• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Infectie by hamilton

Status
Niet open voor verdere reacties.

Hamilton

Junior lid
Lid geworden
8 apr 2010
Berichten
72
Waarderingsscore
0
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:20, on 26/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\nero\nero8\nero backitup\nbservice.exe
c:\windows\system32\ioctlsvc.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\microsoft sql server\90\shared\sqlwriter.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\program files\citrix\ica client\ssonsvr.exe
c:\windows\explorer.exe
c:\windows\soundman.exe
c:\program files\microsoft intellitype pro\itype.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\microsoft intellitype pro\dpupdchk.exe
c:\windows\system32\ctfmon.exe
c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
c:\program files\common files\lightscribe\lightscribecontrolpanel.exe
c:\program files\winzip\wzqkpick.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
c:\windows\system32\searchprotocolhost.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.be/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
r3 - urlsearchhook: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: askbar bho - {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askbar.dll
o2 - bho: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\s wg.dll
o2 - bho: litmusbho - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o2 - bho: nitropdfbho class - {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: epsontoolbandkicker class - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: epson web-to-page - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - (no file)
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o3 - toolbar: browsing protection toolbar - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o3 - toolbar: ask toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askbar.dll
o4 - hklm\..\run: [soundman] soundman.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe
o4 - hklm\..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe
o4 - hklm\..\run: [nerofiltercheck] c:\program files\common files\nero\lib\nerocheck.exe
o4 - hklm\..\run: [nbkeyscan] c:\program files\nero\nero8\nero backitup\nbkeyscan.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [istray] c:\program files\spyware doctor\pctstray.exe
o4 - hklm\..\run: [mcenui] ????a??;]????\mcenui.exe /hide
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [f-secure manager] c:\program files\telenet security pack\common\fsm32.exe /splash
o4 - hklm\..\run: [f-secure tnb] c:\program files\telenet security pack\fsgui\tnbutil.exe /checkall /waitforsw
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [epson stylus dx4400 series] c:\windows\system32\spool\drivers\w32x86\3\e_fatic ae.exe /fu c:\windows\temp\e_sb0.tmp /ef "hkcu"
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
o4 - hkcu\..\run: [lightscribe control panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
o4 - hkcu\..\run: [google update] c:\documents and settings\danny\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_96d6 ff0c6d236bf8.dll/cmsidewiki.html
o8 - extra context menu item: save page as pdf ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [noparse]http://www.net2phone.com/[/noparse] (file missing)
o9 - extra 'tools' menuitem: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [noparse]http://www.net2phone.com/[/noparse] (file missing)
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra 'tools' menuitem: pdf download - options - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra button: pdf download - {f1c0fd6c-a6a0-49a7-a932-71a56461867f} - c:\program files\nitro pdf\pdf download\nitropdf.dll (hkcu)
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - [noparse]http://cdn.scan.onecare.live.com/res...scbase6087.cab[/noparse]
o16 - dpf: {9191f686-7f0a-441d-8a98-2fe3ac1bd913} (activescan 2.0 installer class) - [noparse]http://acs.pandasoftware.com/actives.../as2stubie.cab[/noparse]
o16 - dpf: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (f-secure online scanner 3.3) - [noparse]http://virusscanner.telenet.be/fscax.cab[/noparse]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: symantec lic netconnect service (cltnetcnservice) - unknown owner - c:\program files\common files\symantec shared\ccsvchst.exe (file missing)
o23 - service: epson v3 service4(01) (epson_pm_rpcv4_01) - seiko epson corporation - c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
o23 - service: f-secure anti-virus firewall daemon (fsdfwd) - f-secure corporation - c:\program files\telenet security pack\fwes\program\fsdfwd.exe
o23 - service: fsma - f-secure corporation - c:\program files\telenet security pack\common\fsma32.exe
o23 - service: f-secure orsp client (fsorspclient) - f-secure corporation - c:\program files\telenet security pack\orsp client\fsorsp.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: hasp license manager (hasplms) - aladdin knowledge systems ltd. - c:\windows\system32\hasplms.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: mcafee proxy service (mcproxy) - unknown owner - c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe (file missing)
o23 - service: mcafee personal firewall service (mpfservice) - unknown owner - c:\program files\mcafee\mpf\mpfsrv.exe (file missing)
o23 - service: nero backitup scheduler 3 - nero ag - c:\program files\nero\nero8\nero backitup\nbservice.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\nero\lib\nmindexingservice.exe
o23 - service: plflash deviceiocontrol service - prolific technology inc. - c:\windows\system32\ioctlsvc.exe
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
--
end of file - 13292 bytes
[/hjt]
:rules:
 
Laatst bewerkt door een moderator:
Hallo Hamilton :)


Er staat een toolbar bij tussen die door veel beveiligingssoftware als risk gezien wordt, mogelijk is dat de infectie.
Verder zo te zien ook nog wat resten van eerdere antivirusprogramma's die kunnen conflicteren met de huidige antivirus.
Maar voor we beide gaan aanpakken, kan je ook even een uninstall list maken en meeposten? :) :

Uninstall list
* klik in HJT op knopje "config" (rechts in het "scanvenster" van HJt)
* dan "misc tools"
* dan "open uninstall manager"
* dan "save list"
* kopieer de inhoud van dat logje (uninstall.log) en post het mee in je volgende reactie
(evtl uitgebreidere uitleg met afb. kan je hier (klik) terugvinden indien nodig)

En kan je ook wat meer info geven ivm de infectie? : zegt je antivirus om welke infectie het gaat of geeft hij bv. aan op welke locatie de infectie zich bevindt?
 
Hallo Kingpin,

Alvast bedankt voor de reactie en de hulp...:).IK van mijn kans ga mijn best doen om een beetje minder digibeet te worden en die uninstal list voor mekaar te krijgen.Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2 - Nederlands
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Compatibility Toolkit
Ask Toolbar
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows XP (KB975561)
Bonjour
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
Citrix Presentation Server Client
Disc2Phone
DVD Suite
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
EPSON-Drucker-Software
F-Secure Internet Security Technology Preview
F-Secure PSC Prerequisites
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
GearDrvs
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hercules Classic Silver Webcam
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections 11.2.0.69
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 SDK, SE v1.4.2_05
Java(TM) 6 Update 20
JCreator LE 3.10
Junk Mail filter update
K-Lite Codec Pack 5.4.4 (Full)
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 8 Essentials
neroxml
Norton 360
OGA Notifier 1.7.0105.35.0
Panda ActiveScan 2.0
PDF Download for Internet Explorer
Picasa 3
PKR
PowerDVD
QuickTime
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Sony Ericsson Communications Suite
Spyware Doctor 7.0
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
ToggleDU Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update voor Windows Internet Explorer 8 (KB975364)
Update voor Windows Internet Explorer 8 (KB976662)
Van Dale Groot woordenboek hedendaags Nederlands
Van Dale Praktijkwoordenboek Engels
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 14.5
 
info over de infectie zoals kingping vroeg
*Kingping* zei:
En kan je ook wat meer info geven ivm de infectie? : zegt je antivirus om welke infectie het gaat of geeft hij bv. aan op welke locatie de infectie zich bevindt?
 
:wink:Beste David,

Ik heb zojuist een lange e-mail verstuurd ,ik denk een reply op Kingpin.moest u het ook onder ogen krijgen is het ok,zoniet wil ik Je bij deze bedanken voor de reactie en de hulp.Ik heb talloze manieren geprobeerd om mijn computer te scannen maar dat lukte niet omdat1)iemand ,waarschijnlijk de hacker spyware doctor op mijn computer heeft gezet zonder uninstal software.Ik had macafee als anti-virusprogramma maar die doet het helemaal niet meer.IK heb hier de CD-ROM maar die wil zich niet meer laten instaleren.Het programma zegt alles genstaleerd maar als ik dan een scan wil uitvoeren gebeurt er niets.
Gelukkig heb van jullie hijack dus kunnen installeren en de twee logbestanden kunnen maken die op het forum staan.
Hopelijk word je er iets wijzer van en anders moet je aan Kingpin een copy'tje van de mail Die aan jullie beiden was gericht.
Alvast bedankt voor de reactie en hulp.Groetjes Hamilton
 
Hallo Hamilton :)


Indien mogelijk, geef idd nog ecven de info over waar de antivirus (of het programma dat de melding van infectie gaf) de infectie aantrof. Mocht je die info lrijgen / gekregen hebben natuurlijk. Dat kan nl. nog helpen want het kan bv. zijn dat het een alarm is over een "oude" infectie die bv. in een ouder herstelpunt aanwezig is, en dan kunnen we nog lang zoeken ;)

//// EDIT: ik was al aan het reageren toen de tussentijdse reacties op het forum kwamen, dus had je antwoord ivm de infectie nog niet gelezen toen 'k de stappen typte ;)
Ik heb geen mailtje ontvangen eigenlijk? kan je nog eens proberen Kingpin2005ATgmailPUNTcom (de AT vervangen door @ en PUNT door . )


Spywaredoctor staat dus ook ongewenst op de PC? Ik las dat nu pas dus heb het niet in de stappen opgenomen, maar dat doen we dan hierna wel, dan pakken we die even aan. Spywaredoctor is geen slecht programma overigens, maar als het er ongewenst/ongewild op staat, pakken we het ook ineens even mee aan. Maar doe eerst onderstaande stappen eens :)
Dat McAaFee niet meer genstalleerd geraakt, is meer dan waarschijnlijk te wijten aan de andere beveiligngsprogramma's die er op staan (of resten ervan): Norton, F-Secure/Telenet securoty pakket (deze laatste lijkt je acrtieve antivirus en internet security, die is allszins actief). Meerdere antivirusprogramma's gaan conflicteren tijdens de installatie, dus ik vermoed dat daar het probleem zit van bij de McAfee installatie. ////



Maar we kunnen ondertussen ook al voort.
:)

Doe volgende stappen alvast eens:
(Mocht er ergens iets onduidelijk zijn, of je bij een stap graag meer uitleg oid. hebben, aarzel niet het te laten weten!)



1) Denstalleer onderstaande software
* Ga naar Start > Configuratiescherm > Software
* Verwijder een voor een onderstaande in rood gezette items uit de lijst van genstalleerde software (wijzig/verwijder lijst) .
* Bevestig dat je zeker bent ze te willen verwijderen indien dat gevraagd wordt > ok (volg de evtle denstallatiestappen van de software)
Ask Toolbar
ToggleDU Toolbar

Het betreft geen echte kwaadaardige malware, maar het is zeer sterk aan te raden onderstaande toolbars te denstalleren. Ze hebben een dubieuze reputatie. Sommige beveiligingsprogramma's detecteren ze als malware of "risk", andere melden er niets over, omdat het "grijs gebied" is. Het kan zijn dat de infectie melding die je kreeg te maken heeft met de aanwezigheid van (een van deze) dus evtentueel.
Echte kwaadaardige malware is het niet, maar owv privacyproblemen ed. wordt het doorgaans wel als af te radebn/dubieuze toolbars beschouwd.


2) Herstart de pc


3) Schakel volgende service uit
Het gaat om achtergebleven resten van McAfee en Norton, die kunnen conflicteren met je huidige beveiligingssoftware (F-Secure/Telenet Security pakket).
* Ga naar start > uitvoeren > typ services.msc en enter
* Ga in de lijst van services die opent, op zoek naar volgende service:
symantec lic netconnect service (cltnetcnservice)
* Doe er rechtermuisklik op > kies "eigenschappen"
* In het venstertje dat opent, klik (indien aanklikbaar) op "stoppen", en bij "opstarttype", selecteer "uitgeschakeld.
* doe hetzelfde voor deze services, dus een voor een opzoeken in de lijst van services, stoppen (indien dat knopje aanklikbaar is) en op opstartype "uitgeschakeld" zetten:
mcafee proxy service (mcproxy)
mcafee personal firewall service (mpfservice)

* Klik dan onderaan op knopje Toepassen/ok


3) Herstart weer de pc


4) Fix met Hijackthis volgende sleutels
* Maak een nieuwe scan met HJT.
* Enkel deze regels aanvinken (indien nog aanwezig, een deel van de regeltjes kan nl. al weg zijn door eerdere stappen bv. door de denstallatie bij stap 1. Dat is dna geen probleem, wat er nioet meer is van te fixen regels, kan je ook niet meer fixen ;)). (Hier indien nodig meer info over hoe iets "fixen" met HJT)
* Even alle open sites (ook deze) sluiten (=belangrijk voor het slagen van de fix)
* Dan op het knopje "fix checked" klikken
* Sluit daana HJT
r1 - hkcu\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r1 - hklm\software\microsoft\internet explorer\main,search page = ${url_searchpage}

r3 - urlsearchhook: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o2 - bho: askbar bho - {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askbar.dll
o2 - bho: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll

o3 - toolbar: toggledu toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbtogg.dll
o3 - toolbar: ask toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askbar.dll

o4 - hklm\..\run: [mcenui] ????a??;]????\mcenui.exe /hide


5) Herstart weer de pc
Het is weel veel herstarten, maar ik laat liever een keer meer herstarten, dan dat het anders te veel stappen ineens worden voor Windows/de pc om bij de herstart te laten doen.


6) Laat het McAfee en Symantec removal tooltje er over gaan
Om nog andere achtergebleven resten van beide antivirusprogramma's veilige te verwijderen, zodat ze niet conflicteren met je huidige antivirus pakket (Telenet security pakket/F-Secure). Want die resten (van bv. voorgenstalleerde trials/proefversies) kunnen nog danig in de weg zitten voor je huidige antivirus, en de opstart van de pc vertragen.

McAfee removal tool
(evtl. meer info kan je hier vinde (Eng.)
http://service.mcafee.com/FAQDocument.aspx?id=TS100507 )

* download het McAfee removatool
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
kies voor "opslaan" en sla op naar bv. het bureaublad of een andere plek waar je het goed kan terugvinden (na gebuik mag je het tooltje verwijderen)
* dubbelklik na download het op het bureaublad opgeslagen MCPR.exe en volg de stappen die het opgeeft.
* Herstart de pc

Symantec removaltool
(meer info kan je evtl. hier vinden (Ned.) vanaf stap 2
http://www.symantec.com/nl/nl/norto...e=public_web&docurl=20081008063121NL&ln=nl_NL )

* download het Symantec removaltool en sla het op naar het bureaublad
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
* dubbelklik als de download klaar is, het op het bureaublad opgeslagen removaltooltje Norton_Removal_Tool.exe
* volg de stappen van het tooltje om de achtergebleven resten van Symantec die nu ng mee opstarten, van de pc te verwijderen.


7) Herstart de pc


8) Laat MBAM nog eens scannen
(Tenzij dit nog maar net gebeurd is en hij niets aantrof, laat het dan even weten)
Je hebt MBAM al aan boord, dus dat is al makkelijk :)
* open MBAM / Malwarebytes anti-malware
* haal via het "update" tabje de updates op
* doe daarna een "snelle scan"
* Als de scan voltooid is, klik op OK > daarna "Bekijk Resultaten" om de resultaten te zien.
* Vink alles aan > klik op: "Verwijder geselecteerde".
* Na het verwijderen zal een log openen en zal er mogelijk gevraagd worden om de computer opnieuw op te starten. (Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde malwarebestanden zal het enkele meldingen geven waarbij je OK moet klikken. Daarna zal het vragen om de pc opnieuw op te starten, sta dit toe.)
* Post de inhoud van het logje mee


9) Maak en post ook nog een vers HJT logje



Succes :)
 
Laatst bewerkt door een moderator:
:fit:Beste,

Ik weet niet of het iets met de infectie te maken heeft,maar mijn grote teen zegt me dat het wellicht een rootkit is.
De reden van dit bericht is dat ik sommige symptomen vergeten was:als ik op ctrl-alt-delete drukMv krijg ik als antwoord "de systeembeheerder heeft taakbeheer uitgeschakeld" en nu net probeer ik een analyse te maken voor een defragmentatie en dan krijg ik juist hetzelfde deksel op de neus nml."Kan defragmentatie niet uitvoeren.
:rules:Wat juist de rules zijn voor het posten op het forum weet ik niet precies
maar het is heel wat.Maar ik probeer slechts zoveel mogelijk info door te spelen.with many thanks...Hamilton
--- automatische edit ---
Nee,ook niet via het configuratiescherm...:wall:
--- automatische edit ---
Aan Kingpin,

Ik ga er direct aan beginnen...:frusty:
--- automatische edit ---
Bij de ask toolbar krijg ik in het configuratiescherm nadat ik op verwijderen heb geklikt het volgende bericht "we need to close internet explorer browser windows before uninstalling the ask toolbar.Click yes to closebrowser windows and to uninstal the ask toolbar."als ik op yes klik geen enkele reactie...
wat betreft de toggle toolbar vraagt de computer in het configuratiescherm "This uninstal must reboot your computer to replace/delete files that are in-use.Press the ok button to reboot your computer"
Die reboot durf ik niet goed.reboot wat betekent dat eigenlijk?Ja sorry maar ik blijf nog een hele tijd digbeet.<whit thanks and grtz.Hamilton
--- automatische edit ---
De vraag is mag ik rebooten en wat kunnen de gevolgen zijn?
--- automatische edit ---
IK heb ff alles geannuleerd.Nog een probleempje IK wist dat mbam op mijn computer stond maar die is nu plotseling als van de aardbodem verdwenen.Ik ga nu de andere stappen nog eens proberen maar vraag me of het zijn nut heeft zolang de twee toolbars er nog opstaan.:wacko:
--- automatische edit ---
Beste Kingpin,

Ik ben er in geslaagd item 3 uit te voeren.Na heropstarten echter kreeg ik tot driemaal toe het gevreesde zwarte scherm.Dit heb ik de laatste weken meermaals gehad,mijn muisaanwijzer stond toen ook vast Ditmaal niet.Ik heb dit machien dan maar met behulp van de cd opgestart.hh dat was me wat.Maar ik heb alle kunnen uitschakelen.Ik ga nog eens kijken wat er nog zoal te proberen is en nog eens mijn telenet antivirus te installeren.Voor het vorige wacht ik op nieuwe reacties wat betreft die toolbars.
bedankt en tot later.
--- automatische edit ---
Aan Kingpin,

De twee toolbars heb ik ook verwijderd gekregen.Ik ga er een uurtje mee stoppen en dan aan mijn schoolwerk verderwerken.Alleszins bedankt voor de succsesvolle ondersteuning.Van die toolbars ben ik al af en de resten van mcafee en norton zijn ookk opgeruimd.de groetjes en tot later.PS.IK vraag me af of ik via services.msc ook die spyware doctor kan verwijderen.De groetjes.
 
