebb - 1714 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\55ed6c05 - 2095 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\51d18d23 - 2715 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\b66a6748 - 2545 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\26605bb9 - 2801 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\9d0fdff1 - 6197 virus records
[Virus database] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\b5e33f9a - 28348 virus records
Total virus records: 1595997
[Self-checking] C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\e3728_xp.exe
Key file: C:\Users\LeftBird\AppData\Local\Temp\DE54CF96-44111D37-48692061-59E21723\setup.key
License key number: 0014068946
Registered to: An unauthorized User
License key activates on: 2010-03-16
License key expires on: 2010-09-16


Het 2e gedeelte:
-----------------------------------------------------------------------------
Scan statistieken
-----------------------------------------------------------------------------
Objecten gescand: 978517
Genfecteerde objecten gevonden: 76
Gemodificeerde objecten gevonden: 0
Verdachte objecten gevonden: 0
Adware programma's gevonden: 0
Dialer programma's gevonden: 0
Joke programma's gevonden: 0
Riskware programma's gevonden: 0
Hacktool programma's gevonden: 2
Objecten gerepareerd: 0
Objecten verwijderd: 0
Objecten hernoemd: 0
Objecten verplaatst: 60
Objecten genegeerd: 0
Scan snelheid: 68 Kb/s
Scan tijd: 7:39:10

Dus 7,5 uur^^

En tenslotte de Hijackthis:
[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:19:40, on 17/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
d:\games\steam\steam.exe
c:\program files (x86)\daemon tools lite\dtlite.exe
c:\program files\alwil software\avast5\avastui.exe
c:\program files (x86)\portrait displays\pivot software\wpctrl.exe
c:\program files (x86)\acer display\edisplay management\dthtml.exe
c:\program files (x86)\portrait displays\pivot software\floater.exe
c:\windows\syswow64\ctfmon.exe
c:\program files (x86)\mozilla firefox\firefox.exe
c:\users\leftbird\desktop\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [adobecs4servicemanager] c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe -launchedbylogin
o4 - hklm\..\run: [isusscheduler] c:\program files (x86)\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [avast5] c:\program files\alwil software\avast5\avastui.exe /nogui
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [aticustomercare] c:\program files (x86)\ati\aticustomercare\aticustomercare.exe
o4 - hklm\..\run: [pivotsoftware] c:\program files (x86)\portrait displays\pivot software\wpctrl.exe
o4 - hklm\..\run: [dt acr] c:\program files (x86)\common files\portrait displays\shared\dt_startup.exe -acr
o4 - hkcu\..\run: [steam] d:\games\steam\steam.exe -silent
o4 - hkcu\..\run: [isuspm startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
o4 - hkcu\..\run: [daemon tools lite] c:\program files (x86)\daemon tools lite\dtlite.exe -autorun
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: asp.net state service (aspnet_state) - unknown owner - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
o23 - service: asset management daemon - unknown owner - c:\program files (x86)\common files\portrait displays\plugins\am\dtsslsrv.exe
o23 - service: avast! antivirus - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: avast! mail scanner - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: avast! web scanner - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: dragon age: origins - content updater (daupdatersvc) - bioware - d:\games\dragon age\bin_ship\daupdatersvc.service.exe
o23 - service: portrait displays display tune service (dtsrvc) - unknown owner - c:\program files (x86)\common files\portrait displays\shared\dtsrvc.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: flexnet licensing service - acresso software inc. - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: flexnet licensing service 64 - acresso software inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: portrait displays sdk service (pdiservice) - portrait displays, inc. - c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: steam client service - valve corporation - c:\program files (x86)\common files\steam\steamservice.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 7717 bytes

[/hjt]

Wil ik ook nog even melden dat het echt te tof is dat jullie hiermee mensen helpen, dikke kudos:D
 
Re: Controle - help

Hoi Lars.

Zo te zien zit er een hoop ongein in je tijdele mappen!

Download TFC naar je bureaublad (klick)
N.B.: Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
  • Klik/dubbelklik op TFC.exe om het programma te starten.
  • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
  • Vervolgens klik je op de knop Start om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
  • Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
  • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
  • Noot: TFC vertoont geen log!

Je mag laten weten hoeveel MB TFC heeft schoongeveegd!
 
Re: Controle - help

gedaan, zon 338 mb schoon.
 
Re: Controle - help

Hoi Lars. 338MB is niet niks, toch!
maar in verband met de scanresultaten wil ik een uitgebreider log van je!

Ook heb ik je softwarelijst nagekeken en kan daar niet ontdekken, dat je een harddiskreiniger gebruikt!
En dat is echt belangrijk - ook om de snelheid van Windows niet te benadelen!

Maar eerst moet de algemene veiligheid omhoog - want Java is verouderd en dus een veiligheidsrisico!
Belangrijk - hou altijd n Java runtime in jouw Windows endan altijd de nieuwste versie!

Zie verder hier: http://www.nationaalcomputerforum.nl/showthread.php?t=65129

N.B.: jij gebruikt een 64-bit Windows - dus ook de 64-bit Java runtime installeren!


Hierna doe je het volgende:

download RSIT naar jouw bureaublad
  • Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
  • klik\Dubbelklik op RSIT.exe om het tool te starten.
  • Klik op Continue in het disclaimer venster.
  • Nadat de scan beindigd is, zullen twee logs openen.
  • Post aansluitend via DDRMMR's kleurcodeerder de inhoud van log.txt (deze zal gemaximaliseerd zijn) en dito van info.txt(hoeft niet via DDRMMR's kleurcodeerder) (deze zal geminimaliseerd zijn)

Voor gebruikers van Windows Vista 64-bit- of Windows 7 64-bit geldt overigens nog het volgende:
  • Dan dient RSIT in compatibiliteitsmodus uitgevoerd te worden.
  • Middels rechtsklik op RSIT.exe kies je voor Eigenschappen
  • klik nu op de tab Compatibiliteit
  • Vink Dit programma uitvoeren in compatibiliteitsmodus voor aan en kies vervolgens voor Windows XP (Service Pack 3)

RSIT produceert een behoorlijk groot log, dus het gebeuren, dat het log moet splitsen en in twee of meerdere keren moet posten.

Ga naar DDRMMR's kleurcodeerder



Nadat je de RSIT-logs hebt gepost, mag je onderstaande doen:

Harddisk en registerreiniging:
gebruik daarvoor de tools van Wise, namelijk de Free Disk Cleaner 5.52 en Free Registry Cleaner 5.53

Noot: het register van Windows hoeft niet permanent opgeschoont te worden - gebruik de Registry Cleaner zegge en schrijven 1x per 3 4 maanden!

http://www.wisecleaner.com/

Ook TFC kan je aan boord houden - voor het gebruik ervan geldt evenzeer hetzelfde als de registry cleaner!

En dan i het blangrijk je systeem regelmatig te defragmenteren ( 1 toy twee keer per maand!) - dat doe je na een reinigingsronde.

Gebruik daarvoor Auslogics Disk Defrag - deze gratis defragmenteerder werkt efficinter dan het Windows tool!

url=http://www.auslogics.com/disk-defrag

Zeker de eerste keer is het defragmenteren van Windows 7 een flinke kluif!
Dus start diverse malen achtereen de defragmenteerder!
 
RSIT log (deel 1)

[hjt]
Logfile of random's system information tool 1.08 (written by random/random)
Run by LeftBird at 2010-08-18 13:06:44
Microsoft Windows 7 Ultimate Service Pack 3
System drive C: has 127 GB (27%) free of 469 GB
Total RAM: 6135 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:06:46, on 18/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
c:\program files\alwil software\avast5\avastui.exe
c:\program files (x86)\utorrent\utorrent.exe
c:\program files (x86)\k-lite codec pack\media player classic\mpc-hc.exe
c:\program files (x86)\mozilla firefox\firefox.exe
c:\users\leftbird\desktop\rsit.exe
c:\program files (x86)\trend micro\leftbird.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://www.foozir.com/[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [adobecs4servicemanager] c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe -launchedbylogin
o4 - hklm\..\run: [isusscheduler] c:\program files (x86)\common files\installshield\updateservice\issch.exe -start
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [avast5] c:\program files\alwil software\avast5\avastui.exe /nogui
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [aticustomercare] c:\program files (x86)\ati\aticustomercare\aticustomercare.exe
o4 - hkcu\..\run: [steam] d:\games\steam\steam.exe -silent
o4 - hkcu\..\run: [isuspm startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
o4 - hkcu\..\run: [daemon tools lite] c:\program files (x86)\daemon tools lite\dtlite.exe -autorun
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: asp.net state service (aspnet_state) - unknown owner - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
o23 - service: avast! antivirus - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: avast! mail scanner - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: avast! web scanner - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: dragon age: origins - content updater (daupdatersvc) - bioware - d:\games\dragon age\bin_ship\daupdatersvc.service.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: flexnet licensing service - acresso software inc. - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: flexnet licensing service 64 - acresso software inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: steam client service - valve corporation - c:\program files (x86)\common files\steam\steamservice.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 6900 bytes
======registry dump======
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{18df081c-e8ad-4283-a596-fa578c2ebdc3}]
adobe pdf link helper - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll [2010-06-19 75200]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030d464-4c02-4abf-8ecc-5164760863c6}]
windows live sign-in helper - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll [2009-01-22 408448]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2010-06-09 976832]
"adobecs4servicemanager"=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe [2008-08-14 611712]
"isusscheduler"=c:\program files (x86)\common files\installshield\updateservice\issch.exe [2004-06-16 81920]
"adobe reader speed launcher"=c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [2010-06-20 35760]
"avast5"=c:\program files\alwil software\avast5\avastui.exe [2010-06-28 2837864]
"startccc"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2010-05-27 98304]
"aticustomercare"=c:\program files (x86)\ati\aticustomercare\aticustomercare.exe [2010-03-04 311296]
[hkey_current_user\software\microsoft\windows\currentversion\run]
"steam"=d:\games\steam\steam.exe [2010-05-11 1238352]
"adobebridge"= []
"isuspm startup"=c:\progra~2\common~1\instal~1\update~1\isuspm.exe [2004-06-16 221184]
"daemon tools lite"=c:\program files (x86)\daemon tools lite\dtlite.exe [2010-04-01 357696]
[hkey_local_machine\system\currentcontrolset\control\securityproviders]
"securityproviders"=credssp.dll
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\appinfo]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\efs]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\keyiso]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\ntds]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\power]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\profsvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\rpceptmapper]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\sacsvr]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\swprv]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\tabletinputservice]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\tbs]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\trustedinstaller]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\vmms]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\volmgr.sys]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\windefend]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfpf]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfrd]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wudfsvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{6bdd1fc1-810f-11d0-bec7-08002be2092f}]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{d48179be-ec20-11d1-b6b8-00c04fa372a7}]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\appinfo]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\bfe]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\bowser]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\dfsc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\dot3svc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\eaphost]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\efs]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\ikeext]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\keyiso]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\mpsdrv]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\mpssvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\mrxsmb]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\mrxsmb10]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\mrxsmb20]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\nativewifip]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\ndiscap]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\netprofm]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\nlasvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\nsi]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\nsiproxy.sys]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\ntds]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\policyagent]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\power]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\profsvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\rdbss]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\rdpencdd.sys]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\rpceptmapper]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\sacsvr]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\scardsvr]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\swprv]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\tabletinputservice]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\tbs]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\trustedinstaller]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\vaultsvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\vds]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\vmms]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\volmgr.sys]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\volmgrx.sys]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\windefend]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wlansvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfpf]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfrd]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfsvc]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\wudfusbcciddriver]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\{50dd5230-ba8a-11d1-bf5d-0000f805f530}]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\{533c5b84-ec70-11d2-9505-00c04f79deaf}]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\{6bdd1fc1-810f-11d0-bec7-08002be2092f}]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\{d48179be-ec20-11d1-b6b8-00c04fa372a7}]
[hkey_local_machine\system\currentcontrolset\control\safeboot\network\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"=0
"consentpromptbehavioruser"=3
"enablelua"=0
"enableuiadesktoptoggle"=0
"promptonsecuredesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer]
"noactivedesktop"=1
"noactivedesktopchanges"=1
"forceactivedesktopon"=0
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[/hjt]
 
RSIT log (deel 2)