Laatst bewerkt door een moderator:
Hoi Hamilton :)


We zullen straks een checken op rootkits enz... maar eerst even kijken om alle overbodige/dubbele antivirusprogramma's enz... er goed af te krijgen. Want die onderlinge conflicten kunnen veel acties in de war gooien, BSOD's veroorzaken enz...


Dus even stapje voor stapje :)


Ivm taakbeheer, kijk eens of volgende helpt?:
Fix_taskmanager.reg
* rechtermuisklik op bovenstaand linkje > kies voor Doel (of koppeling) "opslaan als ..." > opslaan op een locatie waar je het gemakkelijk kan terugvinden, bv bureaublad (achteraf kan je het bestandje gewoon verwijderen)
* het gedownloade .reg bestandje op het bureaublad openen dmv dubbelklik en toestaan dat het zich aan het register toevoegt.
kan je dan taakbeheer alweer goed openen?


Ivm de toolbars
"reboot" = herstarten
Dat is zo te lezen niet zo eenvoudig gegaan, maar zo te horen toch wel gelukt :)
We kijken wel in het nieuwe logje of de toolbars er goed uitgeraakt zijn.


Ivm MBAM
Hij komt nog voor in de uninstall list, waarschijnlijk is de snelkoppeling naar het bureaublad verwijderd oid.
Kijk eens of je MBAM zo kan openen:
* ga naar start > dze computer
* dubbelklik de C:\
* open de map "program files"
* open de map "malwarebytes anti-malware"
* staat daar een mbam.exe in? Zoja, die dubbelklikken, en dan zou mbam moeten openen. Dan dus even de updates ophalen (update tabje) en de snelle scan laten doen en de resultaten posten (zie m'n eerdere reactie ivm. hoe dat te doen)
Zonee, dan zullen we 'm even voor de zekerheid opnieuw installeren, maar nog even mee wachten, we zullen eerst even kijken of de toolbars er goed af zijn, en de resten van de oude antivirusscanners enz...


Ivm spyware doctor
Die is waarschijnlijk mee genstalleerd met PC tools antivirus oid, het is van hetzelfde bedrijf, vandaar het vermoeden.
We zullen die er ook even ineens afhalen dan. (Je kan de service wel uitschakelen ook, maar we kunnen beter hem eerst proberen goed te denstalleren (= de goede manier) en dan pas kijken ivm evtle resten om die uit te schakelen.)
Kijk eens of het lukt hem te deinstalleren:
* ga naar start > configuratiescherm > software
* verwijder "Spyware Doctor 7.0" uit de lijst van genstalleerde software.
* Herstart daarna de PC
Lukt dat of geeft hij foutmeldingen?


Maak en post een nieuw HJT logje
Dan gaan we eerst even kijken of die oude restjes van Norton, Mcafee er ui zijn, en of de denstallatie van PC Doctor goed gelukt is en de toolbars ook goed weg zijn,
voor we verder gaan.


Succes :)
 
Hey Kingpin,

Ik ga zo vlug mogelijk verder want er zijn al een paar dingen goed gelukt.Wat die MBAM betreft ik heb hem gedownload tot op mijn bb maar hij weigerde te draaien.Ook panda stond in mijn configuratiescherm maar nergens anders een spoor.Ook maar weer verwijdert en nu ga ik als volgende stap die fix checks eens proberen.wat de mcafee en norton removal tools betreft die kreeg ik niet gedownload.Er moet toch ergens iets zitten dat de hele boel saboteert,want als ik een ander soort programma opstart doet hij het onmiddelijk.Ondanks mijn vrees voor het blackscreen toch maar die fixjes eerst doen.Maar nu ben ik eerst aan een beetje eten en ontspanning toe.Al zeker bedankt voor alle tips en voor een fijne dag waar ik toch heel wat uit heb kunnen leren.MvG en tot later.Hamilton
 
Hoi Hamilton,


Dat is goed hoor :)

Ivm Panda, die kwam idd. ook uit je uninstall list, maar het betreft de online virusscan van Panda
http://www.pandasecurity.com/activescan/index/
dat kan geen kwaad qua conflicten.
Panda antivirus zelf staat dus niet op de pc, maar dat is voor als je de online scan doet, dat je de volgende keer sneller daarmee aan de slag kan (dan moesten enkel de virusdefinities geupdate worden, maar hoefde je niet de active-x van de Panda online scan enzo opnieuw te downloaden/installeren). Maar dat kan verder geen kwaad hoor, of die er opstaat of nu af is. :)

Je kan het Norton removal tool evtl. ook via hier proberen te downloaden, lukt het dan?:
http://www.softpedia.com/progDownload/Norton-Removal-Tool-Download-26173.html
Want van de Symantec site is het ipv. via "http:" protovol via ftp: protocol, en het kan zijn dat het dat is wat niet lukt. Dus dat er een probleem is met iets te downloaden van servers/ ftp: adressen.
Als het niet lukt, laat het zo, we kijken wel via het verse HJT logje hoe de situatie ondertussen is en waar er nog restjes van zijn, en dan schakelen we die zo wel uit :)

Dus post wanneer je er terug mee aan de slag gaat, daarna zeker ook nog eens een nieuw HJT logje. Dus het logje van hijack this zoals je gedaan hebt in je startpost (maar dan een nieuwe maken). Dan kijken we eerst hoe het er ondertussen voor staat :)

Ivm MBAM, misschen ging het niet omdat hij nog genstalleerd al was?
Denstalleer MBAM eens eerst (via start > configuratiescherm > software: MBAM 5malwareBytes anti-malware) verwijderen uit de lijst van genstalleerde software, dan de computer herstarten, en dan opnieuw downloaden en installeren:
http://www.nationaalcomputerforum.nl/showthread.php?t=40142
Lukt het dan?
Zijn er meerdere gebruikers/accounts op deze computer of ben je de enige gebruiker?


Succes :)
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:01, on 27/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Telenet Security Pack\NRS\iescript\baselitmus.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Telenet Security Pack\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [McENUI] ????A??;]???? \McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Security Pack\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 12284 bytes
--- automatische edit ---
Ai,ik ben vergeten hoe ik hem door de kleurcodering moet halen...
 
Laatst bewerkt door een moderator:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:01, on 27/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Telenet Security Pack\NRS\iescript\baselitmus.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Telenet Security Pack\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [McENUI] ????A??;]????\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Danny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telenet Security Pack\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Telenet Security Pack\ORSP Client\fsorsp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 12284 bytes
--- automatische edit ---
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:01, on 27/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\citrix\ica client\ssonsvr.exe
c:\windows\explorer.exe
c:\windows\soundman.exe
c:\program files\microsoft intellitype pro\itype.exe
c:\program files\microsoft intellipoint\ipoint.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\microsoft intellitype pro\dpupdchk.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\windows\system32\ctfmon.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files\common files\lightscribe\lightscribecontrolpanel.exe
c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
c:\program files\winzip\wzqkpick.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\program files\nero\nero8\nero backitup\nbservice.exe
c:\windows\system32\ioctlsvc.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\microsoft sql server\90\shared\sqlwriter.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
c:\documents and settings\danny\local settings\application data\google\google talk plugin\googletalkplugin.exe
c:\windows\system32\wuauclt.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hkcu\software\microsoft\internet explorer\main,start page = [u][noparse]http://www.google.be/[/noparse][/u]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [u][noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse][/u]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [u][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u]
r1 - hklm\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r0 - hklm\software\microsoft\internet explorer\main,start page = [u][noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse][/u]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
o2 - bho: litmusbho - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o2 - bho: nitropdfbho class - {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: epsontoolbandkicker class - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: epson web-to-page - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll
o3 - toolbar: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - (no file)
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: browsing protection toolbar - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll
o4 - hklm\..\run: [soundman] soundman.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
o4 - hklm\..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe
o4 - hklm\..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe
o4 - hklm\..\run: [nerofiltercheck] c:\program files\common files\nero\lib\nerocheck.exe
o4 - hklm\..\run: [nbkeyscan] c:\program files\nero\nero8\nero backitup\nbkeyscan.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [istray] c:\program files\spyware doctor\pctstray.exe
o4 - hklm\..\run: [mcenui] ????a??;]????\mcenui.exe /hide
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [f-secure manager] c:\program files\telenet security pack\common\fsm32.exe /splash
o4 - hklm\..\run: [f-secure tnb] c:\program files\telenet security pack\fsgui\tnbutil.exe /checkall /waitforsw
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [epson stylus dx4400 series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu c:\windows\temp\e_sb0.tmp /ef "hkcu"
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [lightscribe control panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
o4 - hkcu\..\run: [google update] c:\documents and settings\danny\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_96d6ff0c6d236bf8.dll/cmsidewiki.html
o8 - extra context menu item: save page as pdf ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [u][noparse]http://www.net2phone.com/[/noparse][/u] (file missing)
o9 - extra 'tools' menuitem: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - [u][noparse]http://www.net2phone.com/[/noparse][/u] (file missing)
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra 'tools' menuitem: pdf download - options - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - c:\program files\nitro pdf\pdf download\nitropdf.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra button: pdf download - {f1c0fd6c-a6a0-49a7-a932-71a56461867f} - c:\program files\nitro pdf\pdf download\nitropdf.dll (hkcu)
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - [u][noparse]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab[/noparse][/u]
o16 - dpf: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (f-secure online scanner 3.3) - [u][noparse]http://virusscanner.telenet.be/fscax.cab[/noparse][/u]
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: epson v3 service4(01) (epson_pm_rpcv4_01) - seiko epson corporation - c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
o23 - service: f-secure anti-virus firewall daemon (fsdfwd) - f-secure corporation - c:\program files\telenet security pack\fwes\program\fsdfwd.exe
o23 - service: fsma - f-secure corporation - c:\program files\telenet security pack\common\fsma32.exe
o23 - service: f-secure orsp client (fsorspclient) - f-secure corporation - c:\program files\telenet security pack\orsp client\fsorsp.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: hasp license manager (hasplms) - aladdin knowledge systems ltd. - c:\windows\system32\hasplms.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: nero backitup scheduler 3 - nero ag - c:\program files\nero\nero8\nero backitup\nbservice.exe
o23 - service: nmindexingservice - nero ag - c:\program files\common files\nero\lib\nmindexingservice.exe
o23 - service: plflash deviceiocontrol service - prolific technology inc. - c:\windows\system32\ioctlsvc.exe
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
--
end of file - 12284 bytes
[/hjt]
 
Laatst bewerkt door een moderator:
Dat ziet er al een stuk beter uit :)
De dubieuze toolbars zijn er mooi uit, en nog maar een enkel restje van McAfee en Spyware Doctor.
Dat gaan we eerst nog even aanpakken nu.


Doe volgende eens:


1) Fix met Hijackthis volgende sleutels
* Enkel onderstaande regels aanvinken in de scan van HJT
* Even alle open sites (ook deze) sluiten.
* Dan op het knopje "fix checked" klikken.
* Sluit daarna HJT
r1 - hkcu\software\microsoft\internet explorer\main,search page = ${url_searchpage}
r1 - hklm\software\microsoft\internet explorer\main,search page = ${url_searchpage}

o4 - hklm\..\run: [istray] c:\program files\spyware doctor\pctstray.exe
o4 - hklm\..\run: [mcenui] ????a??;]????\mcenui.exe /hide


2) Herstart de pc


3) Maak en post een OTL scan
zie hier voor de uitgebreide uitleg hoe zo'n logje te maken.
http://www.nationaalcomputerforum.nl/showpost.php?p=545345&postcount=11
Post beide logjes (de extras.txt is geminimaliseerd, dus die staat in je taakbalk en moet je eerst even aanklikken voor dat kladblokbestandje ook te kopiren is).
(Het kan zijn dat het niet allemaal in 1 reactie past, post het dan in meerdere keren)


Lukte de MBAM scan evtl. ondertussen al na de denstallatie en herinstallatie van MBAM? Zoja, laat die dan even lopen en post het resultaat. Zo nee, laat het ook even weten.


EDIT: ivm logjes in kleur zetten (had de postjes boven je vorige reactie gemist :blush: ), kan je hier evtl. nog een wat uitgebreidere uitleg terugvinden:
http://www.nationaalcomputerforum.nl/showthread.php?t=25840#D Drmmr's HJT Kleurcodering
Maar als dat nu niet lukt ofzo, is dat geen ramp hoor ;)
dan pas ik het wel even aan in je post.


Succes :)
 
Het was een interressant item op canvas over het internet.dat heb ik ff voor ontspanning meegepikt.Mijn computer toch nog ff terug opgestart(geen zwarte schermen meer)en met plezier je reactie op mijn laatste logjes gelezen.IK ga dat morgen eens goed bekijken met die kleurcodering, want dat is best interessant.Nu ga ik slapen want morgen naar school.Ook plezant,maar anders dan hier op het forum.Morgen werk ik die opdrachten verder af.:wink:Ik heb veel plezier aan het forum al duurt het wel even om je weg te zpoeken en te vinden.Topinitiatief:surrender
--- automatische edit ---
Dat zou ik nog vergeten in mijn enthoesiasme:de MBAM-scan is meerdere malen mislukt.als het op zulke programmas aankomt lukt er niets.Dat virus of wat het ook mag zijn ,lijkt wel een achtkoppig monster.Wel leuk,mijn computer begint steeds vlotter te draaien,want hij was traag.doei:biggrin:
 
Laatst bewerkt door een moderator:
Mooi dat je toch al wat verbetering merkt (Y) en al wat plezier aan het forum ook beleeft :P
Ok, we zien je reactie wel verschijnen! :biggrin:
Veel plezier op school morgen, en alvast succes met de stappen!
 
hallo Kingpin,

even goeidag zegggen.Het is al laat maar ik ben na school nog een uurtje gaan slapen want vannacht was het kwart voor twee,en dan om zeven uur eruit.:wacko:Maar dan ga ik nu beginnen metde hijackfix en otl scan.De groetjes en tot later...:eek:
--- automatische edit ---
[hjt]
otl logfile created on: 28/04/2010 15:35:03 - run 1
otl by oldtimer - version 3.2.3.0 folder = c:\documents and settings\danny\bureaublad
windows xp home edition service pack 3 (version = 5.1.2600) - type = ntworkstation
internet explorer (version = 8.0.6001.18702)
locale: 00000813 | country: belgi | language: nlb | date format: d/mm/yyyy

479,00 mb total physical memory | 72,00 mb available physical memory | 15,00% memory free
1,00 gb paging file | 1,00 gb available in paging file | 64,00% paging file free
paging file location(s): c:\pagefile.sys 720 1440 [binary data]

%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 149,04 gb total space | 117,85 gb free space | 79,07% space free | partition type: ntfs
d: drive not present or media not loaded
e: drive not present or media not loaded
f: drive not present or media not loaded
g: drive not present or media not loaded
h: drive not present or media not loaded
i: drive not present or media not loaded

computer name: blackflag
current user name: danny
logged in as administrator.

current boot mode: normal
scan mode: current user
company name whitelist: off
skip microsoft files: off
file age = 30 days
output = standard