[hjt]
======file associations======
.js - edit - c:\windows\system32\notepad.exe %1
.js - open - c:\windows\system32\wscript.exe "%1" %*
======list of files/folders created in the last 1 months======
2010-08-18 13:06:44 ----d---- c:\rsit
2010-08-18 13:06:44 ----d---- c:\program files (x86)\trend micro
2010-08-18 01:19:40 ----a---- c:\windows\wininit.ini
2010-08-18 01:19:24 ----d---- c:\program files (x86)\powerstrip
2010-08-18 00:06:41 ----d---- c:\program files (x86)\common files\portrait displays
2010-08-17 12:34:43 ----d---- c:\users\leftbird\appdata\roaming\displaytune
2010-08-17 12:29:45 ----a---- c:\windows\msvcr70.dll
2010-08-17 12:29:45 ----a---- c:\windows\msvcp70.dll
2010-08-17 12:29:45 ----a---- c:\windows\msvbvm60.dll
2010-08-17 12:29:45 ----a---- c:\windows\gdiplus.dll
2010-08-17 12:25:16 ----d---- c:\programdata\ati
2010-08-17 12:23:52 ----d---- c:\program files (x86)\common files\ati technologies
2010-08-17 12:23:50 ----d---- c:\program files (x86)\ati
2010-08-17 02:53:53 ----a---- c:\windows\syswow64\aswboot.exe
2010-08-17 02:53:51 ----d---- c:\programdata\alwil software
2010-08-17 00:18:01 ----d---- c:\users\leftbird\appdata\roaming\malwarebytes
2010-08-17 00:17:55 ----d---- c:\programdata\malwarebytes
2010-08-17 00:17:55 ----d---- c:\program files (x86)\malwarebytes' anti-malware
2010-08-17 00:17:55 ----a---- c:\windows\syswow64\drivers\mbamswissarmy.sys
2010-08-16 21:11:35 ----shd---- c:\config.msi
2010-08-16 19:20:21 ----hd---- c:\programdata\~0
2010-08-14 19:15:29 ----d---- c:\program files (x86)\sopcast
2010-08-13 18:46:08 ----d---- c:\programdata\nero
2010-08-10 12:58:38 ----d---- c:\users\leftbird\appdata\roaming\the creative assembly
2010-08-10 12:12:47 ----d---- c:\program files (x86)\nvidia corporation
2010-08-10 12:12:40 ----a---- c:\windows\syswow64\xaudio2_7.dll
2010-08-10 12:12:40 ----a---- c:\windows\syswow64\xapofx1_5.dll
2010-08-10 12:12:39 ----a---- c:\windows\syswow64\xactengine3_7.dll
2010-08-10 12:12:39 ----a---- c:\windows\syswow64\d3dx9_43.dll
2010-08-10 12:12:39 ----a---- c:\windows\syswow64\d3dx11_43.dll
2010-08-10 12:12:39 ----a---- c:\windows\syswow64\d3dx10_43.dll
2010-08-10 12:12:39 ----a---- c:\windows\syswow64\d3dcsx_43.dll
2010-08-10 12:12:39 ----a---- c:\windows\syswow64\d3dcompiler_43.dll
2010-08-08 14:32:35 ----d---- c:\programdata\tvu networks
2010-08-08 14:31:58 ----d---- c:\windows\syswow64\tvuax
2010-08-08 11:56:15 ----d---- c:\program files (x86)\reality pump
2010-07-25 14:46:47 ----d---- c:\program files (x86)\creative
2010-07-25 14:46:47 ----a---- c:\windows\syswow64\eax.dll
2010-07-25 14:46:46 ----a---- c:\windows\isuninst.exe
2010-07-22 12:45:24 ----d---- c:\programdata\lavasoft
2010-07-22 12:45:24 ----d---- c:\program files (x86)\lavasoft
2010-07-22 10:45:31 ----d---- c:\programdata\spybot - search & destroy
2010-07-21 10:57:45 ----d---- c:\programdata\blizzard entertainment
2010-07-19 17:27:16 ----a---- c:\windows\syswow64\dfttuyo.txt
======list of files/folders modified in the last 1 months======
2010-08-18 13:06:46 ----d---- c:\windows\prefetch
2010-08-18 13:06:44 ----rd---- c:\program files (x86)
2010-08-18 13:06:19 ----d---- c:\users\leftbird\appdata\roaming\utorrent
2010-08-18 13:04:12 ----shd---- c:\windows\installer
2010-08-18 13:04:05 ----d---- c:\windows\syswow64
2010-08-18 13:03:52 ----shd---- c:\system volume information
2010-08-18 09:22:33 ----d---- c:\windows\temp
2010-08-18 01:25:43 ----d---- c:\windows\system32
2010-08-18 01:25:42 ----d---- c:\windows\inf
2010-08-18 01:19:40 ----d---- c:\windows
2010-08-18 01:19:24 ----d---- c:\windows\syswow64\drivers
2010-08-18 01:12:00 ----hd---- c:\program files (x86)\installshield installation information
2010-08-18 00:06:41 ----d---- c:\program files (x86)\common files
2010-08-17 12:25:16 ----ahd---- c:\programdata
2010-08-17 12:23:09 ----d---- c:\program files (x86)\ati technologies
2010-08-17 12:23:05 ----rd---- c:\program files
2010-08-17 12:03:37 ----sd---- c:\programdata\microsoft
2010-08-17 03:47:56 ----d---- c:\users\leftbird\appdata\roaming\vlc
2010-08-17 00:16:07 ----d---- c:\windows\debug
2010-08-16 22:02:27 ----d---- c:\windows\tasks
2010-08-16 22:01:31 ----d---- c:\users\leftbird\appdata\roaming\winamp
2010-08-16 22:01:29 ----d---- c:\windows\registration
2010-08-16 16:40:23 ----d---- c:\program files (x86)\mozilla firefox
2010-08-15 18:47:20 ----d---- c:\windows\winsxs
2010-08-14 12:43:30 ----d---- c:\program files (x86)\lg pc suite ii
2010-08-14 11:19:49 ----d---- c:\program files (x86)\microsoft silverlight
2010-08-12 10:45:39 ----d---- c:\program files (x86)\utorrent
2010-08-10 12:56:28 ----rsd---- c:\windows\assembly
2010-08-09 19:52:53 ----sd---- c:\users\leftbird\appdata\roaming\microsoft
2010-08-06 16:02:22 ----d---- c:\program files (x86)\common files\blizzard entertainment
2010-07-22 16:27:14 ----d---- c:\users\leftbird\appdata\roaming\mozilla
2010-07-22 16:23:05 ----d---- c:\windows\usgwmt
2010-07-22 16:23:05 ----d---- c:\windows\syswow64\config
2010-07-22 12:37:39 ----d---- c:\windows\appcompat
2010-07-22 12:37:39 ----d---- c:\users\leftbird\appdata\roaming\cosfeti
2010-07-22 12:37:37 ----d---- c:\program files (x86)\brs
2010-07-22 00:03:50 ----d---- c:\windows.old
2010-07-19 13:59:31 ----d---- c:\program files (x86)\daemon tools lite
======list of drivers (r=running, s=stopped, 0=boot, 1=system, 2=auto, 3=demand, 4=disabled)======
r0 amdxata;amdxata; c:\windows\system32\drivers\amdxata.sys []
r0 clfs;@%systemroot%\system32\clfs.sys,-100; c:\windows\system32\clfs.sys []
r0 cng;cng; c:\windows\system32\drivers\cng.sys []
r0 fileinfo;@%systemroot%\system32\drivers\fileinfo.sys,-100; c:\windows\system32\drivers\fileinfo.sys []
r0 fvevol;@%systemroot%\system32\drivers\fvevol.sys,-100; c:\windows\system32\drivers\fvevol.sys []
r0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; c:\windows\system32\drivers\hwpolicy.sys []
r0 ksecpkg;ksecpkg; c:\windows\system32\drivers\ksecpkg.sys []
r0 msahci;msahci; c:\windows\system32\drivers\msahci.sys []
r0 msisadrv;msisadrv; c:\windows\system32\drivers\msisadrv.sys []
r0 pcw;performance counters for windows driver; c:\windows\system32\drivers\pcw.sys []
r0 rdyboost;readyboost; c:\windows\system32\drivers\rdyboost.sys []
r0 spldr;security processor loader driver; c:\windows\syswow64\drivers\spldr.sys []
r0 sptd;sptd; c:\windows\system32\drivers\sptd.sys []
r0 storflt;@%systemroot%\system32\vmstorfltres.dll,-1000; c:\windows\system32\drivers\vmstorfl.sys []
r0 vdrvroot;microsoft virtual drive enumerator driver; c:\windows\system32\drivers\vdrvroot.sys []
r0 volmgr;volume manager driver; c:\windows\system32\drivers\volmgr.sys []
r0 volmgrx;@%systemroot%\system32\drivers\volmgrx.sys,-100; c:\windows\system32\drivers\volmgrx.sys []
r0 wdf01000;kernel mode driver frameworks service; c:\windows\system32\drivers\wdf01000.sys []
r1 aswrdr;aswrdr; c:\windows\syswow64\drivers\aswrdr.sys []
r1 aswsp;aswsp; c:\windows\syswow64\drivers\aswsp.sys []
r1 aswtdi;avast! network shield support; c:\windows\syswow64\drivers\aswtdi.sys []
r1 blbdrive;blbdrive; c:\windows\system32\drivers\blbdrive.sys []
r1 csc;@%systemroot%\system32\cscsvc.dll,-202; c:\windows\system32\drivers\csc.sys []
r1 dfsc;@%systemroot%\system32\drivers\dfsc.sys,-101; c:\windows\system32\drivers\dfsc.sys []
r1 discache;@%systemroot%\system32\drivers\discache.sys,-102; c:\windows\system32\drivers\discache.sys []
r1 nsiproxy;@%systemroot%\system32\drivers\nsiproxy.sys,-2; c:\windows\system32\drivers\nsiproxy.sys []
r1 pstrip64;pstrip64; c:\windows\system32\drivers\pstrip64.sys []
r1 rdpencdd;@%systemroot%\system32\drivers\rdpencdd.sys,-101; c:\windows\system32\drivers\rdpencdd.sys []
r1 rdprefmp;@%systemroot%\system32\drivers\rdprefmp.sys,-101; c:\windows\system32\drivers\rdprefmp.sys []
r1 tdx;@%systemroot%\system32\tcpipcfg.dll,-50004; c:\windows\system32\drivers\tdx.sys []
r1 wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; c:\windows\system32\drivers\wanarp.sys []
r1 wfplwf;wfp lightweight filter; c:\windows\system32\drivers\wfplwf.sys []
r2 adfs;adfs; c:\windows\syswow64\drivers\adfs.sys [2008-08-14 74720]
r2 aswfsblk;aswfsblk; c:\windows\syswow64\drivers\aswfsblk.sys []
r2 aswmonflt;aswmonflt; \??\c:\windows\system32\drivers\aswmonflt.sys []
r2 lirsgt;lirsgt; c:\windows\system32\drivers\lirsgt.sys []
r2 lltdio;link-layer topology discovery mapper i/o driver; c:\windows\system32\drivers\lltdio.sys []
r2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; c:\windows\system32\drivers\luafv.sys []
r2 peauth;peauth; c:\windows\system32\drivers\peauth.sys []
r2 rspndr;link-layer topology discovery responder; c:\windows\system32\drivers\rspndr.sys []
r2 tcpipreg;tcp/ip registry compatibility; c:\windows\system32\drivers\tcpipreg.sys []
r3 1394ohci;1394 ohci compliant host controller; c:\windows\system32\drivers\1394ohci.sys []
r3 amdkmdag;amdkmdag; c:\windows\system32\drivers\atikmdag.sys []
r3 amdkmdap;amdkmdap; c:\windows\system32\drivers\atikmpag.sys []
r3 atihdmiservice;ati function driver for high definition audio service; c:\windows\system32\drivers\atihdmi.sys []
r3 bowser;@%systemroot%\system32\browser.dll,-102; c:\windows\system32\drivers\bowser.sys []
r3 compositebus;composite bus enumerator driver; c:\windows\system32\drivers\compositebus.sys []
r3 dxgkrnl;lddm graphics subsystem; c:\windows\system32\drivers\dxgkrnl.sys []
r3 e1yexpress;intel(r) gigabit network connections driver; c:\windows\system32\drivers\e1y60x64.sys []
r3 hdaudaddservice;microsoft 1.1 uaa function driver for high definition audio service; c:\windows\system32\drivers\hdaudio.sys []
r3 hdaudbus;microsoft uaa bus driver for high definition audio; c:\windows\system32\drivers\hdaudbus.sys []
r3 hidusb;microsoft hid class driver; c:\windows\system32\drivers\hidusb.sys []
r3 intelppm;intel processor driver; c:\windows\system32\drivers\intelppm.sys []
r3 kbdhid;keyboard hid driver; c:\windows\system32\drivers\kbdhid.sys []
r3 ksthunk;kernel streaming thunks; c:\windows\system32\drivers\ksthunk.sys []
r3 monitor;microsoft monitor class function driver service; c:\windows\system32\drivers\monitor.sys []
r3 mouhid;mouse hid driver; c:\windows\system32\drivers\mouhid.sys []
r3 mpsdrv;@%systemroot%\system32\firewallapi.dll,-23092; c:\windows\system32\drivers\mpsdrv.sys []
r3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; c:\windows\system32\drivers\mrxsmb10.sys []
r3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; c:\windows\system32\drivers\mrxsmb20.sys []
r3 rasagilevpn;wan miniport (ikev2); c:\windows\system32\drivers\agilevpn.sys []
r3 rassstp;@%systemroot%\system32\sstpsvc.dll,-202; c:\windows\system32\drivers\rassstp.sys []
r3 rdpbus;remote desktop device redirector bus driver; c:\windows\system32\drivers\rdpbus.sys []
r3 srv2;@%systemroot%\system32\srvsvc.dll,-104; c:\windows\system32\drivers\srv2.sys []
r3 srvnet;srvnet; c:\windows\system32\drivers\srvnet.sys []
r3 tunnel;microsoft tunnel miniport adapter driver; c:\windows\system32\drivers\tunnel.sys []
r3 umbus;umbus enumerator driver; c:\windows\system32\drivers\umbus.sys []
r3 usbbus;lge mobile composite usb device; c:\windows\system32\drivers\lgx64bus.sys []
r3 usbccgp;microsoft usb generic parent driver; c:\windows\system32\drivers\usbccgp.sys []
r3 usbdiag;lge mobile usb serial port; c:\windows\system32\drivers\lgx64diag.sys []
r3 usbmodem;lge mobile usb modem; c:\windows\system32\drivers\lgx64modem.sys []
r3 usbstor;usb mass storage driver; c:\windows\system32\drivers\usbstor.sys []
r3 usbuhci;microsoft usb universal host controller miniport driver; c:\windows\system32\drivers\usbuhci.sys []
r3 wmiacpi;microsoft windows management interface for acpi; c:\windows\system32\drivers\wmiacpi.sys []
r3 wudfpf;user mode driver frameworks platform driver; c:\windows\system32\drivers\wudfpf.sys []
r3 wudfrd;wudfrd; c:\windows\system32\drivers\wudfrd.sys []
r3 xnacc;xbox 360 controller for windows driver service; c:\windows\system32\drivers\xnacc.sys []