========== processes (safelist) ==========

prc - [2010/04/28 15:24:04 | 000,563,712 | ---- | m] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe
prc - [2010/04/06 14:50:00 | 000,494,920 | r--- | m] (winzip computing, s.l.) -- c:\program files\winzip\wzqkpick.exe
prc - [2009/10/18 05:33:31 | 000,039,408 | ---- | m] (google inc.) -- c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
prc - [2009/05/21 20:25:15 | 001,501,064 | ---- | m] (microsoft corporation) -- c:\program files\microsoft intellitype pro\itype.exe
prc - [2009/05/21 20:25:15 | 000,448,400 | ---- | m] (microsoft corporation) -- c:\program files\microsoft intellitype pro\dpupdchk.exe
prc - [2009/05/19 12:36:18 | 000,240,512 | ---- | m] (microsoft corporation) -- c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
prc - [2008/12/18 05:25:12 | 029,181,272 | ---- | m] (microsoft corporation) -- c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe
prc - [2008/11/24 23:31:12 | 000,087,904 | ---- | m] (microsoft corporation) -- c:\program files\microsoft sql server\90\shared\sqlwriter.exe
prc - [2008/04/14 19:03:14 | 000,033,280 | ---- | m] (microsoft corporation) -- c:\windows\system32\snmp.exe
prc - [2008/04/14 19:02:58 | 001,037,312 | ---- | m] (microsoft corporation) -- c:\windows\explorer.exe
prc - [2007/06/21 19:38:42 | 000,034,384 | ---- | m] (citrix systems, inc.) -- c:\program files\citrix\ica client\ssonsvr.exe
prc - [2007/04/16 16:28:22 | 000,577,536 | ---- | m] (realtek semiconductor corp.) -- c:\windows\soundman.exe
prc - [2007/01/11 06:02:00 | 000,113,664 | ---- | m] (seiko epson corporation) -- c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
prc - [2004/08/04 14:00:00 | 000,019,456 | ---- | m] (microsoft corporation) -- c:\windows\system32\tcpsvcs.exe


========== modules (safelist) ==========

mod - [2010/04/28 15:24:04 | 000,563,712 | ---- | m] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe


========== win32 services (safelist) ==========

srv - file not found [disabled | stopped] -- -- (mpfservice)
srv - file not found [disabled | stopped] -- -- (mcproxy)
srv - file not found [disabled | stopped] -- -- (cltnetcnservice)
srv - [2009/08/05 23:48:42 | 000,704,864 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\program files\windows live\family safety\fsssvc.exe -- (fsssvc)
srv - [2009/08/05 17:59:26 | 000,055,904 | ---- | m] (f-secure corporation) [on_demand | stopped] -- c:\program files\telenet security pack\orsp client\fsorsp.exe -- (fsorspclient)
srv - [2009/08/05 17:58:52 | 000,186,976 | ---- | m] (f-secure corporation) [auto | stopped] -- c:\program files\telenet security pack\common\fsma32.exe -- (fsma)
srv - [2009/08/05 17:57:20 | 000,522,848 | ---- | m] (f-secure corporation) [on_demand | stopped] -- c:\program files\telenet security pack\fwes\program\fsdfwd.exe -- (fsdfwd)
srv - [2009/05/19 12:36:18 | 000,240,512 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft\search enhancement pack\seaport\seaport.exe -- (seaport)
srv - [2008/12/18 05:25:12 | 029,181,272 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe -- (mssql$mssmlbiz) sql server (mssmlbiz)
srv - [2008/11/24 23:31:12 | 000,087,904 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft sql server\90\shared\sqlwriter.exe -- (sqlwriter)
srv - [2008/04/14 19:03:14 | 000,033,280 | ---- | m] (microsoft corporation) [auto | running] -- c:\windows\system32\snmp.exe -- (snmp)
srv - [2008/04/14 19:02:37 | 000,105,472 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\p2pgasvc.dll -- (p2pgasvc)
srv - [2008/04/14 19:02:28 | 000,035,840 | ---- | m] (microsoft corporation) [auto | running] -- c:\windows\system32\iprip.dll -- (iprip)
srv - [2007/08/09 14:58:34 | 001,757,696 | ---- | m] (aladdin knowledge systems ltd.) [auto | stopped] -- c:\windows\system32\hasplms.exe -- (hasplms)
srv - [2007/02/10 06:29:48 | 000,242,544 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\program files\microsoft sql server\90\shared\sqlbrowser.exe -- (sqlbrowser)
srv - [2007/01/11 06:02:00 | 000,113,664 | ---- | m] (seiko epson corporation) [auto | running] -- c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe -- (epson_pm_rpcv4_01) epson v3 service4(01)
srv - [2005/10/14 03:50:20 | 000,045,272 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\program files\microsoft sql server\90\shared\sqladhlp90.exe -- (mssqlserveradhelper)
srv - [2004/08/04 14:00:00 | 000,019,456 | ---- | m] (microsoft corporation) [auto | running] -- c:\windows\system32\tcpsvcs.exe -- (simptcp)
srv - [2004/08/04 14:00:00 | 000,019,456 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\tcpsvcs.exe -- (lpdsvc)


========== driver services (safelist) ==========

drv - [2009/11/04 17:54:12 | 000,040,552 | ---- | m] (mcafee, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\mfesmfk.sys -- (mfesmfk)
drv - [2009/09/16 11:22:14 | 000,034,248 | ---- | m] (mcafee, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\mferkdk.sys -- (mferkdk)
drv - [2009/08/05 23:48:42 | 000,054,752 | ---- | m] (microsoft corporation) [kernel | auto | running] -- c:\windows\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
drv - [2009/08/05 17:57:20 | 000,080,000 | ---- | m] (f-secure corporation) [kernel | boot | running] -- c:\windows\system32\drivers\fsdfw.sys -- (fsfw)
drv - [2009/07/16 13:32:26 | 000,120,136 | ---- | m] (mcafee, inc.) [kernel | system | running] -- c:\windows\system32\drivers\mpfp.sys -- (mpfp)
drv - [2009/05/09 03:14:18 | 000,014,736 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nuidfltr.sys -- (nuidfltr)
drv - [2008/06/20 13:08:27 | 000,225,856 | ---- | m] (microsoft corporation) [kernel | system | running] -- c:\windows\system32\drivers\tcpip6.sys -- (tcpip6)
drv - [2008/04/13 20:45:12 | 000,060,032 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\usbaudio.sys -- (usbaudio) stuurprogramma voor usb-audio (wdm)
drv - [2007/10/26 12:20:40 | 004,124,352 | r--- | m] (realtek semiconductor corp.) [kernel | on_demand | running] -- c:\windows\system32\drivers\alcxwdm.sys -- (alcxwdm) service for realtek ac97 audio (wdm)
drv - [2007/08/06 15:25:44 | 000,585,728 | ---- | m] (aladdin knowledge systems ltd.) [kernel | auto | running] -- c:\windows\system32\drivers\hardlock.sys -- (hardlock)
drv - [2007/06/13 16:43:54 | 000,094,208 | ---- | m] (guillemot corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\camfilt2.sys -- (camfilt2)
drv - [2007/05/28 10:02:02 | 000,352,256 | ---- | m] (aladdin knowledge systems ltd.) [kernel | auto | running] -- c:\windows\system32\drivers\aksfridge.sys -- (aksfridge)
drv - [2007/04/13 20:24:04 | 010,246,144 | ---- | m] (sonix co. ltd.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\snpstd3.sys -- (snpstd3)


========== standard registry (safelist) ==========


========== internet explorer ==========

ie - hklm\software\microsoft\internet explorer\search,default_search_url = [noparse]http://www.google.com/ie[/noparse]
ie - hklm\software\microsoft\internet explorer\search,searchassistant = [noparse]http://www.google.com/ie[/noparse]

ie - hkcu\software\microsoft\internet explorer\main,default_search_url = [noparse]http://www.google.com/ie[/noparse]
ie - hkcu\software\microsoft\internet explorer\main,searchmigrateddefaultname = google
ie - hkcu\software\microsoft\internet explorer\main,searchmigrateddefaulturl = [noparse]http://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8[/noparse]
ie - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.be/[/noparse]
ie - hkcu\software\microsoft\internet explorer\search,default_search_url = [noparse]http://www.google.com/ie[/noparse]
ie - hkcu\software\microsoft\internet explorer\search,searchassistant = [noparse]http://www.google.com/ie[/noparse]
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = *.local

========== firefox ==========

ff - prefs.js..extensions.enableditems: jqs@sun.com:1.0
ff - prefs.js..extensions.enableditems: {b7082faa-cb62-4872-9106-e42dd88ede45}:2.8

ff - hklm\software\mozilla\firefox\extensions\\litmus-ff@f-secure.com: c:\program files\telenet security pack\nrs\litmus-ff@f-secure.com [2010/04/26 21:11:23 | 000,000,000 | ---d | m]

[2009/06/09 20:39:56 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\mozilla\extensions
[2010/04/27 18:12:30 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\mozilla\firefox\profiles\ckrvpog4.default\extensions
[2010/01/06 23:28:46 | 000,000,000 | ---d | m] (microsoft .net framework assistant) -- c:\documents and settings\danny\application data\mozilla\firefox\profiles\ckrvpog4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

hosts file not found

o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - no clsid value found.
o2 - bho: (search helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll (microsoft corporation)
o2 - bho: (groove gfs browser helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll (microsoft corporation)
o2 - bho: (google toolbar helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o2 - bho: (google toolbar notifier bho) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll (google inc.)
o2 - bho: (browsing protection class) - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll (f-secure corporation)
o2 - bho: (no name) - {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - no clsid value found.
o2 - bho: (windows live toolbar helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll (microsoft corporation)
o2 - bho: (epsontoolbandkicker class) - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\epson web-to-page.dll (seiko epson corporation)
o3 - hklm\..\toolbar: (&windows live toolbar) - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll (microsoft corporation)
o3 - hklm\..\toolbar: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o3 - hklm\..\toolbar: (browsing protection toolbar) - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll (f-secure corporation)
o3 - hklm\..\toolbar: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - no clsid value found.
o3 - hklm\..\toolbar: (epson web-to-page) - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll (seiko epson corporation)
o3 - hkcu\..\toolbar\webbrowser: (&windows live toolbar) - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll (microsoft corporation)
o3 - hkcu\..\toolbar\webbrowser: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o3 - hkcu\..\toolbar\webbrowser: (epson web-to-page) - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll (seiko epson corporation)
o4 - hklm..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe (apple inc.)
o4 - hklm..\run: [f-secure manager] c:\program files\telenet security pack\common\fsm32.exe (f-secure corporation)
o4 - hklm..\run: [f-secure tnb] c:\program files\telenet security pack\fsgui\tnbutil.exe (f-secure corporation)
o4 - hklm..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe (microsoft corporation)
o4 - hklm..\run: [nbkeyscan] c:\program files\nero\nero8\nero backitup\nbkeyscan.exe (nero ag)
o4 - hklm..\run: [nerofiltercheck] c:\program files\common files\nero\lib\nerocheck.exe (nero ag)
o4 - hklm..\run: [soundman] c:\windows\soundman.exe (realtek semiconductor corp.)
o4 - hkcu..\run: [epson stylus dx4400 series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe (seiko epson corporation)
o4 - hkcu..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (google inc.)
o4 - startup: c:\documents and settings\all users\menu start\programma's\opstarten\winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe (winzip computing, s.l.)
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: honorautorunsetting = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: nointerneticon = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\system: consentpromptbehavioradmin = 0
o7 - hkcu\software\microsoft\windows\currentversion\policies\explorer: nodrivetypeautorun = 145
o7 - hkcu\software\microsoft\windows\currentversion\policies\explorer: nointerneticon = 1
o8 - extra context menu item: add to google photos screensa&ver - c:\windows\system32\gphotos.scr (google inc.)
o8 - extra context menu item: e&xport to microsoft excel - c:\program files\microsoft office\office12\excel.exe (microsoft corporation)
o8 - extra context menu item: google sidewiki... - c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_96d6ff0c6d236bf8.dll (google inc.)
o8 - extra context menu item: save page as pdf ... - c:\program files\nitro pdf\pdf download\nitroweb.htm ()
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll (microsoft corporation)
o9 - extra 'tools' menuitem : &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll (microsoft corporation)
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office12\onbttnie.dll (microsoft corporation)
o9 - extra 'tools' menuitem : verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office12\onbttnie.dll (microsoft corporation)
o9 - extra button: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - file not found
o9 - extra 'tools' menuitem : net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - file not found
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\program files\microsoft office\office12\refiebar.dll (microsoft corporation)
o9 - extra 'tools' menuitem : pdf download - options - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - reg error: key error. file not found
o10 - namespace_catalog5\catalog_entries\000000000006 [] - c:\program files\bonjour\mdnsnsp.dll (apple inc.)
o10 - protocol_catalog9\catalog_entries\000000000001 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000002 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000003 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000004 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000005 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000006 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000029 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} [noparse]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab[/noparse] (windows live safety center base module)
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/noparse] (java plug-in 1.6.0_20)
o16 - dpf: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} [noparse]http://virusscanner.telenet.be/fscax.cab[/noparse] (f-secure online scanner 3.3)
o16 - dpf: {cafeefac-0014-0002-0005-abcdeffedcba} [noparse]http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[/noparse] (reg error: key error.)
o16 - dpf: {cafeefac-0016-0000-0020-abcdeffedcba} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/noparse] (java plug-in 1.6.0_20)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/noparse] (java plug-in 1.6.0_20)
o17 - hklm\system\ccs\services\tcpip\parameters: dhcpnameserver = 195.130.130.130 195.130.131.130
o18 - protocol\handler\groovelocalgws {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll (microsoft corporation)
o18 - protocol\handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\program files\common files\microsoft shared\help\hxds.dll (microsoft corporation)
o18 - protocol\handler\wlmailhtml {03c514a3-1efb-4856-9f99-10d7be1653c0} - c:\program files\windows live\mail\mailcomm.dll (microsoft corporation)
o18 - protocol\filter\text/xml {807563e5-5146-11d5-a672-00b0d022e945} - c:\program files\common files\microsoft shared\office12\msoxmlmf.dll (microsoft corporation)
o20 - hklm winlogon: shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20 - winlogon\notify\igfxcui: dllname - igfxdev.dll - c:\windows\system32\igfxdev.dll (intel corporation)
o24 - desktop components:0 (mijn huidige introductiepagina) - about:home
o24 - desktop wallpaper: c:\documents and settings\danny\mijn documenten\mijn afbeeldingen\picasa-bewerkingen\picasabackground.bmp
o24 - desktop backupwallpaper: c:\documents and settings\danny\mijn documenten\mijn afbeeldingen\picasa-bewerkingen\picasabackground.bmp
o28 - hklm shellexecutehooks: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\msnlnamespacemgr.dll (microsoft corporation)
o28 - hklm shellexecutehooks: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\grooveshellextensions.dll (microsoft corporation)
o32 - hklm cdrom: autorun - 1
o32 - autorun file - [2009/02/03 15:32:23 | 000,000,000 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o34 - hklm bootexecute: (autocheck autochk *) - file not found
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*

kopieer nu onderstaande in blauw gezette tekst (vanaf netsvc tot en met createrestorepoint selecteren > kopiren). en plak dit gekopieerde in het lege veldje onder "custom scans/fixes" onderaan het venster (= rechtermuisklikken op een lege plek in het lege veldje > plakken/paste)
error starting restore point: 31
error closing restore point: the sequence number is invalid.

netsvcs: ias - c:\windows\system32\ias [2009/02/04 22:28:09 | 000,000,000 | ---d | m]
netsvcs: iprip - c:\windows\system32\iprip.dll (microsoft corporation)
netsvcs: irmon - file not found
netsvcs: nwcworkstation - file not found
netsvcs: nwsapagent - file not found
netsvcs: wmi - c:\windows\system32\wmi.dll (microsoft corporation)
netsvcs: wmdmpmsp - file not found

createrestorepoint
error starting restore point: 31
error closing restore point: the sequence number is invalid.

========== files/folders - created within 30 days ==========

[2010/04/28 15:24:02 | 000,563,712 | ---- | c] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe
[2010/04/26 23:38:49 | 000,000,000 | ---d | c] -- c:\jcreatorv3le
[2010/04/26 23:24:14 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\mijn documenten\tempdir1
[2010/04/26 14:43:00 | 000,000,000 | ---d | c] -- c:\program files\trend micro
[2010/04/25 23:21:48 | 000,000,000 | rh-d | c] -- c:\documents and settings\danny\onlangs geopend
[2010/04/23 23:47:26 | 000,000,000 | ---d | c] -- c:\windows\system32\mpenginestore
[2010/04/23 21:59:59 | 000,000,000 | ---d | c] -- c:\f4a63cc75f435f2f9e8da56e02
[2010/04/23 16:36:53 | 000,000,000 | ---d | c] -- c:\345abd741b13f436ee65279291
[2010/04/22 20:00:04 | 000,000,000 | ---d | c] -- c:\program files\panda security
[2010/04/22 15:13:48 | 000,000,000 | ---d | c] -- c:\documents and settings\all users\application data\sun
[2010/04/22 15:12:55 | 000,411,368 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2010/04/22 15:12:55 | 000,153,376 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2010/04/22 15:12:55 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2010/04/22 15:12:55 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\java.exe
[2010/04/22 13:52:11 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\application data\f-secure
[2010/04/22 13:46:07 | 000,000,000 | ---d | c] -- c:\documents and settings\networkservice\local settings\application data\f-secure
[2010/04/22 13:45:36 | 000,080,000 | ---- | c] (f-secure corporation) -- c:\windows\system32\drivers\fsdfw.sys
[2010/04/22 13:43:15 | 000,000,000 | ---d | c] -- c:\program files\telenet security pack
[2010/04/22 13:25:50 | 000,000,000 | ---d | c] -- c:\documents and settings\all users\application data\fssg
[2010/04/22 13:25:02 | 000,000,000 | ---d | c] -- c:\documents and settings\all users\application data\f-secure
[2010/04/19 19:27:26 | 000,000,000 | ---d | c] -- c:\program files\common files\java
[2010/04/19 19:27:25 | 000,000,000 | ---d | c] -- c:\j2sdk1.4.2_05
[2010/04/15 23:50:36 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\mijn documenten\unzipped
[2010/04/15 20:29:10 | 003,788,696 | ---- | c] (sammsoft ) -- c:\documents and settings\danny\mijn documenten\avg.exe
[2010/04/15 20:18:34 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\local settings\application data\winzip
[2010/04/15 20:17:40 | 000,000,000 | ---d | c] -- c:\program files\winzip
[2010/04/12 22:47:54 | 000,000,000 | ---d | c] -- c:\af00b01c6bd606c2dc1d59678a20b807
[2010/04/12 20:02:00 | 000,000,000 | ---d | c] -- c:\program files\windows live safety center
[2010/04/12 19:41:24 | 000,181,632 | ---- | c] (microsoft corporation) -- c:\windows\system32\mpsigstub.exe
[2010/04/11 23:09:37 | 000,000,000 | ---d | c] -- c:\program files\windows defender
[2009/02/22 16:56:29 | 000,061,440 | ---- | c] ( ) -- c:\windows\system32\vsnpstd3.dll
[2009/02/22 16:56:29 | 000,053,248 | ---- | c] ( ) -- c:\windows\system32\csnpstd3.dll
[7 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

========== files - modified within 30 days ==========

[2010/04/28 15:33:00 | 000,000,470 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{5abf5503-e857-48a8-9314-2fa84f23ed25}.job
[2010/04/28 15:24:04 | 000,563,712 | ---- | m] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe
[2010/04/28 15:18:16 | 000,000,592 | ---- | m] () -- c:\documents and settings\danny\bureaublad\taskmanager.reg
[2010/04/28 15:04:33 | 000,000,422 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{ff5c6b1f-4f3f-49d1-8a9b-bb93601c22c1}.job
[2010/04/28 14:53:19 | 000,001,134 | ---- | m] () -- c:\windows\tasks\googleupdatetaskusers-1-5-21-1229272821-630328440-839522115-1004ua.job
[2010/04/28 14:44:34 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogalogon.job
[2010/04/28 14:44:31 | 000,012,732 | ---- | m] () -- c:\windows\system32\wpa.dbl
[2010/04/28 14:44:25 | 000,001,038 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2010/04/28 14:44:25 | 000,000,380 | ---- | m] () -- c:\windows\tasks\filecure startup.job
[2010/04/28 14:44:16 | 000,000,006 | -h-- | m] () -- c:\windows\tasks\sa.dat
[2010/04/28 14:44:14 | 000,002,048 | --s- | m] () -- c:\windows\bootstat.dat
[2010/04/28 01:12:55 | 006,815,744 | ---- | m] () -- c:\documents and settings\danny\ntuser.dat
[2010/04/28 01:12:55 | 000,000,188 | -hs- | m] () -- c:\documents and settings\danny\ntuser.ini
[2010/04/28 00:00:04 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogadaily.job
[2010/04/27 15:53:00 | 000,001,082 | ---- | m] () -- c:\windows\tasks\googleupdatetaskusers-1-5-21-1229272821-630328440-839522115-1004core.job
[2010/04/26 23:38:50 | 000,000,518 | ---- | m] () -- c:\documents and settings\danny\bureaublad\jcreator le.lnk
[2010/04/26 23:18:23 | 000,322,143 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\hoofdstuk_1_bijlage.pdf
[2010/04/26 22:03:13 | 000,001,734 | ---- | m] () -- c:\documents and settings\danny\bureaublad\hijackthis.lnk
[2010/04/26 21:11:50 | 000,586,576 | ---- | m] () -- c:\windows\system32\perfh013.dat
[2010/04/26 21:11:50 | 000,493,534 | ---- | m] () -- c:\windows\system32\perfh009.dat
[2010/04/26 21:11:50 | 000,120,204 | ---- | m] () -- c:\windows\system32\perfc013.dat
[2010/04/26 21:11:50 | 000,091,012 | ---- | m] () -- c:\windows\system32\perfc009.dat
[2010/04/26 21:11:33 | 001,311,950 | ---- | m] () -- c:\windows\system32\perfstringbackup.ini
[2010/04/26 14:42:03 | 001,402,880 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\hijackthis.msi
[2010/04/25 01:32:00 | 000,000,330 | -h-- | m] () -- c:\windows\tasks\mp scheduled scan.job
[2010/04/24 20:00:00 | 000,000,404 | ---- | m] () -- c:\windows\tasks\registry winner schedule.job
[2010/04/24 17:48:43 | 000,305,152 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\windiag.iso
[2010/04/23 17:34:21 | 000,000,256 | ---- | m] () -- c:\documents and settings\danny\bureaublad\problemen met stuurprogramma's voor hardware en software oplossen in windows xp.url
[2010/04/19 16:14:17 | 000,001,729 | ---- | m] () -- c:\documents and settings\all users\bureaublad\adobe reader 9.lnk
[2010/04/19 00:17:19 | 000,000,548 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\tempdir.java
[2010/04/19 00:06:00 | 000,000,364 | ---- | m] () -- c:\windows\tasks\filecure.job
[2010/04/15 20:40:31 | 000,000,666 | ---- | m] () -- c:\documents and settings\all users\bureaublad\mcafee easynetwork.lnk
[2010/04/15 20:40:01 | 000,027,031 | ---- | m] () -- c:\windows\system32\config.mpf
[2010/04/15 20:29:10 | 003,788,696 | ---- | m] (sammsoft ) -- c:\documents and settings\danny\mijn documenten\avg.exe
[2010/04/15 20:18:05 | 000,001,732 | ---- | m] () -- c:\documents and settings\all users\bureaublad\winzip.lnk
[2010/04/15 20:18:05 | 000,001,660 | ---- | m] () -- c:\documents and settings\all users\menu start\programma's\opstarten\winzip quick pick.lnk
[2010/04/12 17:29:27 | 000,153,376 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javacpl.cpl
[2010/04/12 01:15:29 | 000,012,674 | ---- | m] () -- c:\windows\system32\wpa.bak
[2010/04/08 14:29:32 | 000,063,360 | ---- | m] (pc tools) -- c:\windows\system32\drivers\pctplsg.sys
[7 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

========== files created - no company name ==========

[2010/04/28 15:18:15 | 000,000,592 | ---- | c] () -- c:\documents and settings\danny\bureaublad\taskmanager.reg
[2010/04/26 23:18:22 | 000,322,143 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\hoofdstuk_1_bijlage.pdf
[2010/04/26 14:43:00 | 000,001,734 | ---- | c] () -- c:\documents and settings\danny\bureaublad\hijackthis.lnk
[2010/04/26 14:42:02 | 001,402,880 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\hijackthis.msi
[2010/04/25 14:18:27 | 000,000,470 | -h-- | c] () -- c:\windows\tasks\user_feed_synchronization-{5abf5503-e857-48a8-9314-2fa84f23ed25}.job
[2010/04/24 17:48:43 | 000,305,152 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\windiag.iso
[2010/04/23 17:34:21 | 000,000,256 | ---- | c] () -- c:\documents and settings\danny\bureaublad\problemen met stuurprogramma's voor hardware en software oplossen in windows xp.url
[2010/04/19 20:21:54 | 000,000,518 | ---- | c] () -- c:\documents and settings\danny\bureaublad\jcreator le.lnk
[2010/04/19 00:17:19 | 000,000,548 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\tempdir.java
[2010/04/15 20:39:36 | 000,000,666 | ---- | c] () -- c:\documents and settings\all users\bureaublad\mcafee easynetwork.lnk
[2010/04/15 20:18:05 | 000,001,732 | ---- | c] () -- c:\documents and settings\all users\bureaublad\winzip.lnk
[2010/04/15 20:18:05 | 000,001,660 | ---- | c] () -- c:\documents and settings\all users\menu start\programma's\opstarten\winzip quick pick.lnk
[2010/04/11 23:29:32 | 000,000,330 | -h-- | c] () -- c:\windows\tasks\mp scheduled scan.job
[2009/11/24 15:50:31 | 000,178,176 | ---- | c] () -- c:\windows\system32\unrar.dll
[2009/11/24 15:50:30 | 000,000,038 | ---- | c] () -- c:\windows\avisplitter.ini
[2009/11/24 15:50:26 | 000,881,664 | ---- | c] () -- c:\windows\system32\xvidcore.dll
[2009/11/24 15:50:25 | 000,205,824 | ---- | c] () -- c:\windows\system32\xvidvfw.dll
[2009/11/24 15:50:20 | 000,085,504 | ---- | c] () -- c:\windows\system32\ff_vfw.dll
[2009/11/24 15:50:20 | 000,000,547 | ---- | c] () -- c:\windows\system32\ff_vfw.dll.manifest
[2009/06/22 21:35:35 | 000,000,000 | ---- | c] () -- c:\windows\mngui.ini
[2009/06/11 19:05:39 | 000,000,754 | ---- | c] () -- c:\windows\wordpad.ini
[2009/05/30 00:42:20 | 000,309,248 | ---- | c] () -- c:\windows\system32\sqlite36_engine.dll
[2009/04/12 23:21:06 | 000,000,239 | ---- | c] () -- c:\windows\net2fone.ini
[2009/03/18 01:26:50 | 000,000,069 | ---- | c] () -- c:\windows\nerodigital.ini
[2009/03/11 21:01:28 | 000,023,552 | ---- | c] () -- c:\windows\system32\directcom.dll
[2009/02/22 16:56:29 | 000,015,493 | ---- | c] () -- c:\windows\snpstd3.ini
[2009/02/22 16:18:04 | 000,000,097 | ---- | c] () -- c:\windows\system32\picsdk.ini
[2009/02/22 16:16:35 | 000,000,027 | ---- | c] () -- c:\windows\cde dx4400defgips.ini
[2009/02/21 09:25:20 | 000,691,592 | ---- | c] () -- c:\windows\system32\ogacheckcontrol.dll
[2009/02/10 15:45:07 | 000,147,456 | ---- | c] () -- c:\windows\system32\rtlcpapi.dll
[2008/05/26 23:22:14 | 000,017,438 | ---- | c] () -- c:\windows\system32\gthrctr.ini
[2008/05/26 23:22:10 | 000,023,146 | ---- | c] () -- c:\windows\system32\idxcntrs.ini
[2008/05/26 23:22:06 | 000,016,842 | ---- | c] () -- c:\windows\system32\gsrvctr.ini

========== lop check ==========

[2009/06/15 23:55:17 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\118c
[2009/03/07 21:35:01 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\11b5
[2009/03/07 21:15:29 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\1d2ee
[2009/03/07 21:36:06 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\6bb
[2010/01/14 15:17:26 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\applications
[2009/06/09 11:11:03 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\azureus
[2009/11/23 21:29:17 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\disk cleaner
[2009/04/21 13:50:49 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\downloaded installations
[2009/02/22 16:15:36 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\epson
[2010/04/26 21:11:53 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\f-secure
[2010/02/16 08:17:38 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\filecure
[2010/04/26 21:09:03 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\fssg
[2010/03/24 00:31:35 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\lightscribe
[2009/08/11 22:04:18 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\logmein
[2009/06/21 21:26:20 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\musicnotes
[2009/10/10 22:19:37 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\pc drivers headquarters
[2010/04/28 14:45:21 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\temp
[2009/02/22 16:21:40 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\udl
[2010/04/15 20:18:38 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\winzip
[2010/03/26 21:33:09 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{12ffefc2-229f-4d39-8f34-1db63d04fabc}
[2009/10/18 17:28:02 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{3276be95_af08_429f_a64f_ca64cb79bcf6}
[2010/01/12 22:31:55 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{755ac846-7372-4ac8-8550-c52491daa8bd}
[2009/06/23 03:39:48 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{8cd7f5af-ecfa-4793-bf40-d8f42dbff906}
[2009/10/26 21:53:24 | 000,000,000 | -hsd | m] -- c:\documents and settings\danny\application data\.#
[2009/06/09 11:14:33 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\azureus
[2009/06/09 20:39:49 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\cometnetwork
[2010/01/19 20:15:30 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\epson
[2010/04/22 13:52:11 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\f-secure
[2010/03/26 21:32:45 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\fighters
[2009/04/14 18:57:17 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\filezilla
[2009/02/18 18:20:03 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\getrighttogo
[2010/01/30 21:10:17 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\icaclient
[2010/03/06 12:09:46 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\leadertech
[2009/05/21 22:56:53 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\openoffice.org
[2009/06/22 21:33:13 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\teleca
[2009/07/04 17:26:17 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\uniblue
[2010/02/26 23:17:54 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\van dale
[2009/02/16 21:34:06 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\vandale
[2009/06/14 21:51:13 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\wallpapers
[2009/03/29 02:19:29 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\windows desktop search
[2009/03/29 04:29:19 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\windows search
[2010/04/28 14:44:25 | 000,000,380 | ---- | m] () -- c:\windows\tasks\filecure startup.job
[2010/04/19 00:06:00 | 000,000,364 | ---- | m] () -- c:\windows\tasks\filecure.job
[2010/02/15 02:16:34 | 000,000,346 | ---- | m] () -- c:\windows\tasks\mcdefragtask.job
[2009/10/26 16:50:08 | 000,000,318 | ---- | m] () -- c:\windows\tasks\mcqctask.job
[2010/04/25 01:32:00 | 000,000,330 | -h-- | m] () -- c:\windows\tasks\mp scheduled scan.job
[2010/04/28 00:00:04 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogadaily.job
[2010/04/28 14:44:34 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogalogon.job
[2010/04/24 20:00:00 | 000,000,404 | ---- | m] () -- c:\windows\tasks\registry winner schedule.job
[2010/04/28 15:38:00 | 000,000,470 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{5abf5503-e857-48a8-9314-2fa84f23ed25}.job
[2010/04/28 15:04:33 | 000,000,422 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{ff5c6b1f-4f3f-49d1-8a9b-bb93601c22c1}.job

========== purity check ==========



========== custom scans ==========


< klik daarin onder "output" rechts bovenaan: minimal output aan >

< zet een vinkje bij: "lop check" en "purity check" rechtsonder >

< >

< %systemdrive%\*.exe >


< md5 for: agp440.sys >
[2004/08/04 14:00:00 | 018,788,859 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp2.cab:agp440.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp3.cab:agp440.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\servicepackfiles\i386\sp3.cab:agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | m] (microsoft corporation) md5=08fd04aa961bdc77fb983f328334e3d7 -- c:\windows\servicepackfiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | m] (microsoft corporation) md5=08fd04aa961bdc77fb983f328334e3d7 -- c:\windows\system32\drivers\agp440.sys

< md5 for: atapi.sys >
[2004/08/04 14:00:00 | 018,788,859 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp2.cab:atapi.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp3.cab:atapi.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\servicepackfiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | m] (microsoft corporation) md5=9f3a2f5aa6875c72bf062c712cfa2674 -- c:\windows\servicepackfiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | m] (microsoft corporation) md5=9f3a2f5aa6875c72bf062c712cfa2674 -- c:\windows\system32\drivers\atapi.sys
[2004/08/04 14:00:00 | 000,095,360 | ---- | m] (microsoft corporation) md5=cdfe4411a69c224bd1d11b2da92dac51 -- c:\windows\system32\reinstallbackups\0000\driverfiles\i386\atapi.sys

< md5 for: eventlog.dll >
[2008/04/14 19:02:25 | 000,056,320 | ---- | m] (microsoft corporation) md5=ca64b9406eeda4ffa2daeae1dabcce42 -- c:\windows\servicepackfiles\i386\eventlog.dll
[2008/04/14 19:02:25 | 000,056,320 | ---- | m] (microsoft corporation) md5=ca64b9406eeda4ffa2daeae1dabcce42 -- c:\windows\system32\eventlog.dll

< md5 for: netlogon.dll >
[2008/04/14 19:02:33 | 000,407,040 | ---- | m] (microsoft corporation) md5=e6a7071df6855ab7cccc220ac3aad087 -- c:\windows\servicepackfiles\i386\netlogon.dll
[2008/04/14 19:02:33 | 000,407,040 | ---- | m] (microsoft corporation) md5=e6a7071df6855ab7cccc220ac3aad087 -- c:\windows\system32\netlogon.dll