s2 {09bb444f-b2e2-4009-baf2-7b727681223e};buddyvm; \??\c:\program files (x86)\vmlaunch\buddyvm.sys []
s2 atksgt;atksgt; c:\windows\system32\drivers\atksgt.sys []
s3 a08i6x2j;a08i6x2j; c:\windows\syswow64\drivers\a08i6x2j.sys []
s3 acpipmi;acpi power meter driver; c:\windows\system32\drivers\acpipmi.sys []
s3 adp94xx;adp94xx; c:\windows\system32\drivers\adp94xx.sys []
s3 adpahci;adpahci; c:\windows\system32\drivers\adpahci.sys []
s3 adpu320;adpu320; c:\windows\system32\drivers\adpu320.sys []
s3 agp440;intel agp bus filter; c:\windows\system32\drivers\agp440.sys []
s3 amdide;amdide; c:\windows\system32\drivers\amdide.sys []
s3 amdk8;amd k8 processor driver; c:\windows\system32\drivers\amdk8.sys []
s3 amdppm;amd processor driver; c:\windows\system32\drivers\amdppm.sys []
s3 amdsata;amdsata; c:\windows\system32\drivers\amdsata.sys []
s3 amdsbs;amdsbs; c:\windows\system32\drivers\amdsbs.sys []
s3 appid;@%systemroot%\system32\appidsvc.dll,-102; c:\windows\system32\drivers\appid.sys []
s3 arc;arc; c:\windows\system32\drivers\arc.sys []
s3 arcsas;arcsas; c:\windows\system32\drivers\arcsas.sys []
s3 atikmdag;atikmdag; c:\windows\system32\drivers\atikmdag.sys []
s3 b06bdrv;broadcom netxtreme ii vbd; c:\windows\system32\drivers\bxvbda.sys []
s3 b57nd60a;broadcom netxtreme gigabit ethernet - ndis 6.0; c:\windows\system32\drivers\b57nd60a.sys []
s3 brfiltlo;brother usb mass-storage lower filter driver; c:\windows\system32\drivers\brfiltlo.sys []
s3 brfiltup;brother usb mass-storage upper filter driver; c:\windows\system32\drivers\brfiltup.sys []
s3 brserid;brother mfc serial port interface driver (wdm); c:\windows\system32\drivers\brserid.sys []
s3 brserwdm;brother wdm serial driver; c:\windows\system32\drivers\brserwdm.sys []
s3 brusbmdm;brother mfc usb fax only modem; c:\windows\system32\drivers\brusbmdm.sys []
s3 brusbser;brother mfc usb serial wdm driver; c:\windows\system32\drivers\brusbser.sys []
s3 bthmodem;bluetooth serial communications driver; c:\windows\system32\drivers\bthmodem.sys []
s3 circlass;consumer ir devices; c:\windows\system32\drivers\circlass.sys []
s3 ebdrv;broadcom netxtreme ii 10 gige vbd; c:\windows\system32\drivers\evbda.sys []
s3 elxstor;elxstor; c:\windows\system32\drivers\elxstor.sys []
s3 errdev;microsoft hardware error device driver; c:\windows\system32\drivers\errdev.sys []
s3 exfat;exfat file system driver; c:\windows\syswow64\drivers\exfat.sys []
s3 filetrace;@%systemroot%\system32\drivers\filetrace.sys,-10001; c:\windows\system32\drivers\filetrace.sys []
s3 fsdepends;@%systemroot%\system32\drivers\fsdepends.sys,-10001; c:\windows\system32\drivers\fsdepends.sys []
s3 gagp30kx;microsoft generic agpv3.0 filter for k8 processor platforms; c:\windows\system32\drivers\gagp30kx.sys []
s3 hcw85cir;hauppauge consumer infrared receiver; c:\windows\system32\drivers\hcw85cir.sys []
s3 hidbatt;hid ups battery driver; c:\windows\system32\drivers\hidbatt.sys []
s3 hidbth;microsoft bluetooth hid miniport; c:\windows\system32\drivers\hidbth.sys []
s3 hidir;microsoft infrared hid driver; c:\windows\system32\drivers\hidir.sys []
s3 hpsamd;hpsamd; c:\windows\system32\drivers\hpsamd.sys []
s3 iastorv;iastorv; c:\windows\system32\drivers\iastorv.sys []
s3 iirsp;iirsp; c:\windows\system32\drivers\iirsp.sys []
s3 ipmidrv;ipmidrv; c:\windows\system32\drivers\ipmidrv.sys []
s3 iscsiprt;iscsiport driver; c:\windows\system32\drivers\msiscsi.sys []
s3 lavasoft kernexplorer;lavasoft helper driver; \??\c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys []
s3 lsi_fc;lsi_fc; c:\windows\system32\drivers\lsi_fc.sys []
s3 lsi_sas;lsi_sas; c:\windows\system32\drivers\lsi_sas.sys []
s3 lsi_sas2;lsi_sas2; c:\windows\system32\drivers\lsi_sas2.sys []
s3 lsi_scsi;lsi_scsi; c:\windows\system32\drivers\lsi_scsi.sys []
s3 megasas;megasas; c:\windows\system32\drivers\megasas.sys []
s3 megasr;megasr; c:\windows\system32\drivers\megasr.sys []
s3 mpio;mpio; c:\windows\system32\drivers\mpio.sys []
s3 msdsm;msdsm; c:\windows\system32\drivers\msdsm.sys []
s3 mshidkmdf;@%systemroot%\system32\drivers\mshidkmdf.sys,-100; c:\windows\system32\drivers\mshidkmdf.sys []
s3 msrpc;msrpc; c:\windows\syswow64\drivers\msrpc.sys []
s3 mstee;microsoft streaming tee/sink-to-sink converter; c:\windows\system32\drivers\mstee.sys []
s3 mtconfig;microsoft input configuration driver; c:\windows\system32\drivers\mtconfig.sys []
s3 nativewifip;nativewifi filter; c:\windows\system32\drivers\nwifi.sys []
s3 ndiscap;ndis capture lightweight filter; c:\windows\system32\drivers\ndiscap.sys []
s3 nfrd960;nfrd960; c:\windows\system32\drivers\nfrd960.sys []
s3 nv_agp;nvidia nforce agp bus filter; c:\windows\system32\drivers\nv_agp.sys []
s3 nvraid;nvraid; c:\windows\system32\drivers\nvraid.sys []
s3 nvstor;nvstor; c:\windows\system32\drivers\nvstor.sys []
s3 ohci1394;1394 ohci compliant host controller (legacy); c:\windows\system32\drivers\ohci1394.sys []
s3 ql2300;ql2300; c:\windows\system32\drivers\ql2300.sys []
s3 ql40xx;ql40xx; c:\windows\system32\drivers\ql40xx.sys []
s3 qwavedrv;@%systemroot%\system32\drivers\qwavedrv.sys,-1; c:\windows\system32\drivers\qwavedrv.sys []
s3 s3cap;s3cap; c:\windows\system32\drivers\vms3cap.sys []
s3 sbp2port;sbp2port; c:\windows\system32\drivers\sbp2port.sys []
s3 scfilter;@%systemroot%\system32\drivers\scfilter.sys,-11; c:\windows\system32\drivers\scfilter.sys []
s3 sermouse;serial mouse driver; c:\windows\system32\drivers\sermouse.sys []
s3 sffdisk;sff storage class driver; c:\windows\system32\drivers\sffdisk.sys []
s3 sffp_mmc;sff storage protocol driver for mmc; c:\windows\system32\drivers\sffp_mmc.sys []
s3 sffp_sd;sff storage protocol driver for sdbus; c:\windows\system32\drivers\sffp_sd.sys []
s3 sisraid2;sisraid2; c:\windows\system32\drivers\sisraid2.sys []
s3 sisraid4;sisraid4; c:\windows\system32\drivers\sisraid4.sys []
s3 smb;@%systemroot%\system32\tcpipcfg.dll,-50005; c:\windows\system32\drivers\smb.sys []
s3 stexstor;stexstor; c:\windows\system32\drivers\stexstor.sys []
s3 storvsc;storvsc; c:\windows\system32\drivers\storvsc.sys []
s3 tcpip6;microsoft ipv6 protocol driver; c:\windows\system32\drivers\tcpip.sys []
s3 tssecsrv;@%systemroot%\system32\drivers\tssecsrv.sys,-101; c:\windows\system32\drivers\tssecsrv.sys []
s3 uagp35;microsoft agpv3.5 filter; c:\windows\system32\drivers\uagp35.sys []
s3 uliagpkx;uli agp bus filter; c:\windows\system32\drivers\uliagpkx.sys []
s3 umpass;microsoft umpass driver; c:\windows\system32\drivers\umpass.sys []
s3 usbcir;ehome infrared receiver (usbcir); c:\windows\system32\drivers\usbcir.sys []
s3 usbprint;microsoft usb printer class; c:\windows\system32\drivers\usbprint.sys []
s3 vga;vga; c:\windows\system32\drivers\vgapnp.sys []
s3 vhdmp;vhdmp; c:\windows\system32\drivers\vhdmp.sys []
s3 vmbus;@%systemroot%\system32\vmbusres.dll,-1000; c:\windows\system32\drivers\vmbus.sys []
s3 vmbushid;vmbushid; c:\windows\system32\drivers\vmbushid.sys []
s3 vsmraid;vsmraid; c:\windows\system32\drivers\vsmraid.sys []
s3 vwifibus;@%systemroot%\system32\drivers\vwifibus.sys,-257; c:\windows\system32\drivers\vwifibus.sys []
s3 wacompen;wacom serial pen hid driver; c:\windows\system32\drivers\wacompen.sys []
s3 wd;wd; c:\windows\system32\drivers\wd.sys []
s3 wimmount;wimmount; c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
s4 crcdisk;crcdisk filter driver; c:\windows\system32\drivers\crcdisk.sys []
s4 ws2ifsl;@%systemroot%\system32\drivers\ws2ifsl.sys,-1000; c:\windows\system32\drivers\ws2ifsl.sys []
======list of services (r=running, s=stopped, 0=boot, 1=system, 2=auto, 3=demand, 4=disabled)======
r2 amd external events utility;amd external events utility; c:\windows\system32\atiesrxx.exe []
r2 audioendpointbuilder;@%systemroot%\system32\audiosrv.dll,-204; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 avast! antivirus;avast! antivirus; c:\program files\alwil software\avast5\avastsvc.exe [2010-06-28 40384]
r2 bfe;@%systemroot%\system32\bfe.dll,-1001; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 cscservice;@%systemroot%\system32\cscsvc.dll,-200; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 dps;@%systemroot%\system32\dps.dll,-500; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 fdrespub;@%systemroot%\system32\fdrespub.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 gpsvc;@gpapi.dll,-112; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 ikeext;@%systemroot%\system32\ikeext.dll,-501; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 iphlpsvc;@%systemroot%\system32\iphlpsvc.dll,-500; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 mmcss;@%systemroot%\system32\mmcss.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 mpssvc;@%systemroot%\system32\firewallapi.dll,-23090; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 nlasvc;@%systemroot%\system32\nlasvc.dll,-1; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 nsi;@%systemroot%\system32\nsisvc.dll,-200; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 pcasvc;@%systemroot%\system32\pcasvc.dll,-1; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 power;@%systemroot%\system32\umpo.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 profsvc;@%systemroot%\system32\profsvc.dll,-300; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 rpceptmapper;@%windir%\system32\rpcepmap.dll,-1001; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 sysmain;@%systemroot%\system32\sysmain.dll,-1000; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 uxsms;@%systemroot%\system32\dwm.exe,-2000; c:\windows\system32\svchost.exe [2009-07-14 20992]
r2 wmpnetworksvc;@%programfiles%\windows media player\wmpnetwk.exe,-101; c:\program files (x86)\windows media player\wmpnetwk.exe []
r2 wsearch;@%systemroot%\system32\searchindexer.exe,-103; c:\windows\system32\searchindexer.exe [2009-07-14 428032]
r2 wudfsvc;@%systemroot%\system32\wudfsvc.dll,-1000; c:\windows\system32\svchost.exe [2009-07-14 20992]
r3 aelookupsvc;@%systemroot%\system32\aelupsvc.dll,-1; c:\windows\system32\svchost.exe [2009-07-14 20992]
r3 avast! mail scanner;avast! mail scanner; c:\program files\alwil software\avast5\avastsvc.exe [2010-06-28 40384]
r3 avast! web scanner;avast! web scanner; c:\program files\alwil software\avast5\avastsvc.exe [2010-06-28 40384]
r3 fontcache;@%systemroot%\system32\fntcache.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
r3 netprofm;@%systemroot%\system32\netprofm.dll,-202; c:\windows\system32\svchost.exe [2009-07-14 20992]
r3 wdiservicehost;@%systemroot%\system32\wdi.dll,-502; c:\windows\system32\svchost.exe [2009-07-14 20992]
r3 wpdbusenum;@%systemroot%\system32\wpdbusenum.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s2 sppsvc;@%systemroot%\system32\sppsvc.exe,-101; c:\windows\system32\sppsvc.exe []
s3 appidsvc;@%systemroot%\system32\appidsvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 appinfo;@%systemroot%\system32\appinfo.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 aspnet_state;asp.net state service; c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe []
s3 axinstsv;@%systemroot%\system32\axinstsv.dll,-103; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 bdesvc;@%systemroot%\system32\bdesvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 bthserv;@%systemroot%\system32\bthserv.dll,-101; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 certpropsvc;@%systemroot%\system32\certprop.dll,-11; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 clr_optimization_v2.0.50727_32;microsoft .net framework ngen v2.0.50727_x86; c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
s3 clr_optimization_v2.0.50727_64;microsoft .net framework ngen v2.0.50727_x64; c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
s3 daupdatersvc;dragon age: origins - content updater; d:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
s3 defragsvc;@%systemroot%\system32\defragsvc.dll,-101; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 efs;@%systemroot%\system32\efssvc.dll,-100; c:\windows\system32\lsass.exe []