< md5 for: scecli.dll >
[2008/04/14 19:02:39 | 000,185,856 | ---- | m] (microsoft corporation) md5=0e3b585761e23c1e35442e972b7e45f9 -- c:\windows\servicepackfiles\i386\scecli.dll
[2008/04/14 19:02:39 | 000,185,856 | ---- | m] (microsoft corporation) md5=0e3b585761e23c1e35442e972b7e45f9 -- c:\windows\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | m] (microsoft corporation) unable to obtain md5 -- c:\windows\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | m] (microsoft corporation) unable to obtain md5 -- c:\windows\system32\dxtrans.dll
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< %systemroot%\*. /mp /s >

========== alternate data streams ==========

@alternate data stream - 125 bytes -> c:\documents and settings\all users\application data\temp:89e253fe
@alternate data stream - 116 bytes -> c:\documents and settings\all users\application data\temp:d1b5b4f1
@alternate data stream - 114 bytes -> c:\documents and settings\all users\application data\temp:dfc5a2b2
< end of report >

[/hjt]
 
[hjt]
otl logfile created on: 28/04/2010 15:35:03 - run 1
otl by oldtimer - version 3.2.3.0 folder = c:\documents and settings\danny\bureaublad
windows xp home edition service pack 3 (version = 5.1.2600) - type = ntworkstation
internet explorer (version = 8.0.6001.18702)
locale: 00000813 | country: belgi | language: nlb | date format: d/mm/yyyy

479,00 mb total physical memory | 72,00 mb available physical memory | 15,00% memory free
1,00 gb paging file | 1,00 gb available in paging file | 64,00% paging file free
paging file location(s): c:\pagefile.sys 720 1440 [binary data]

%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 149,04 gb total space | 117,85 gb free space | 79,07% space free | partition type: ntfs
d: drive not present or media not loaded
e: drive not present or media not loaded
f: drive not present or media not loaded
g: drive not present or media not loaded
h: drive not present or media not loaded
i: drive not present or media not loaded

computer name: blackflag
current user name: danny
logged in as administrator.

current boot mode: normal
scan mode: current user
company name whitelist: off
skip microsoft files: off
file age = 30 days
output = standard

========== processes (safelist) ==========

prc - [2010/04/28 15:24:04 | 000,563,712 | ---- | m] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe
prc - [2010/04/06 14:50:00 | 000,494,920 | r--- | m] (winzip computing, s.l.) -- c:\program files\winzip\wzqkpick.exe
prc - [2009/10/18 05:33:31 | 000,039,408 | ---- | m] (google inc.) -- c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
prc - [2009/05/21 20:25:15 | 001,501,064 | ---- | m] (microsoft corporation) -- c:\program files\microsoft intellitype pro\itype.exe
prc - [2009/05/21 20:25:15 | 000,448,400 | ---- | m] (microsoft corporation) -- c:\program files\microsoft intellitype pro\dpupdchk.exe
prc - [2009/05/19 12:36:18 | 000,240,512 | ---- | m] (microsoft corporation) -- c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
prc - [2008/12/18 05:25:12 | 029,181,272 | ---- | m] (microsoft corporation) -- c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe
prc - [2008/11/24 23:31:12 | 000,087,904 | ---- | m] (microsoft corporation) -- c:\program files\microsoft sql server\90\shared\sqlwriter.exe
prc - [2008/04/14 19:03:14 | 000,033,280 | ---- | m] (microsoft corporation) -- c:\windows\system32\snmp.exe
prc - [2008/04/14 19:02:58 | 001,037,312 | ---- | m] (microsoft corporation) -- c:\windows\explorer.exe
prc - [2007/06/21 19:38:42 | 000,034,384 | ---- | m] (citrix systems, inc.) -- c:\program files\citrix\ica client\ssonsvr.exe
prc - [2007/04/16 16:28:22 | 000,577,536 | ---- | m] (realtek semiconductor corp.) -- c:\windows\soundman.exe
prc - [2007/01/11 06:02:00 | 000,113,664 | ---- | m] (seiko epson corporation) -- c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe
prc - [2004/08/04 14:00:00 | 000,019,456 | ---- | m] (microsoft corporation) -- c:\windows\system32\tcpsvcs.exe


========== modules (safelist) ==========

mod - [2010/04/28 15:24:04 | 000,563,712 | ---- | m] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe


========== win32 services (safelist) ==========

srv - file not found [disabled | stopped] -- -- (mpfservice)
srv - file not found [disabled | stopped] -- -- (mcproxy)
srv - file not found [disabled | stopped] -- -- (cltnetcnservice)
srv - [2009/08/05 23:48:42 | 000,704,864 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\program files\windows live\family safety\fsssvc.exe -- (fsssvc)
srv - [2009/08/05 17:59:26 | 000,055,904 | ---- | m] (f-secure corporation) [on_demand | stopped] -- c:\program files\telenet security pack\orsp client\fsorsp.exe -- (fsorspclient)
srv - [2009/08/05 17:58:52 | 000,186,976 | ---- | m] (f-secure corporation) [auto | stopped] -- c:\program files\telenet security pack\common\fsma32.exe -- (fsma)
srv - [2009/08/05 17:57:20 | 000,522,848 | ---- | m] (f-secure corporation) [on_demand | stopped] -- c:\program files\telenet security pack\fwes\program\fsdfwd.exe -- (fsdfwd)
srv - [2009/05/19 12:36:18 | 000,240,512 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft\search enhancement pack\seaport\seaport.exe -- (seaport)
srv - [2008/12/18 05:25:12 | 029,181,272 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe -- (mssql$mssmlbiz) sql server (mssmlbiz)
srv - [2008/11/24 23:31:12 | 000,087,904 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft sql server\90\shared\sqlwriter.exe -- (sqlwriter)
srv - [2008/04/14 19:03:14 | 000,033,280 | ---- | m] (microsoft corporation) [auto | running] -- c:\windows\system32\snmp.exe -- (snmp)
srv - [2008/04/14 19:02:37 | 000,105,472 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\p2pgasvc.dll -- (p2pgasvc)
srv - [2008/04/14 19:02:28 | 000,035,840 | ---- | m] (microsoft corporation) [auto | running] -- c:\windows\system32\iprip.dll -- (iprip)
srv - [2007/08/09 14:58:34 | 001,757,696 | ---- | m] (aladdin knowledge systems ltd.) [auto | stopped] -- c:\windows\system32\hasplms.exe -- (hasplms)
srv - [2007/02/10 06:29:48 | 000,242,544 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\program files\microsoft sql server\90\shared\sqlbrowser.exe -- (sqlbrowser)
srv - [2007/01/11 06:02:00 | 000,113,664 | ---- | m] (seiko epson corporation) [auto | running] -- c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s40rp7.exe -- (epson_pm_rpcv4_01) epson v3 service4(01)
srv - [2005/10/14 03:50:20 | 000,045,272 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\program files\microsoft sql server\90\shared\sqladhlp90.exe -- (mssqlserveradhelper)
srv - [2004/08/04 14:00:00 | 000,019,456 | ---- | m] (microsoft corporation) [auto | running] -- c:\windows\system32\tcpsvcs.exe -- (simptcp)
srv - [2004/08/04 14:00:00 | 000,019,456 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\tcpsvcs.exe -- (lpdsvc)


========== driver services (safelist) ==========

drv - [2009/11/04 17:54:12 | 000,040,552 | ---- | m] (mcafee, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\mfesmfk.sys -- (mfesmfk)
drv - [2009/09/16 11:22:14 | 000,034,248 | ---- | m] (mcafee, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\mferkdk.sys -- (mferkdk)
drv - [2009/08/05 23:48:42 | 000,054,752 | ---- | m] (microsoft corporation) [kernel | auto | running] -- c:\windows\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
drv - [2009/08/05 17:57:20 | 000,080,000 | ---- | m] (f-secure corporation) [kernel | boot | running] -- c:\windows\system32\drivers\fsdfw.sys -- (fsfw)
drv - [2009/07/16 13:32:26 | 000,120,136 | ---- | m] (mcafee, inc.) [kernel | system | running] -- c:\windows\system32\drivers\mpfp.sys -- (mpfp)
drv - [2009/05/09 03:14:18 | 000,014,736 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nuidfltr.sys -- (nuidfltr)
drv - [2008/06/20 13:08:27 | 000,225,856 | ---- | m] (microsoft corporation) [kernel | system | running] -- c:\windows\system32\drivers\tcpip6.sys -- (tcpip6)
drv - [2008/04/13 20:45:12 | 000,060,032 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\usbaudio.sys -- (usbaudio) stuurprogramma voor usb-audio (wdm)
drv - [2007/10/26 12:20:40 | 004,124,352 | r--- | m] (realtek semiconductor corp.) [kernel | on_demand | running] -- c:\windows\system32\drivers\alcxwdm.sys -- (alcxwdm) service for realtek ac97 audio (wdm)
drv - [2007/08/06 15:25:44 | 000,585,728 | ---- | m] (aladdin knowledge systems ltd.) [kernel | auto | running] -- c:\windows\system32\drivers\hardlock.sys -- (hardlock)
drv - [2007/06/13 16:43:54 | 000,094,208 | ---- | m] (guillemot corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\camfilt2.sys -- (camfilt2)
drv - [2007/05/28 10:02:02 | 000,352,256 | ---- | m] (aladdin knowledge systems ltd.) [kernel | auto | running] -- c:\windows\system32\drivers\aksfridge.sys -- (aksfridge)
drv - [2007/04/13 20:24:04 | 010,246,144 | ---- | m] (sonix co. ltd.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\snpstd3.sys -- (snpstd3)


========== standard registry (safelist) ==========


========== internet explorer ==========

ie - hklm\software\microsoft\internet explorer\search,default_search_url = [noparse]http://www.google.com/ie[/noparse]
ie - hklm\software\microsoft\internet explorer\search,searchassistant = [noparse]http://www.google.com/ie[/noparse]

ie - hkcu\software\microsoft\internet explorer\main,default_search_url = [noparse]http://www.google.com/ie[/noparse]
ie - hkcu\software\microsoft\internet explorer\main,searchmigrateddefaultname = google
ie - hkcu\software\microsoft\internet explorer\main,searchmigrateddefaulturl = [noparse]http://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8[/noparse]
ie - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.be/[/noparse]
ie - hkcu\software\microsoft\internet explorer\search,default_search_url = [noparse]http://www.google.com/ie[/noparse]
ie - hkcu\software\microsoft\internet explorer\search,searchassistant = [noparse]http://www.google.com/ie[/noparse]
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = *.local

========== firefox ==========

ff - prefs.js..extensions.enableditems: jqs@sun.com:1.0
ff - prefs.js..extensions.enableditems: {b7082faa-cb62-4872-9106-e42dd88ede45}:2.8

ff - hklm\software\mozilla\firefox\extensions\\litmus-ff@f-secure.com: c:\program files\telenet security pack\nrs\litmus-ff@f-secure.com [2010/04/26 21:11:23 | 000,000,000 | ---d | m]

[2009/06/09 20:39:56 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\mozilla\extensions
[2010/04/27 18:12:30 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\mozilla\firefox\profiles\ckrvpog4.default\extensions
[2010/01/06 23:28:46 | 000,000,000 | ---d | m] (microsoft .net framework assistant) -- c:\documents and settings\danny\application data\mozilla\firefox\profiles\ckrvpog4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

hosts file not found

o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - no clsid value found.
o2 - bho: (search helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll (microsoft corporation)
o2 - bho: (groove gfs browser helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll (microsoft corporation)
o2 - bho: (google toolbar helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o2 - bho: (google toolbar notifier bho) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll (google inc.)
o2 - bho: (browsing protection class) - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll (f-secure corporation)
o2 - bho: (no name) - {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - no clsid value found.
o2 - bho: (windows live toolbar helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll (microsoft corporation)
o2 - bho: (epsontoolbandkicker class) - {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\epson web-to-page.dll (seiko epson corporation)
o3 - hklm\..\toolbar: (&windows live toolbar) - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll (microsoft corporation)
o3 - hklm\..\toolbar: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o3 - hklm\..\toolbar: (browsing protection toolbar) - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\telenet security pack\nrs\iescript\baselitmus.dll (f-secure corporation)
o3 - hklm\..\toolbar: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - no clsid value found.
o3 - hklm\..\toolbar: (epson web-to-page) - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll (seiko epson corporation)
o3 - hkcu\..\toolbar\webbrowser: (&windows live toolbar) - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll (microsoft corporation)
o3 - hkcu\..\toolbar\webbrowser: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o3 - hkcu\..\toolbar\webbrowser: (epson web-to-page) - {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\epson web-to-page.dll (seiko epson corporation)
o4 - hklm..\run: [applesyncnotifier] c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe (apple inc.)
o4 - hklm..\run: [f-secure manager] c:\program files\telenet security pack\common\fsm32.exe (f-secure corporation)
o4 - hklm..\run: [f-secure tnb] c:\program files\telenet security pack\fsgui\tnbutil.exe (f-secure corporation)
o4 - hklm..\run: [itype] c:\program files\microsoft intellitype pro\itype.exe (microsoft corporation)
o4 - hklm..\run: [nbkeyscan] c:\program files\nero\nero8\nero backitup\nbkeyscan.exe (nero ag)
o4 - hklm..\run: [nerofiltercheck] c:\program files\common files\nero\lib\nerocheck.exe (nero ag)
o4 - hklm..\run: [soundman] c:\windows\soundman.exe (realtek semiconductor corp.)
o4 - hkcu..\run: [epson stylus dx4400 series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe (seiko epson corporation)
o4 - hkcu..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (google inc.)
o4 - startup: c:\documents and settings\all users\menu start\programma's\opstarten\winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe (winzip computing, s.l.)
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: honorautorunsetting = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: nointerneticon = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\system: consentpromptbehavioradmin = 0
o7 - hkcu\software\microsoft\windows\currentversion\policies\explorer: nodrivetypeautorun = 145
o7 - hkcu\software\microsoft\windows\currentversion\policies\explorer: nointerneticon = 1
o8 - extra context menu item: add to google photos screensa&ver - c:\windows\system32\gphotos.scr (google inc.)
o8 - extra context menu item: e&xport to microsoft excel - c:\program files\microsoft office\office12\excel.exe (microsoft corporation)
o8 - extra context menu item: google sidewiki... - c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_96d6ff0c6d236bf8.dll (google inc.)
o8 - extra context menu item: save page as pdf ... - c:\program files\nitro pdf\pdf download\nitroweb.htm ()
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll (microsoft corporation)
o9 - extra 'tools' menuitem : &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll (microsoft corporation)
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office12\onbttnie.dll (microsoft corporation)
o9 - extra 'tools' menuitem : verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office12\onbttnie.dll (microsoft corporation)
o9 - extra button: net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - file not found
o9 - extra 'tools' menuitem : net2phone - {4b30061a-5b39-11d3-80f8-0090276f843f} - file not found
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\program files\microsoft office\office12\refiebar.dll (microsoft corporation)
o9 - extra 'tools' menuitem : pdf download - options - {ad9e6088-e00b-42f9-9f0c-8480525d234e} - reg error: key error. file not found
o10 - namespace_catalog5\catalog_entries\000000000006 [] - c:\program files\bonjour\mdnsnsp.dll (apple inc.)
o10 - protocol_catalog9\catalog_entries\000000000001 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000002 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000003 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000004 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000005 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000006 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o10 - protocol_catalog9\catalog_entries\000000000029 - c:\program files\telenet security pack\fsps\program\fslsp.dll (f-secure corporation)
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} [noparse]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab[/noparse] (windows live safety center base module)
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/noparse] (java plug-in 1.6.0_20)
o16 - dpf: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} [noparse]http://virusscanner.telenet.be/fscax.cab[/noparse] (f-secure online scanner 3.3)
o16 - dpf: {cafeefac-0014-0002-0005-abcdeffedcba} [noparse]http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[/noparse] (reg error: key error.)
o16 - dpf: {cafeefac-0016-0000-0020-abcdeffedcba} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/noparse] (java plug-in 1.6.0_20)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/noparse] (java plug-in 1.6.0_20)
o17 - hklm\system\ccs\services\tcpip\parameters: dhcpnameserver = 195.130.130.130 195.130.131.130
o18 - protocol\handler\groovelocalgws {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll (microsoft corporation)
o18 - protocol\handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\program files\common files\microsoft shared\help\hxds.dll (microsoft corporation)
o18 - protocol\handler\wlmailhtml {03c514a3-1efb-4856-9f99-10d7be1653c0} - c:\program files\windows live\mail\mailcomm.dll (microsoft corporation)
o18 - protocol\filter\text/xml {807563e5-5146-11d5-a672-00b0d022e945} - c:\program files\common files\microsoft shared\office12\msoxmlmf.dll (microsoft corporation)
o20 - hklm winlogon: shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20 - winlogon\notify\igfxcui: dllname - igfxdev.dll - c:\windows\system32\igfxdev.dll (intel corporation)
o24 - desktop components:0 (mijn huidige introductiepagina) - about:home
o24 - desktop wallpaper: c:\documents and settings\danny\mijn documenten\mijn afbeeldingen\picasa-bewerkingen\picasabackground.bmp
o24 - desktop backupwallpaper: c:\documents and settings\danny\mijn documenten\mijn afbeeldingen\picasa-bewerkingen\picasabackground.bmp
o28 - hklm shellexecutehooks: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\msnlnamespacemgr.dll (microsoft corporation)
o28 - hklm shellexecutehooks: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\grooveshellextensions.dll (microsoft corporation)
o32 - hklm cdrom: autorun - 1
o32 - autorun file - [2009/02/03 15:32:23 | 000,000,000 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o34 - hklm bootexecute: (autocheck autochk *) - file not found
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*

kopieer nu onderstaande in blauw gezette tekst (vanaf netsvc tot en met createrestorepoint selecteren > kopiren). en plak dit gekopieerde in het lege veldje onder "custom scans/fixes" onderaan het venster (= rechtermuisklikken op een lege plek in het lege veldje > plakken/paste)
error starting restore point: 31
error closing restore point: the sequence number is invalid.

netsvcs: ias - c:\windows\system32\ias [2009/02/04 22:28:09 | 000,000,000 | ---d | m]
netsvcs: iprip - c:\windows\system32\iprip.dll (microsoft corporation)
netsvcs: irmon - file not found
netsvcs: nwcworkstation - file not found
netsvcs: nwsapagent - file not found
netsvcs: wmi - c:\windows\system32\wmi.dll (microsoft corporation)
netsvcs: wmdmpmsp - file not found

createrestorepoint
error starting restore point: 31
error closing restore point: the sequence number is invalid.

========== files/folders - created within 30 days ==========

[2010/04/28 15:24:02 | 000,563,712 | ---- | c] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe
[2010/04/26 23:38:49 | 000,000,000 | ---d | c] -- c:\jcreatorv3le
[2010/04/26 23:24:14 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\mijn documenten\tempdir1
[2010/04/26 14:43:00 | 000,000,000 | ---d | c] -- c:\program files\trend micro
[2010/04/25 23:21:48 | 000,000,000 | rh-d | c] -- c:\documents and settings\danny\onlangs geopend
[2010/04/23 23:47:26 | 000,000,000 | ---d | c] -- c:\windows\system32\mpenginestore
[2010/04/23 21:59:59 | 000,000,000 | ---d | c] -- c:\f4a63cc75f435f2f9e8da56e02
[2010/04/23 16:36:53 | 000,000,000 | ---d | c] -- c:\345abd741b13f436ee65279291
[2010/04/22 20:00:04 | 000,000,000 | ---d | c] -- c:\program files\panda security
[2010/04/22 15:13:48 | 000,000,000 | ---d | c] -- c:\documents and settings\all users\application data\sun
[2010/04/22 15:12:55 | 000,411,368 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2010/04/22 15:12:55 | 000,153,376 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2010/04/22 15:12:55 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2010/04/22 15:12:55 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\java.exe
[2010/04/22 13:52:11 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\application data\f-secure
[2010/04/22 13:46:07 | 000,000,000 | ---d | c] -- c:\documents and settings\networkservice\local settings\application data\f-secure
[2010/04/22 13:45:36 | 000,080,000 | ---- | c] (f-secure corporation) -- c:\windows\system32\drivers\fsdfw.sys
[2010/04/22 13:43:15 | 000,000,000 | ---d | c] -- c:\program files\telenet security pack
[2010/04/22 13:25:50 | 000,000,000 | ---d | c] -- c:\documents and settings\all users\application data\fssg
[2010/04/22 13:25:02 | 000,000,000 | ---d | c] -- c:\documents and settings\all users\application data\f-secure
[2010/04/19 19:27:26 | 000,000,000 | ---d | c] -- c:\program files\common files\java
[2010/04/19 19:27:25 | 000,000,000 | ---d | c] -- c:\j2sdk1.4.2_05
[2010/04/15 23:50:36 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\mijn documenten\unzipped
[2010/04/15 20:29:10 | 003,788,696 | ---- | c] (sammsoft ) -- c:\documents and settings\danny\mijn documenten\avg.exe
[2010/04/15 20:18:34 | 000,000,000 | ---d | c] -- c:\documents and settings\danny\local settings\application data\winzip
[2010/04/15 20:17:40 | 000,000,000 | ---d | c] -- c:\program files\winzip
[2010/04/12 22:47:54 | 000,000,000 | ---d | c] -- c:\af00b01c6bd606c2dc1d59678a20b807
[2010/04/12 20:02:00 | 000,000,000 | ---d | c] -- c:\program files\windows live safety center
[2010/04/12 19:41:24 | 000,181,632 | ---- | c] (microsoft corporation) -- c:\windows\system32\mpsigstub.exe
[2010/04/11 23:09:37 | 000,000,000 | ---d | c] -- c:\program files\windows defender
[2009/02/22 16:56:29 | 000,061,440 | ---- | c] ( ) -- c:\windows\system32\vsnpstd3.dll
[2009/02/22 16:56:29 | 000,053,248 | ---- | c] ( ) -- c:\windows\system32\csnpstd3.dll
[7 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

========== files - modified within 30 days ==========

[2010/04/28 15:33:00 | 000,000,470 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{5abf5503-e857-48a8-9314-2fa84f23ed25}.job
[2010/04/28 15:24:04 | 000,563,712 | ---- | m] (oldtimer tools) -- c:\documents and settings\danny\bureaublad\otl.exe
[2010/04/28 15:18:16 | 000,000,592 | ---- | m] () -- c:\documents and settings\danny\bureaublad\taskmanager.reg
[2010/04/28 15:04:33 | 000,000,422 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{ff5c6b1f-4f3f-49d1-8a9b-bb93601c22c1}.job
[2010/04/28 14:53:19 | 000,001,134 | ---- | m] () -- c:\windows\tasks\googleupdatetaskusers-1-5-21-1229272821-630328440-839522115-1004ua.job
[2010/04/28 14:44:34 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogalogon.job
[2010/04/28 14:44:31 | 000,012,732 | ---- | m] () -- c:\windows\system32\wpa.dbl
[2010/04/28 14:44:25 | 000,001,038 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2010/04/28 14:44:25 | 000,000,380 | ---- | m] () -- c:\windows\tasks\filecure startup.job
[2010/04/28 14:44:16 | 000,000,006 | -h-- | m] () -- c:\windows\tasks\sa.dat
[2010/04/28 14:44:14 | 000,002,048 | --s- | m] () -- c:\windows\bootstat.dat
[2010/04/28 01:12:55 | 006,815,744 | ---- | m] () -- c:\documents and settings\danny\ntuser.dat
[2010/04/28 01:12:55 | 000,000,188 | -hs- | m] () -- c:\documents and settings\danny\ntuser.ini
[2010/04/28 00:00:04 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogadaily.job
[2010/04/27 15:53:00 | 000,001,082 | ---- | m] () -- c:\windows\tasks\googleupdatetaskusers-1-5-21-1229272821-630328440-839522115-1004core.job
[2010/04/26 23:38:50 | 000,000,518 | ---- | m] () -- c:\documents and settings\danny\bureaublad\jcreator le.lnk
[2010/04/26 23:18:23 | 000,322,143 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\hoofdstuk_1_bijlage.pdf
[2010/04/26 22:03:13 | 000,001,734 | ---- | m] () -- c:\documents and settings\danny\bureaublad\hijackthis.lnk
[2010/04/26 21:11:50 | 000,586,576 | ---- | m] () -- c:\windows\system32\perfh013.dat
[2010/04/26 21:11:50 | 000,493,534 | ---- | m] () -- c:\windows\system32\perfh009.dat
[2010/04/26 21:11:50 | 000,120,204 | ---- | m] () -- c:\windows\system32\perfc013.dat
[2010/04/26 21:11:50 | 000,091,012 | ---- | m] () -- c:\windows\system32\perfc009.dat
[2010/04/26 21:11:33 | 001,311,950 | ---- | m] () -- c:\windows\system32\perfstringbackup.ini
[2010/04/26 14:42:03 | 001,402,880 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\hijackthis.msi
[2010/04/25 01:32:00 | 000,000,330 | -h-- | m] () -- c:\windows\tasks\mp scheduled scan.job
[2010/04/24 20:00:00 | 000,000,404 | ---- | m] () -- c:\windows\tasks\registry winner schedule.job
[2010/04/24 17:48:43 | 000,305,152 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\windiag.iso
[2010/04/23 17:34:21 | 000,000,256 | ---- | m] () -- c:\documents and settings\danny\bureaublad\problemen met stuurprogramma's voor hardware en software oplossen in windows xp.url
[2010/04/19 16:14:17 | 000,001,729 | ---- | m] () -- c:\documents and settings\all users\bureaublad\adobe reader 9.lnk
[2010/04/19 00:17:19 | 000,000,548 | ---- | m] () -- c:\documents and settings\danny\mijn documenten\tempdir.java
[2010/04/19 00:06:00 | 000,000,364 | ---- | m] () -- c:\windows\tasks\filecure.job
[2010/04/15 20:40:31 | 000,000,666 | ---- | m] () -- c:\documents and settings\all users\bureaublad\mcafee easynetwork.lnk
[2010/04/15 20:40:01 | 000,027,031 | ---- | m] () -- c:\windows\system32\config.mpf
[2010/04/15 20:29:10 | 003,788,696 | ---- | m] (sammsoft ) -- c:\documents and settings\danny\mijn documenten\avg.exe
[2010/04/15 20:18:05 | 000,001,732 | ---- | m] () -- c:\documents and settings\all users\bureaublad\winzip.lnk
[2010/04/15 20:18:05 | 000,001,660 | ---- | m] () -- c:\documents and settings\all users\menu start\programma's\opstarten\winzip quick pick.lnk
[2010/04/12 17:29:27 | 000,153,376 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javacpl.cpl
[2010/04/12 01:15:29 | 000,012,674 | ---- | m] () -- c:\windows\system32\wpa.bak
[2010/04/08 14:29:32 | 000,063,360 | ---- | m] (pc tools) -- c:\windows\system32\drivers\pctplsg.sys
[7 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

========== files created - no company name ==========

[2010/04/28 15:18:15 | 000,000,592 | ---- | c] () -- c:\documents and settings\danny\bureaublad\taskmanager.reg
[2010/04/26 23:18:22 | 000,322,143 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\hoofdstuk_1_bijlage.pdf
[2010/04/26 14:43:00 | 000,001,734 | ---- | c] () -- c:\documents and settings\danny\bureaublad\hijackthis.lnk
[2010/04/26 14:42:02 | 001,402,880 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\hijackthis.msi
[2010/04/25 14:18:27 | 000,000,470 | -h-- | c] () -- c:\windows\tasks\user_feed_synchronization-{5abf5503-e857-48a8-9314-2fa84f23ed25}.job
[2010/04/24 17:48:43 | 000,305,152 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\windiag.iso
[2010/04/23 17:34:21 | 000,000,256 | ---- | c] () -- c:\documents and settings\danny\bureaublad\problemen met stuurprogramma's voor hardware en software oplossen in windows xp.url
[2010/04/19 20:21:54 | 000,000,518 | ---- | c] () -- c:\documents and settings\danny\bureaublad\jcreator le.lnk
[2010/04/19 00:17:19 | 000,000,548 | ---- | c] () -- c:\documents and settings\danny\mijn documenten\tempdir.java
[2010/04/15 20:39:36 | 000,000,666 | ---- | c] () -- c:\documents and settings\all users\bureaublad\mcafee easynetwork.lnk
[2010/04/15 20:18:05 | 000,001,732 | ---- | c] () -- c:\documents and settings\all users\bureaublad\winzip.lnk
[2010/04/15 20:18:05 | 000,001,660 | ---- | c] () -- c:\documents and settings\all users\menu start\programma's\opstarten\winzip quick pick.lnk
[2010/04/11 23:29:32 | 000,000,330 | -h-- | c] () -- c:\windows\tasks\mp scheduled scan.job
[2009/11/24 15:50:31 | 000,178,176 | ---- | c] () -- c:\windows\system32\unrar.dll
[2009/11/24 15:50:30 | 000,000,038 | ---- | c] () -- c:\windows\avisplitter.ini
[2009/11/24 15:50:26 | 000,881,664 | ---- | c] () -- c:\windows\system32\xvidcore.dll
[2009/11/24 15:50:25 | 000,205,824 | ---- | c] () -- c:\windows\system32\xvidvfw.dll
[2009/11/24 15:50:20 | 000,085,504 | ---- | c] () -- c:\windows\system32\ff_vfw.dll
[2009/11/24 15:50:20 | 000,000,547 | ---- | c] () -- c:\windows\system32\ff_vfw.dll.manifest
[2009/06/22 21:35:35 | 000,000,000 | ---- | c] () -- c:\windows\mngui.ini
[2009/06/11 19:05:39 | 000,000,754 | ---- | c] () -- c:\windows\wordpad.ini
[2009/05/30 00:42:20 | 000,309,248 | ---- | c] () -- c:\windows\system32\sqlite36_engine.dll
[2009/04/12 23:21:06 | 000,000,239 | ---- | c] () -- c:\windows\net2fone.ini
[2009/03/18 01:26:50 | 000,000,069 | ---- | c] () -- c:\windows\nerodigital.ini
[2009/03/11 21:01:28 | 000,023,552 | ---- | c] () -- c:\windows\system32\directcom.dll
[2009/02/22 16:56:29 | 000,015,493 | ---- | c] () -- c:\windows\snpstd3.ini
[2009/02/22 16:18:04 | 000,000,097 | ---- | c] () -- c:\windows\system32\picsdk.ini
[2009/02/22 16:16:35 | 000,000,027 | ---- | c] () -- c:\windows\cde dx4400defgips.ini
[2009/02/21 09:25:20 | 000,691,592 | ---- | c] () -- c:\windows\system32\ogacheckcontrol.dll
[2009/02/10 15:45:07 | 000,147,456 | ---- | c] () -- c:\windows\system32\rtlcpapi.dll
[2008/05/26 23:22:14 | 000,017,438 | ---- | c] () -- c:\windows\system32\gthrctr.ini
[2008/05/26 23:22:10 | 000,023,146 | ---- | c] () -- c:\windows\system32\idxcntrs.ini
[2008/05/26 23:22:06 | 000,016,842 | ---- | c] () -- c:\windows\system32\gsrvctr.ini

========== lop check ==========

[2009/06/15 23:55:17 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\118c
[2009/03/07 21:35:01 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\11b5
[2009/03/07 21:15:29 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\1d2ee
[2009/03/07 21:36:06 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\6bb
[2010/01/14 15:17:26 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\applications
[2009/06/09 11:11:03 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\azureus
[2009/11/23 21:29:17 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\disk cleaner
[2009/04/21 13:50:49 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\downloaded installations
[2009/02/22 16:15:36 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\epson
[2010/04/26 21:11:53 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\f-secure
[2010/02/16 08:17:38 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\filecure
[2010/04/26 21:09:03 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\fssg
[2010/03/24 00:31:35 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\lightscribe
[2009/08/11 22:04:18 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\logmein
[2009/06/21 21:26:20 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\musicnotes
[2009/10/10 22:19:37 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\pc drivers headquarters
[2010/04/28 14:45:21 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\temp
[2009/02/22 16:21:40 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\udl
[2010/04/15 20:18:38 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\winzip
[2010/03/26 21:33:09 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{12ffefc2-229f-4d39-8f34-1db63d04fabc}
[2009/10/18 17:28:02 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{3276be95_af08_429f_a64f_ca64cb79bcf6}
[2010/01/12 22:31:55 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{755ac846-7372-4ac8-8550-c52491daa8bd}
[2009/06/23 03:39:48 | 000,000,000 | ---d | m] -- c:\documents and settings\all users\application data\{8cd7f5af-ecfa-4793-bf40-d8f42dbff906}
[2009/10/26 21:53:24 | 000,000,000 | -hsd | m] -- c:\documents and settings\danny\application data\.#
[2009/06/09 11:14:33 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\azureus
[2009/06/09 20:39:49 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\cometnetwork
[2010/01/19 20:15:30 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\epson
[2010/04/22 13:52:11 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\f-secure
[2010/03/26 21:32:45 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\fighters
[2009/04/14 18:57:17 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\filezilla
[2009/02/18 18:20:03 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\getrighttogo
[2010/01/30 21:10:17 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\icaclient
[2010/03/06 12:09:46 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\leadertech
[2009/05/21 22:56:53 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\openoffice.org
[2009/06/22 21:33:13 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\teleca
[2009/07/04 17:26:17 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\uniblue
[2010/02/26 23:17:54 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\van dale
[2009/02/16 21:34:06 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\vandale
[2009/06/14 21:51:13 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\wallpapers
[2009/03/29 02:19:29 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\windows desktop search
[2009/03/29 04:29:19 | 000,000,000 | ---d | m] -- c:\documents and settings\danny\application data\windows search
[2010/04/28 14:44:25 | 000,000,380 | ---- | m] () -- c:\windows\tasks\filecure startup.job
[2010/04/19 00:06:00 | 000,000,364 | ---- | m] () -- c:\windows\tasks\filecure.job
[2010/02/15 02:16:34 | 000,000,346 | ---- | m] () -- c:\windows\tasks\mcdefragtask.job
[2009/10/26 16:50:08 | 000,000,318 | ---- | m] () -- c:\windows\tasks\mcqctask.job
[2010/04/25 01:32:00 | 000,000,330 | -h-- | m] () -- c:\windows\tasks\mp scheduled scan.job
[2010/04/28 00:00:04 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogadaily.job
[2010/04/28 14:44:34 | 000,000,224 | ---- | m] () -- c:\windows\tasks\ogalogon.job
[2010/04/24 20:00:00 | 000,000,404 | ---- | m] () -- c:\windows\tasks\registry winner schedule.job
[2010/04/28 15:38:00 | 000,000,470 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{5abf5503-e857-48a8-9314-2fa84f23ed25}.job
[2010/04/28 15:04:33 | 000,000,422 | -h-- | m] () -- c:\windows\tasks\user_feed_synchronization-{ff5c6b1f-4f3f-49d1-8a9b-bb93601c22c1}.job