s3 ehrecvr;@%systemroot%\ehome\ehrecvr.exe,-101; c:\windows\ehome\ehrecvr.exe [2009-07-14 696832]
s3 ehsched;@%systemroot%\ehome\ehsched.exe,-101; c:\windows\ehome\ehsched.exe [2009-07-14 127488]
s3 fax;@%systemroot%\system32\fxsresm.dll,-118; c:\windows\system32\fxssvc.exe []
s3 fdphost;@%systemroot%\system32\fdphost.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 flexnet licensing service 64;flexnet licensing service 64; c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe [2010-03-31 1038088]
s3 flexnet licensing service;flexnet licensing service; c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe [2010-03-31 655624]
s3 fontcache3.0.0.0;@%systemroot%\system32\presentationhost.exe,-3309; c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe [2009-06-10 42840]
s3 homegrouplistener;@%systemroot%\system32\listsvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 homegroupprovider;@%systemroot%\system32\provsvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 idsvc;@%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\servicemodelinstallrc.dll,-8193; c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe [2009-06-10 856384]
s3 ipbusenum;@%systemroot%\system32\ipbusenum.dll,-102; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 keyiso;@keyiso.dll,-100; c:\windows\system32\lsass.exe []
s3 ktmrm;@comres.dll,-2946; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 lltdsvc;@%systemroot%\system32\lltdres.dll,-1; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 msiscsi;@%systemroot%\system32\iscsidsc.dll,-5000; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 p2pimsvc;@%systemroot%\system32\pnrpsvc.dll,-8004; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 p2psvc;@%systemroot%\system32\p2psvc.dll,-8006; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 peerdistsvc;@%systemroot%\system32\peerdistsvc.dll,-9000; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 perfhost;@%systemroot%\syswow64\perfhost.exe,-2; c:\windows\syswow64\perfhost.exe [2009-07-14 20992]
s3 pla;@%systemroot%\system32\pla.dll,-500; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 pnrpautoreg;@%systemroot%\system32\pnrpauto.dll,-8002; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 pnrpsvc;@%systemroot%\system32\pnrpsvc.dll,-8000; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 qwave;@%systemroot%\system32\qwave.dll,-1; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 scpolicysvc;@%systemroot%\system32\certprop.dll,-13; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 sdrsvc;@%systemroot%\system32\sdrsvc.dll,-107; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 sensrsvc;@%systemroot%\system32\sensrsvc.dll,-1000; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 sessionenv;@%systemroot%\system32\sessenv.dll,-1026; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 snmptrap;@%systemroot%\system32\snmptrap.exe,-3; c:\windows\system32\snmptrap.exe []
s3 sppuinotify;@%systemroot%\system32\sppuinotify.dll,-103; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 sstpsvc;@%systemroot%\system32\sstpsvc.dll,-200; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 steam client service;steam client service; c:\program files (x86)\common files\steam\steamservice.exe [2010-03-04 332720]
s3 tabletinputservice;@%systemroot%\system32\tabsvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 tbs;@%systemroot%\system32\tbssvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 threadorder;@%systemroot%\system32\mmcss.dll,-102; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 trustedinstaller;@%systemroot%\servicing\trustedinstaller.exe,-100; c:\windows\servicing\trustedinstaller.exe [2009-07-14 194048]
s3 ui0detect;@%systemroot%\system32\ui0detect.exe,-101; c:\windows\system32\ui0detect.exe []
s3 umrdpservice;@%systemroot%\system32\umrdp.dll,-1000; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 vaultsvc;@%systemroot%\system32\vaultsvc.dll,-1003; c:\windows\system32\lsass.exe []
s3 vds;@%systemroot%\system32\vds.exe,-100; c:\windows\system32\vds.exe []
s3 wbengine;@%systemroot%\system32\wbengine.exe,-104; c:\windows\system32\wbengine.exe []
s3 wbiosrvc;@%systemroot%\system32\wbiosrvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wcncsvc;@%systemroot%\system32\wcncsvc.dll,-3; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wcspluginservice;@%systemroot%\system32\wcspluginservice.dll,-200; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wdisystemhost;@%systemroot%\system32\wdi.dll,-500; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wecsvc;@%systemroot%\system32\wecsvc.dll,-200; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wercplsupport;@%systemroot%\system32\wercplsupport.dll,-101; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wersvc;@%systemroot%\system32\wersvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 windefend;@%programfiles%\windows defender\msmpres.dll,-103; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 winhttpautoproxysvc;@%systemroot%\system32\winhttp.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 winrm;@%systemroot%\system32\wsmsvc.dll,-101; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wlansvc;@%systemroot%\system32\wlansvc.dll,-257; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wpcsvc;@%systemroot%\system32\wpcsvc.dll,-100; c:\windows\system32\svchost.exe [2009-07-14 20992]
s3 wwansvc;@%systemroot%\system32\wwansvc.dll,-257; c:\windows\system32\svchost.exe [2009-07-14 20992]
s4 mcx2svc;@%systemroot%\ehome\ehres.dll,-15501; c:\windows\system32\svchost.exe [2009-07-14 20992]
s4 nettcpportsharing;@%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\servicemodelinstallrc.dll,-8201; c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe [2009-06-10 116560]
s4 vtingwinie;vtingwinie; c:\windows\system32\drivers\svchost.exe -a []
-----------------eof-----------------