========== purity check ==========



========== custom scans ==========


< klik daarin onder "output" rechts bovenaan: minimal output aan >

< zet een vinkje bij: "lop check" en "purity check" rechtsonder >

< >

< %systemdrive%\*.exe >


< md5 for: agp440.sys >
[2004/08/04 14:00:00 | 018,788,859 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp2.cab:agp440.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp3.cab:agp440.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\servicepackfiles\i386\sp3.cab:agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | m] (microsoft corporation) md5=08fd04aa961bdc77fb983f328334e3d7 -- c:\windows\servicepackfiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | m] (microsoft corporation) md5=08fd04aa961bdc77fb983f328334e3d7 -- c:\windows\system32\drivers\agp440.sys

< md5 for: atapi.sys >
[2004/08/04 14:00:00 | 018,788,859 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp2.cab:atapi.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\driver cache\i386\sp3.cab:atapi.sys
[2009/02/19 18:22:03 | 023,899,725 | ---- | m] () .cab file -- c:\windows\servicepackfiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | m] (microsoft corporation) md5=9f3a2f5aa6875c72bf062c712cfa2674 -- c:\windows\servicepackfiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | m] (microsoft corporation) md5=9f3a2f5aa6875c72bf062c712cfa2674 -- c:\windows\system32\drivers\atapi.sys
[2004/08/04 14:00:00 | 000,095,360 | ---- | m] (microsoft corporation) md5=cdfe4411a69c224bd1d11b2da92dac51 -- c:\windows\system32\reinstallbackups\0000\driverfiles\i386\atapi.sys

< md5 for: eventlog.dll >
[2008/04/14 19:02:25 | 000,056,320 | ---- | m] (microsoft corporation) md5=ca64b9406eeda4ffa2daeae1dabcce42 -- c:\windows\servicepackfiles\i386\eventlog.dll
[2008/04/14 19:02:25 | 000,056,320 | ---- | m] (microsoft corporation) md5=ca64b9406eeda4ffa2daeae1dabcce42 -- c:\windows\system32\eventlog.dll

< md5 for: netlogon.dll >
[2008/04/14 19:02:33 | 000,407,040 | ---- | m] (microsoft corporation) md5=e6a7071df6855ab7cccc220ac3aad087 -- c:\windows\servicepackfiles\i386\netlogon.dll
[2008/04/14 19:02:33 | 000,407,040 | ---- | m] (microsoft corporation) md5=e6a7071df6855ab7cccc220ac3aad087 -- c:\windows\system32\netlogon.dll

< md5 for: scecli.dll >
[2008/04/14 19:02:39 | 000,185,856 | ---- | m] (microsoft corporation) md5=0e3b585761e23c1e35442e972b7e45f9 -- c:\windows\servicepackfiles\i386\scecli.dll
[2008/04/14 19:02:39 | 000,185,856 | ---- | m] (microsoft corporation) md5=0e3b585761e23c1e35442e972b7e45f9 -- c:\windows\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | m] (microsoft corporation) unable to obtain md5 -- c:\windows\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | m] (microsoft corporation) unable to obtain md5 -- c:\windows\system32\dxtrans.dll
[1 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< %systemroot%\*. /mp /s >

========== alternate data streams ==========

@alternate data stream - 125 bytes -> c:\documents and settings\all users\application data\temp:89e253fe
@alternate data stream - 116 bytes -> c:\documents and settings\all users\application data\temp:d1b5b4f1
@alternate data stream - 114 bytes -> c:\documents and settings\all users\application data\temp:dfc5a2b2
< end of report >

[/hjt]
--- automatische edit ---
Zo,Dag Kingpin...Ik ben blij dat het me gelukt is al de stappenvanaf de fix otl scan en kleurcodering zijn gelukt.:wink:dank zij Uw hulp natuurlijk,maar het is toch plezant iets te doen waarvan ik anders alleen maar van kon dromen.Ik ga het nog eens bekijken,maar zo te zien was alles ok...
--- automatische edit ---
O ja,ik heb ook de taskmanager gedraaid en taakbeheer werkt ook alweer als een fluitje van een cent...:huh:
 
Laatst bewerkt door een moderator:
[hjt]
ootl extras logfile created on: 28/04/2010 15:35:03 - run 1
otl by oldtimer - version 3.2.3.0 folder = c:\documents and settings\danny\bureaublad
windows xp home edition service pack 3 (version = 5.1.2600) - type = ntworkstation
internet explorer (version = 8.0.6001.18702)
locale: 00000813 | country: belgi | language: nlb | date format: d/mm/yyyy
479,00 mb total physical memory | 72,00 mb available physical memory | 15,00% memory free
1,00 gb paging file | 1,00 gb available in paging file | 64,00% paging file free
paging file location(s): c:\pagefile.sys 720 1440 [binary data]
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 149,04 gb total space | 117,85 gb free space | 79,07% space free | partition type: ntfs
d: drive not present or media not loaded
e: drive not present or media not loaded
f: drive not present or media not loaded
g: drive not present or media not loaded
h: drive not present or media not loaded
i: drive not present or media not loaded
computer name: blackflag
current user name: danny
logged in as administrator.
current boot mode: normal
scan mode: current user
company name whitelist: off
skip microsoft files: off
file age = 30 days
output = standard
========== extra registry (safelist) ==========
========== file associations ==========
[hkey_local_machine\software\classes\<extension>]
.js [@ = jsfile] -- reg error: key error. file not found
========== shell spawning ==========
[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- c:\program files\microsoft office\office12\msohtmed.exe %1 (microsoft corporation)
htmlfile [print] -- c:\program files\microsoft office\office12\msohtmed.exe /p %1 (microsoft corporation)
jsfile [open] -- reg error: key error.
piffile [open] -- "%1" %*
regfile [merge] -- reg error: key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l (microsoft corporation)
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: key error.
unknown [openas] -- reg error: key error.
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
directory [onenote.open] -- c:\progra~1\micros~2\office12\onenote.exe "%l" (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe /idlist,%i,%l (microsoft corporation)
folder [explore] -- %systemroot%\explorer.exe /e,/idlist,%i,%l (microsoft corporation)
drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
========== security center settings ==========
[hkey_local_machine\software\microsoft\security center]
"firstrundisabled" = 1
"antivirusdisablenotify" = 0
"firewalldisablenotify" = 0
"updatesdisablenotify" = 0
"antivirusoverride" = 0
"firewalloverride" = 0
[hkey_local_machine\software\microsoft\security center\monitoring]
"disablemonitoring" = 1
[hkey_local_machine\software\microsoft\security center\monitoring\ahnlabantivirus]
[hkey_local_machine\software\microsoft\security center\monitoring\computerassociatesantivirus]
[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
[hkey_local_machine\software\microsoft\security center\monitoring\pandaantivirus]
[hkey_local_machine\software\microsoft\security center\monitoring\pandafirewall]
[hkey_local_machine\software\microsoft\security center\monitoring\sophosantivirus]
[hkey_local_machine\software\microsoft\security center\monitoring\symantecantivirus]
"disablemonitoring" = 1
[hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall]
"disablemonitoring" = 1
[hkey_local_machine\software\microsoft\security center\monitoring\tinyfirewall]
[hkey_local_machine\software\microsoft\security center\monitoring\trendantivirus]
[hkey_local_machine\software\microsoft\security center\monitoring\trendfirewall]
[hkey_local_machine\software\microsoft\security center\monitoring\zonelabsfirewall]
[hkey_local_machine\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile]
[hkey_local_machine\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\globallyopenports\list]
"1900:udp" = 1900:udp:localsubnet:enabled:@xpsp2res.dll,-22007
"2869:tcp" = 2869:tcp:localsubnet:enabled:@xpsp2res.dll,-22008
"3587:tcp" = 3587:tcp:*:enabled:windows peer-to-peer-groepering
"3540:udp" = 3540:udp:*:enablednrp (peer name resolution protocol)
"139:tcp" = 139:tcp:*:enabled:@xpsp2res.dll,-22004
"445:tcp" = 445:tcp:*:enabled:@xpsp2res.dll,-22005
"137:udp" = 137:udp:*:enabled:@xpsp2res.dll,-22001
"138:udp" = 138:udp:*:enabled:@xpsp2res.dll,-22002
[hkey_local_machine\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile]
"enablefirewall" = 1
"donotallowexceptions" = 0
"disablenotifications" = 0
[hkey_local_machine\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\globallyopenports\list]
"1900:udp" = 1900:udp:localsubnet:enabled:@xpsp2res.dll,-22007
"2869:tcp" = 2869:tcp:localsubnet:enabled:@xpsp2res.dll,-22008
"3587:tcp" = 3587:tcp:*:enabled:windows peer-to-peer-groepering
"3540:udp" = 3540:udp:*:enablednrp (peer name resolution protocol)
"1947:tcp" = 1947:tcp:*:enabled:hasp srm
"1947:udp" = 1947:udp:*:enabled:hasp srm
"23078:tcp" = 23078:tcp:*:enabled:bitcomet 23078 tcp
"23078:udp" = 23078:udp:*:enabled:bitcomet 23078 udp
"139:tcp" = 139:tcp:localsubnet:enabled:@xpsp2res.dll,-22004
"445:tcp" = 445:tcp:localsubnet:enabled:@xpsp2res.dll,-22005
"137:udp" = 137:udp:localsubnet:enabled:@xpsp2res.dll,-22001
"138:udp" = 138:udp:localsubnet:enabled:@xpsp2res.dll,-22002
========== authorized applications list ==========
[hkey_local_machine\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
c:\program files\microsoft office communicator\communicator.exe = c:\program files\microsoft office communicator\communicator.exe:*:enabled:microsoft office communicator 2007 -- (microsoft corporation)
c:\program files\windows live\messenger\wlcsdk.exe = c:\program files\windows live\messenger\wlcsdk.exe:*:enabled:windows live call -- (microsoft corporation)
c:\program files\windows live\sync\windowslivesync.exe = c:\program files\windows live\sync\windowslivesync.exe:*:enabled:windows live sync -- (microsoft corporation)
[hkey_local_machine\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
c:\windows\system32\usmt\migwiz.exe = c:\windows\system32\usmt\migwiz.exe:*:enabled:wiza rd bestanden en instellingen overzetten -- (microsoft corporation)
c:\program files\common files\ahead\nero web\setupx.exe = c:\program files\common files\ahead\nero web\setupx.exe:*:enabled:nero productsetup -- file not found
c:\documents and settings\danny\local settings\temp\nero web\setupxu.exe = c:\documents and settings\danny\local settings\temp\nero web\setupxu.exe:*:enabled:nero productsetup -- file not found
c:\program files\hercules\classic silver\station2.exe = c:\program files\hercules\classic silver\station2.exe:*:enabled:hercules webcam station evolution -- (guillemot corporation s.a.)
c:\program files\imesh applications\imesh\imesh.exe = c:\program files\imesh applications\imesh\imesh.exe:*:enabled:imesh -- file not found
c:\program files\spiceworks\bin\spiceworks.exe = c:\program files\spiceworks\bin\spiceworks.exe:*:enabled:spic eworks -- file not found
c:\program files\netscape\netscape 6\netscp6.exe = c:\program files\netscape\netscape 6\netscp6.exe:*:enabled:netscp6 -- ()
c:\program files\vuze\azureus.exe = c:\program files\vuze\azureus.exe:*:enabled:azureus -- file not found
c:\program files\bitcomet\bitcomet.exe = c:\program files\bitcomet\bitcomet.exe:*:enabled:bitcomet.exe -- file not found
c:\program files\microsoft office\office12\outlook.exe = c:\program files\microsoft office\office12\outlook.exe:*:enabled:microsoft office outlook -- (microsoft corporation)
c:\program files\microsoft office\office12\groove.exe = c:\program files\microsoft office\office12\groove.exe:*:enabled:microsoft office groove -- (microsoft corporation)
c:\program files\microsoft office\office12\onenote.exe = c:\program files\microsoft office\office12\onenote.exe:*:enabled:microsoft office onenote -- (microsoft corporation)
c:\program files\microsoft office communicator\communicator.exe = c:\program files\microsoft office communicator\communicator.exe:*:enabled:microsoft office communicator 2007 -- (microsoft corporation)
c:\documents and settings\danny\local settings\application data\google\google talk plugin\googletalkplugin.dll = c:\documents and settings\danny\local settings\application data\google\google talk plugin\googletalkplugin.dll:*:enabled:google talk plugin -- (google)
c:\documents and settings\danny\local settings\application data\google\google talk plugin\googletalkplugin.exe = c:\documents and settings\danny\local settings\application data\google\google talk plugin\googletalkplugin.exe:*:enabled:google talk plugin -- (google)
c:\program files\java\jre6\bin\java.exe = c:\program files\java\jre6\bin\java.exe:*:enabled:java(tm) platform se binary -- (sun microsystems, inc.)
c:\program files\common files\mcafee\mna\mcnasvc.exe = c:\program files\common files\mcafee\mna\mcnasvc.exe:*:enabled:mcafee network agent -- file not found
c:\program files\itunes\itunes.exe = c:\program files\itunes\itunes.exe:*:enabled:itunes -- (apple inc.)
c:\program files\windows live\messenger\wlcsdk.exe = c:\program files\windows live\messenger\wlcsdk.exe:*:enabled:windows live call -- (microsoft corporation)
c:\program files\windows live\sync\windowslivesync.exe = c:\program files\windows live\sync\windowslivesync.exe:*:enabled:windows live sync -- (microsoft corporation)
========== hkey_local_machine uninstall list ==========
[hkey_local_machine\software\microsoft\windows\curr entversion\uninstall]
"{002d9d5e-29ba-3e6d-9bc4-3d7d6dbc735c}" = microsoft visual c++ 2008 atl update kb973924 - x86 9.0.30729.4148
"{07287123-b8ac-41ce-8346-3d777245c35b}" = bonjour
"{101738d7-d805-37a9-bb91-1f2c351782bf}" = microsoft .net framework 3.5 language pack sp1 - nld
"{10f5387d-1728-423a-a578-b00982cf2646}" = windows live messenger
"{11005483-57f9-400c-bf9f-cbc47540705a}" = windows live photo gallery
"{1451de6b-abe1-4f62-be9a-b363a17588a2}" = quicktime
"{168f8bac-a269-48e9-bb7a-a51b594cf6ff}" = microsoft .net framework 1.1 dutch language pack
"{18455581-e099-4ba8-bc6b-f34b2f06600c}" = google toolbar for internet explorer
"{1fbf6c24-c1fd-4101-a42b-0c564f9e8e79}" = dvd suite
"{205c6bdd-7b73-42de-8505-9a093f35a238}" = windows live - hulpprogramma voor uploaden
"{20c45b32-5ab6-46a4-94ef-58950caf05e5}" = epson attach to email
"{2222b364-0854-4265-b32e-a142db9dc7bb}" = intel(r) pro network connections 11.2.0.69
"{22b775e7-6c42-4fc5-8e10-9a5e3257bd94}" = msvcrt
"{2318c2b1-4965-11d4-9b18-009027a5cd4f}" = google toolbar for internet explorer
"{26a24ae4-039d-4ca4-87b4-2f83216017ff}" = java(tm) 6 update 20
"{2750b389-a2d2-4953-99ca-27c1f2a8e6fd}" = microsoft sql server 2005 tools express edition
"{2869f5ea-93c3-48e5-80df-db696bc84a91}" = windows live mail
"{2a88f1bf-7041-4e42-84b1-6b4acb83ac64}" = epson scan assistant
"{2a8f82e8-7b86-4afd-bfbc-2ba4c2cf52db}" = windows live call
"{2afffdd7-ed85-4a90-8c52-5da9ebdc9b8f}" = microsoft sql server 2005 express edition (mssmlbiz)
"{2eb81825-e9ee-44f4-8f51-1240c3898dc6}" = epson file manager
"{326957c7-83fd-4550-a59a-849b7b4297de}" = microsoft easy assist v2
"{350c9413-3d7c-4ee8-baa9-00bcb3d54227}" = webfldrs xp
"{35a3a4f4-b792-11d6-a78a-00b0d0142050}" = java 2 sdk, se v1.4.2_05
"{35ca031c-d3cd-4a28-8d9b-c71466c4f045}" = windows live writer
"{3ac54383-31d1-4907-961b-b12cbb1d0ae8}" = mobileme control panel
"{3fa365df-2d68-45ed-8f83-8c8a33e65143}" = apple application support
"{45a66726-69bc-466b-a7a4-12fcba4883d7}" = hijackthis
"{4a03706f-666a-4037-7777-5f2748764d10}" = java auto updater
"{4cba3d4c-8f51-4d60-b27e-f6b641c571e7}" = microsoft search enhancement pack
"{53f5c3ee-05ed-4830-994b-50b2f0d50fce}" = microsoft sql server setup support files (english)
"{562b9ca4-6e52-4f87-acec-912fc004f1f0}" = windows live essentials
"{56b4002f-671c-49f4-984c-c760fe3806b5}" = microsoft sql server vss writer
"{56c049be-79e9-4502-bea7-9754a3e60f9b}" = neroxml
"{57f0ed40-8f11-41aa-b926-4a66d0d1a9cc}" = microsoft office live add-in 1.3
"{63a6e9a9-a190-46d4-9430-2db28654afd8}" = norton 360
"{66867bb8-fbc5-450b-8533-c6be2c9c4068}" = windows live family safety
"{67edd823-135a-4d59-87bd-950616d6e857}" = epson copy utility 3
"{6811caa0-bf12-11d4-9ea1-0050bae317e1}" = powerdvd
"{6956856f-b6b3-4be0-ba0b-8f495be32033}" = apple software update
"{6bb42024-d62a-33f5-b883-52069e2c9668}" = google talk plugin
"{7148f0a8-6813-11d6-a77b-00b0d0142050}" = java 2 runtime environment, se v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable
"{770657d0-a123-3c07-8e44-1c83ec895118}" = microsoft visual c++ 2005 atl update kb973923 - x86 8.0.50727.4053
"{7e1fbcb0-500c-4a0d-ac9c-b1b76e75666b}" = windows live aanmeldhulp
"{7f10292c-a190-4176-a665-a1ed3478df86}" = lightscribe system software
"{7f14f68c-17fa-4f88-b3fd-7f449c1ebf32}" = epson web-to-page
"{85ff5632-166b-4af4-b899-939b1ddb606a}" = van dale praktijkwoordenboek engels
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = microsoft silverlight
"{8a708dd8-a5e6-11d4-a706-000629e95e20}" = intel(r) extreme graphics 2 driver
"{8a74e887-8f0f-4017-af53-cba42211aaa5}" = microsoft sync framework runtime native v1.0 (x86)
"{8dac1ae4-33d1-4a78-8a42-00e09edecc3e}" = camera raw plug-in for epson creativity suite
"{90120000-0010-0413-0000-0000000ff1ce}" = microsoft software update for web folders (dutch) 12
"{90120000-0015-0413-0000-0000000ff1ce}" = microsoft office access mui (dutch) 2007
"{90120000-0015-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-0016-0413-0000-0000000ff1ce}" = microsoft office excel mui (dutch) 2007
"{90120000-0016-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-0018-0413-0000-0000000ff1ce}" = microsoft office powerpoint mui (dutch) 2007
"{90120000-0018-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-0019-0413-0000-0000000ff1ce}" = microsoft office publisher mui (dutch) 2007
"{90120000-0019-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-001a-0413-0000-0000000ff1ce}" = microsoft office outlook mui (dutch) 2007
"{90120000-001a-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-001b-0413-0000-0000000ff1ce}" = microsoft office word mui (dutch) 2007
"{90120000-001b-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-001f-0407-0000-0000000ff1ce}" = microsoft office proof (german) 2007
"{90120000-001f-0407-0000-0000000ff1ce}_enterpriser_{a0516415-ed61-419a-981d-93596da74165}" = microsoft office proofing tools 2007 service pack 2 (sp2)
"{90120000-001f-0409-0000-0000000ff1ce}" = microsoft office proof (english) 2007
"{90120000-001f-0409-0000-0000000ff1ce}_enterpriser_{abdde972-355b-4af1-89a8-da50b7b5c045}" = microsoft office proofing tools 2007 service pack 2 (sp2)
"{90120000-001f-040c-0000-0000000ff1ce}" = microsoft office proof (french) 2007
"{90120000-001f-040c-0000-0000000ff1ce}_enterpriser_{f580ddd5-8d37-4998-968e-ebb76bb86787}" = microsoft office proofing tools 2007 service pack 2 (sp2)
"{90120000-001f-0413-0000-0000000ff1ce}" = microsoft office proof (dutch) 2007
"{90120000-001f-0413-0000-0000000ff1ce}_enterpriser_{d66d5a44-e480-4ba4-b4f2-c554f6b30ebb}" = microsoft office proofing tools 2007 service pack 2 (sp2)
"{90120000-002c-0413-0000-0000000ff1ce}" = microsoft office proofing (dutch) 2007
"{90120000-0044-0413-0000-0000000ff1ce}" = microsoft office infopath mui (dutch) 2007
"{90120000-0044-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-006e-0413-0000-0000000ff1ce}" = microsoft office shared mui (dutch) 2007
"{90120000-006e-0413-0000-0000000ff1ce}_enterpriser_{89c8e56a-90d8-4598-b0e6-eb28f6270e07}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-00a1-0413-0000-0000000ff1ce}" = microsoft office onenote mui (dutch) 2007
"{90120000-00a1-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{90120000-00ba-0413-0000-0000000ff1ce}" = microsoft office groove mui (dutch) 2007
"{90120000-00ba-0413-0000-0000000ff1ce}_enterpriser_{dc387aa5-94a6-4920-b004-d59846526d81}" = microsoft office 2007 service pack 2 (sp2)
"{91120000-0030-0000-0000-0000000ff1ce}" = microsoft office enterprise 2007
"{91120000-0030-0000-0000-0000000ff1ce}_enterpriser_{0b36c6d6-f5d8-4eaf-bf94-4376a230ad5b}" = microsoft office 2007 service pack 2 (sp2)
"{91120000-0030-0000-0000-0000000ff1ce}_enterpriser_{3d019598-7b59-447a-80ae-815b703b84ff}" = security update for microsoft office system 2007 (972581)
"{94a065e8-455d-41c1-af1f-f0c1af8f50f3}" = microsoft intellitype pro 7.0
"{95120000-00b9-0409-0000-0000000ff1ce}" = microsoft application error reporting
"{95120000-0122-0413-0000-0000000ff1ce}" = microsoft office outlook connector
"{98455b44-3f4b-4b0b-95dd-78828c1680b6}" = disc2phone
"{9a1027ce-83f6-3cb2-b9ba-9da38d0907d0}" = microsoft .net framework 2.0 service pack 2 language pack - nld
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.17
"{a1f66fc9-11ee-4f2f-98c9-16f8d1e69fb7}" = segoe ui
"{a3051cd0-2f64-3813-a88d-b8dccde8f8c7}" = microsoft .net framework 3.0 service pack 2
"{a6fdf86a-f541-4e7b-aea0-8849a2a700d5}" = itunes
"{aadea55d-c834-4bcb-98a3-4b8d1c18f4ee}" = apple mobile device support
"{ac76ba86-7ad7-1043-7b44-a93000000001}" = adobe reader 9.3.2 - nederlands
"{ade14c1e-aa43-45d3-88e5-00767d31b0e8}" = oga notifier 1.7.0105.35.0
"{b43a3c5d-7f74-4493-840e-d7b74520bc19}" = pdf download for internet explorer
"{b4cf72ff-4a3f-44a7-bff2-31a8e1cc70b6}" = application compatibility toolkit
"{b66e665a-df96-4c38-9422-c7f74bc1b4e5}" = epson easy photo print
"{b8bc806d-0703-11d4-bb23-006008676af8}" = sony ericsson communications suite
"{bca965e7-d7db-4e12-9078-91624ae41043}" = nero 8 essentials
"{bd64af4a-8c80-4152-ad77-fcddf05208ab}" = microsoft sync framework services native v1.0 (x86)
"{bd68f46d-8a82-4664-8e68-f87c55bdefd4}" = microsoft sql server native client
"{c09fb3cd-3d0c-3f2d-899a-6a1d67f2073f}" = microsoft .net framework 2.0 service pack 2
"{cb2f7edd-9d1f-43c1-90fc-4f52eae172a1}" = microsoft .net framework 1.1
"{cb84f0f2-927b-458d-9dc5-87832e3dc653}" = geardrvs
"{cd19edd9-1632-4002-9212-7478e4ba0423}" = windows live sync
"{cd95f661-a5c4-44f5-a6aa-ecdd91c240bd}" = winzip 14.5
"{ce2cdd62-0124-36ca-84d3-9f4dcf5c5bd9}" = microsoft .net framework 3.5 sp1
"{db69e0fb-ff6c-4c47-a048-c66710e79ee6}" = microsoft office communicator 2007
"{e2dfe069-083e-4631-9b6c-43c48e991de5}" = junk mail filter update
"{e2e7a0e8-77c4-495f-8fa3-63daedaa2db3}" = f-secure psc prerequisites
"{e51109e7-3818-4bc2-b3fd-a59ac2378a2b}" = windows live toolbar
"{e89956f9-5b89-470e-818d-bd46102d0a01}" = citrix presentation server client
"{ed00d08a-3c5f-488d-93a0-a04f21f23956}" = windows live communications platform
"{ef71a531-5b6c-4b20-8d1e-e6379c7fb6d3}" = microsoft intellipoint 7.0
"{f0b430d1-b6aa-473d-9b06-aa3dd01fd0b8}" = microsoft sql server 2005 compact edition [enu]
"{f0e12bba-ad66-4022-a453-a1c8a0c4d570}" = microsoft choice guard
"{f73ea8bf-81f5-32af-8d8a-24f12fd23b79}" = microsoft .net framework 3.0 service pack 2 language pack - nld
"{fb08f381-6533-4108-b7dd-039e11fbc27e}" = realtek ac'97 audio
"{fd4fe0f7-91fc-43a2-9c3a-187553991fff}" = hercules classic silver webcam
"adobe flash player plugin" = adobe flash player 10 plugin
"ccleaner" = ccleaner
"enterpriser" = microsoft office enterprise 2007
"epson printer and utilities" = epson-drucker-software
"epson scanner" = epson scan
"f-secure product 444" = f-secure internet security technology preview
"hijackthis" = hijackthis 2.0.2
"ie7" = windows internet explorer 7
"ie8" = windows internet explorer 8
"installshield_{20c45b32-5ab6-46a4-94ef-58950caf05e5}" = epson attach to email
"jcreator le_is1" = jcreator le 3.10
"klitecodecpack_is1" = k-lite codec pack 5.4.4 (full)
"microsoft .net framework 1.1 (1033)" = microsoft .net framework 1.1
"microsoft .net framework 3.5 language pack sp1 - nld" = taalpakket voor microsoft .net framework 3.5 sp1 - nl
"microsoft .net framework 3.5 sp1" = microsoft .net framework 3.5 sp1
"microsoft sql server 2005" = microsoft sql server 2005
"picasa 3" = picasa 3
"pkr" = pkr
"spyware doctor" = spyware doctor 7.0
"van dale groot woordenboek hedendaags nederlands" = van dale groot woordenboek hedendaags nederlands
"windows live onecare safety scanner" = windows live onecare safety scanner
"windows media format runtime" = windows media format 11 runtime
"windows media player" = windows media player 11
"winlivesuite_wave3" = windows live essentials
========== last 10 event log errors ==========
[ application events ]
error - 25/04/2010 17:00:45 | computer name = blackflag | source = application error | id = 1000
description = vastgelopen toepassing: vdpwe.exe, versie: 0.0.0.0, vastgelopen module:
vdpwe.exe, versie: 0.0.0.0, vastgelopen op: 0x0000302c.
error - 25/04/2010 17:00:48 | computer name = blackflag | source = application error | id = 1001
description = fout-bucket 00502427.
error - 25/04/2010 17:00:51 | computer name = blackflag | source = application error | id = 1001
description = fout-bucket 00502427.
error - 25/04/2010 17:44:42 | computer name = blackflag | source = application error | id = 1000
description = vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
module: unknown, versie: 0.0.0.0, vastgelopen op: 0x0376205c.
error - 25/04/2010 17:45:04 | computer name = blackflag | source = application error | id = 1001
description = fout-bucket 1115098458.
error - 25/04/2010 17:45:09 | computer name = blackflag | source = application error | id = 1000
description = vastgelopen toepassing: drwtsn32.exe, versie: 5.1.2600.0, vastgelopen
module: dbghelp.dll, versie: 5.1.2600.5512, vastgelopen op: 0x0001295d.
error - 25/04/2010 17:45:17 | computer name = blackflag | source = application error | id = 1001
description = fout-bucket 231521186.
error - 26/04/2010 7:53:05 | computer name = blackflag | source = google update | id = 20
description =
error - 28/04/2010 6:53:05 | computer name = blackflag | source = google update | id = 20
description =
error - 28/04/2010 7:53:05 | computer name = blackflag | source = google update | id = 20
description =
[ osession events ]
error - 22/04/2009 14:03:16 | computer name = blackflag | source = microsoft office 12 sessions | id = 7001
description = id: 0, application name: microsoft office word, application version:
12.0.4518.1014, microsoft office version: 12.0.4518.1014. this session lasted 103
seconds with 0 seconds of active time. this session ended with a crash.
error - 17/01/2010 18:50:55 | computer name = blackflag | source = microsoft office 12 sessions | id = 7001
description = id: 6, application name: microsoft office outlook, application version:
12.0.6514.5000, microsoft office version: 12.0.6425.1000. this session lasted 535
seconds with 60 seconds of active time. this session ended with a crash.
[ system events ]
error - 28/04/2010 6:07:00 | computer name = blackflag | source = dcom | id = 10010
description = de server {4991d34b-80a1-4291-83b6-3328366b9097} heeft zich binnen
de vereiste termijn niet bij dcom geregistreerd.
error - 28/04/2010 6:07:00 | computer name = blackflag | source = service control manager | id = 7023
description = de intelligente achtergrondsoverdrachtservice-service is gestopt met
de volgende foutcode: %%2.
error - 28/04/2010 6:07:30 | computer name = blackflag | source = dcom | id = 10010
description = de server {4991d34b-80a1-4291-83b6-3328366b9097} heeft zich binnen
de vereiste termijn niet bij dcom geregistreerd.
error - 28/04/2010 8:44:19 | computer name = blackflag | source = print | id = 19
description = delen van printer is mislukt + 1722, printer verzenden naar onenote
2007 sharenaam verzenden naar onenote 2007.
error - 28/04/2010 8:45:41 | computer name = blackflag | source = dcom | id = 10010
description = de server {4991d34b-80a1-4291-83b6-3328366b9097} heeft zich binnen
de vereiste termijn niet bij dcom geregistreerd.
error - 28/04/2010 8:45:54 | computer name = blackflag | source = service control manager | id = 7009
description = time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: fsma.
error - 28/04/2010 8:45:54 | computer name = blackflag | source = service control manager | id = 7034
description = de hasp license manager-service is onverwacht beindigd. dit is nu
1 keer gebeurd.
error - 28/04/2010 8:45:54 | computer name = blackflag | source = service control manager | id = 7023
description = de intelligente achtergrondsoverdrachtservice-service is gestopt met
de volgende foutcode: %%2.
error - 28/04/2010 8:45:54 | computer name = blackflag | source = service control manager | id = 7023
description = de intelligente achtergrondsoverdrachtservice-service is gestopt met
de volgende foutcode: %%2.
error - 28/04/2010 8:46:11 | computer name = blackflag | source = dcom | id = 10010
description = de server {4991d34b-80a1-4291-83b6-3328366b9097} heeft zich binnen
de vereiste termijn niet bij dcom geregistreerd.
< end of report >
[/hjt]
ei,te vroeg victorie gekraait.Moet dat tweede logje nog doen...Komt eraan...:fun:
--- automatische edit ---
Kleurcodering bij het tweede log lijkt niet gelukt.Sorry maar was ff de kluts kwijt.:fit:
--- automatische edit ---
Hello Kingpin,tot mijn teleurstelling is die spyware doctor nog altijd aanwezig.Dat is wel gerafineerd van die hacker(s) om juist een programma met die naam te gebruiken.als ik hem in configuratiescherm wil verwijderenkrijg ik de volgende boodschap"C:\rogram files\software doctoruninstal001 is missing.Please correct problem or obtain a new copy of the program"Zou ik misscien in program files de hele map eruit kunnen gooien?Ik weet het niet meer...:frusty::surrender
 
Laatst bewerkt door een moderator:
Status
Niet open voor verdere reacties.

Nieuwste berichten

Terug
Bovenaan