[/hjt]
 
En tenslotte het RSIT info:

info.txt logfile of random's system information tool 1.08 2010-08-18 13:06:49

======Uninstall list======

-->MsiExec /X{F9835182-794B-4F24-902A-E2CA9D43380F}
Torrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Activision(R)-->MsiExec.exe /X{2A96D655-4FEF-4512-9468-0AABA70CD389}
Activision(R)-->MsiExec.exe /X{3FAD68D9-1FA1-4871-9ADF-9151D969E943}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Assassin's Creed II-->"C:\Program Files (x86)\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0009 -removeonly
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.5 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{87323561-58BA-4D5B-BADA-A791B69D1705}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DiRT2-->"C:\Program Files (x86)\InstallShield Installation Information\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe" -runfromtemp -l0x0009 -removeonly
Disciples III-->"D:\games\Disciples III\unins000.exe"
Divinity II - Ego Draconis-->"D:\Games\Divinity II - Ego Draconis\unins000.exe"
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon Age: Origins-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe
EAX Unified-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Creative\EAX Unified\Uninst.isu"
Empire: Total War-->"D:\Games\Steam\steam.exe" steam://uninstall/10500
Fallout 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
Football Manager 2010-->"D:\games\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
Gothic III Release Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}\setup.exe" -l0x9 -removeonly
Gothic III-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 5.5.1 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LG PC Suite II-->C:\Program Files (x86)\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0013 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Mafia II - Demo-->"D:\Games\Steam\steam.exe" steam://uninstall/50280
Mafia-->D:\games\Mafia\MafiaSetup.exe
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect 2-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe"
Medieval II Total War : Kingdoms : Americas-->C:\Program Files (x86)\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia-->C:\Program Files (x86)\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades-->C:\Program Files (x86)\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic-->C:\Program Files (x86)\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War-->C:\Program Files (x86)\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NVIDIA PhysX-->MsiExec.exe /X{F9835182-794B-4F24-902A-E2CA9D43380F}
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{30ED8F74-4222-4500-95A4-89651D56D349}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PowerStrip 3 (remove only)-->C:\Program Files (x86)\PowerStrip\uninstal.exe
Prince of Persia The Forgotten Sands-->"C:\Program Files (x86)\InstallShield Installation Information\{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}\setup.exe" -runfromtemp -l0x0409 -removeonly
Prism Video Converter-->C:\Program Files (x86)\NCH Software\Prism\uninst.exe
Rapture3D 2.3.22 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Real Alternative 2.0.1-->"C:\Program Files (x86)\Real Alternative\unins000.exe"
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files (x86)\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords-->C:\Program Files (x86)\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Singularity(TM)-->"C:\Program Files (x86)\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe" -runfromtemp -l0x0409 -removeonly
Sniper Ghost Warrior-->"D:\games\Sniper Ghost Warrior\unins000.exe"
SopCast 3.2.4-->C:\Program Files (x86)\SopCast\uninst.exe
Star Wars Empire at War Forces of Corruption-->C:\Program Files (x86)\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Empire at War-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II (2)\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
The Matrix - Path of Neo-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\SETUP.EXE" -l0x9 -removeonly
The Settlers 7 - Paths to a Kingdom-->"C:\Program Files (x86)\InstallShield Installation Information\{9C916142-C18C-429D-BFED-40094A7E0BEB}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Witcher Enhanced Edition-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Splinter Cell Conviction-->"C:\Program Files (x86)\InstallShield Installation Information\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Transformers - War for Cybertron-->"C:\Program Files (x86)\InstallShield Installation Information\{2A96D655-4FEF-4512-9468-0AABA70CD389}\setup.exe" -runfromtemp -l0x0809 -removeonly
TVAnts 1.0-->C:\PROGRA~2\TVAnts\UNWISE.EXE C:\PROGRA~2\TVAnts\INSTALL.LOG
Two Worlds-->C:\Program Files (x86)\Reality Pump\Two Worlds\Uninst.exe /pid:{8BAD4440-26D7-4A40-B844-066D2AF3550C} /asd
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veetle TV 0.9.16-->C:\Program Files (x86)\Veetle\UninstallVeetleTV.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

======System event log======

Computer Name: Mainframe
Event Code: 1014
Message: Name resolution for the name content.yieldmanager.com timed out after none of the configured DNS servers responded.
Record Number: 1122
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20091229124918.820874-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Mainframe
Event Code: 4228
Message: TCP/IP has chosen to restrict the scale factor due to a network condition. This could be related to a problem in a network device and will cause degraded throughput.
Record Number: 972
Source Name: Tcpip
Time Written: 20091229024716.046459-000
Event Type: Warning
User:

Computer Name: Mainframe
Event Code: 1014
Message: Name resolution for the name www.java.com timed out after none of the configured DNS servers responded.
Record Number: 935
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20091228235051.101361-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Mainframe
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 756
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20091228193147.216553-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Mainframe
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 751
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20091228193102.216979-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: Mainframe
Event Code: 1534
Message: Profile notification of event Create for component {56EA1054-1959-467f-BE3B-A2A787C4B6EA} failed, error code is ???.


Record Number: 203
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091228192228.273846-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Mainframe
Event Code: 6003
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.
Record Number: 202
Source Name: Microsoft-Windows-Winlogon
Time Written: 20091228192217.000000-000
Event Type: Warning
User:

Computer Name: Mainframe
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 197
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20091228192154.000000-000
Event Type: Warning
User:

Computer Name: Mainframe
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 190
Source Name: Microsoft-Windows-Search
Time Written: 20091228192057.000000-000
Event Type: Warning
User:

Computer Name: Mainframe
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 960) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 189
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20091228192049.922247-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Security event log=====

Computer Name: Mainframe
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x39471b8
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: PC_VAN_JOYCE
Source Network Address: 192.168.123.106
Source Port: 50574

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 12734
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100302210215.506370-000
Event Type: Audit Success
User:

Computer Name: Mainframe
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x39471a9
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: PC_VAN_JOYCE
Source Network Address: 192.168.123.106
Source Port: 50573

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 12733
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100302210215.495369-000
Event Type: Audit Success
User:

Computer Name: Mainframe
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3929358

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 12732
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100302205025.613766-000
Event Type: Audit Success
User:

Computer Name: Mainframe
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3929343

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 12731
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100302205025.612766-000
Event Type: Audit Success
User:

Computer Name: Mainframe
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3929358
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: PC_VAN_JOYCE
Source Network Address: 192.168.123.106
Source Port: 50188

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 12730
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100302205015.405182-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1a05

-----------------EOF-----------------
 
Hoi Lars, ik heb niks speciaals kunnen ontdekken in je laatste log!

Hoe is het nu met je Windows - heb de tools genstalleerd enz.?
 
alles verliep prima, had mijn schijf al paar maandjes terug defragmenteerd, en denk dat een heleboel tijd scheelde:D Verder nog een full scan gedaan met avast, vond niks..dus hartelijk bedankt:D
 
Dus je PC loopt weer op rolletjes?

Dan mag je RSIT naar de Prullenbak gooien!


En doe dan dit: een test, om te kijken hoe je huidige veiligheidssituatie is.

Download naar je bureaublad Security Check.
  • Klik/dubbelklik op SecurityCheck.exe en let op de instrukties in het zwarte vesnter.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in je volgende post.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan