waarschijnlijk geinfecteerde laptop [Archief]

Volledige versie bekijken : waarschijnlijk geinfecteerde laptop

Magic49

13 September 2010, 00:11

Beste,

De problemen die ik ondervind met mijn laptop zijn de volgende:

- ik raak niet op alle websites, inhet bijzonder niet op diegene die te maken hebben met virussen e.d.
- Ik kan zowel Malwarebytes als Spybot niet opstarten, ook niet in safemode als administrator.

Hijachthis heb ik gelukkig nog wel kunnen downloaden en installeren.
Ik voeg hier dan ook mijn logje toe.
Bedankt om het na te kijken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:06:37, on 13/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Jan.TCCA-0002\Application Data\UpdateMoniter\UpdateMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com/?o=15709&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [UpdateMonitor] "C:\Documents and Settings\Jan.TCCA-0002\Application Data\UpdateMoniter\UpdateMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe /p
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jan.TCCA-0002\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Jan.TCCA-0002\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Jan.TCCA-0002\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.chatroulette.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://ccff02.minfin.fgov.be/CCFF_Authentication/views/login/signature/capicom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{648DDE4C-B9E3-4E09-866E-45078BEBC834}: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4772821-17C6-45D0-8BE0-DEEA4487E7BA}: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13593 bytes

Woudje100

13 September 2010, 11:07

Hallo,

Download rkill via één van de onderstaande links naar het bureaublad.

rkill (exe) (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill (com) (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill (scr) (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill (pif) (http://download.bleepingcomputer.com/grinler/rkill.pif)

Dubbelklik op "rkill" om het te starten
Dit kan een beetje tijd in beslag nemen.
Indien er een melding komt dat rkill een infectie is kunt u dit negeren, het is namelijk een vals alarm.
Indien u problemen blijft houden qua meldingen download dan hier (http://download.bleepingcomputer.com/grinler/iExplore.exe) (iExplorer.exe) een hernoemde rkill versie naar uw bureaublad en voer deze uit.
Let op!!! Herstart niet de computer na het gebruik van rkill

Start MalwareBytes' Anti-Malware (MBAM)

Klik op het tabblad "Update" en vervolgens op "Controleer op updates"
Klik op het tabblad "scanner"
Kies de optie "snelle scan" en klik op "scannen"
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Post dit logje met je volgende antwoord.

Woudje100

Magic49

13 September 2010, 23:58

Beste,

Ik heb rkill gedownload en gestart.
Ik kan nog steeds Malwarebytes niet opstarten.
Ook niet na het downmoaden van van de hernoemde versie.

Is er nog iets wat ik kan doen?

Bedankt,

Jan.

Woudje100

14 September 2010, 10:18

Hallo,

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

Woudje100

Magic49

15 September 2010, 23:35

Beste,

Ik heb Combofix gedownload, maar ook dit start niet.
Wat nu?

Groeten,

Jan.

Woudje100

17 September 2010, 14:24

Hallo,

Probeer de volgende tools.
Heb je ComboFix ook in veilige modus geprobeerd?

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) en sla deze op je Bureaublad op.

Rechtsklik TFC.exe 'Uitvoeren als Administrator' om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten. Hoe lang het programma nodig heeft, kan verschillen. Dit kan kan slechts een paar seconden zijn, maar ook 5 minuten. Laat het programma gewoon ongestoord zijn werk doen totdat het klaar is.
Als het programma klaar is, dan zal het je computer opnieuw opstarten. Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) naar je bureaublad.
Klik met je rechtermuisknop op OTL en klik op Als Administrator uitvoeren om het uit te voeren. Zorg ervoor dat alle andere vensters gesloten zijn, en de scan zonder onderbrekingen kan worden voltooid.
Wijzig, als het scherm wordt getoond, onder Output bovenaan, de waarde naar Minimal Output.
Klik nu op de Run Scan knop. Wijzig geen opties, tenzij anders vermeld. De scan zal niet lang duren.

Wanneer de scan is voltooid zullen er twee Kladblok vensters worden geopend. OTListIt.Txt en Extras.Txt. Deze logbestanden worden opgeslagen in dezelfde locatie als OTL.
Kopieer (Edit->Select All, Edit->Copy) de inhoud van deze twee bestanden, een per keer, and plak ze in je volgende bericht. Het kan zijn dat je twee reacties moet plaatsen om de gehele logs te plaatsen.

Woudje100

Magic49

20 September 2010, 08:10

OTL logfile created on: 20/09/2010 7:51:25 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Jan.TCCA-0002\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93,07 Gb Total Space | 3,30 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TCCA-0002
Current User Name: Jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jan.TCCA-0002\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\MioNet\MioNetManager.exe ()
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Documents and Settings\Jan.TCCA-0002\Application Data\UpdateMoniter\UpdateMonitor.exe ()
PRC - C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MioNet\jvm\bin\MioNet.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\drivers\Tray900.exe (Philips)
PRC - C:\WINDOWS\system32\drivers\Phibtn.exe (Philips)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jan.TCCA-0002\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\mscun2er2.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (MioNet) -- C:\Program Files\MioNet\MioNetManager.exe ()
SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (A38CCID) -- C:\WINDOWS\system32\drivers\a38ccid.sys (Advanced Card Systems Ltd.)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (camvid40) -- C:\WINDOWS\system32\drivers\camdrv41.sys (Philips Consumer Electronics)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com/?o=15709&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

[2009/08/20 23:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/27 02:37:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/11 00:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2006/10/11 10:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 10:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 10:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 10:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 10:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/01/23 10:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
[2006/06/07 14:40:18 | 000,027,376 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2006/09/14 11:37:11 | 000,001,897 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2006/07/29 20:29:43 | 000,001,114 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-nl.xml
[2008/09/22 21:23:15 | 000,000,686 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png
[2008/09/22 21:23:15 | 000,000,531 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src
[2006/09/15 19:37:29 | 000,001,119 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2006/09/15 19:37:29 | 000,000,752 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2006/09/11 16:39:33 | 000,000,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2010/08/19 18:56:08 | 000,000,763 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.11 HP001560497641
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\Phibtn.exe (Philips)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\system32\drivers\Tray900.exe (Philips)
O4 - HKLM..\Run: [UpdateMonitor] C:\Documents and Settings\Jan.TCCA-0002\Application Data\UpdateMoniter\UpdateMonitor.exe ()
O4 - HKLM..\Run: [VCheck] File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Snelle start.lnk = C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Jan.TCCA-0002\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Jan.TCCA-0002\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: chatroulette.com ([]http in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://ccff02.minfin.fgov.be/CCFF_Authentication/views/login/signature/capicom.cab (Settings Class)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\progra~1\wi9130~1\datamngr\datamngr.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\BackUp 2009-09-16\Projects\Project 2003-02\Prototype\Type IV\TheraSolve.bmp
O24 - Desktop BackupWallPaper: C:\BackUp 2009-09-16\Projects\Project 2003-02\Prototype\Type IV\TheraSolve.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/19 22:05:54 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\OTL.exe
[2010/09/19 22:05:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\TFC.exe
[2010/09/17 02:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan.TCCA-0002\Application Data\MSNInstaller
[2010/09/15 14:31:05 | 036,405,316 | ---- | C] (Hewlett Packard) -- C:\dj9305du.exe
[2010/09/15 14:10:53 | 000,000,000 | ---D | C] -- C:\dj9300
[2010/09/15 14:10:19 | 007,692,939 | ---- | C] (Hewlett Packard) -- C:\dj9307du.exe
[2010/09/12 23:06:02 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2010/09/12 22:52:19 | 000,000,000 | ---D | C] -- C:\SpyBot
[2010/09/12 22:49:06 | 000,000,000 | ---D | C] -- C:\HijackThis
[2010/09/09 01:08:54 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/09/09 01:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan.TCCA-0002\Application Data\MioNet
[2010/09/09 01:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan.TCCA-0002\Local Settings\Application Data\MioNet
[2010/09/09 01:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\MioNet
[2010/08/25 09:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan.TCCA-0002\Local Settings\Application Data\ArcSoft
[2010/08/25 09:42:41 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2010/08/25 09:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ArcSoft
[2010/08/25 09:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/08/22 13:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/08/22 13:04:42 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/22 13:04:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/22 13:04:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/22 13:04:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/22 13:04:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[10 C:\Documents and Settings\Jan.TCCA-0002\My Documents\*.tmp files -> C:\Documents and Settings\Jan.TCCA-0002\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/20 07:48:33 | 000,017,880 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/09/20 07:48:14 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Acrobat Snelle start.lnk
[2010/09/20 07:47:57 | 000,063,783 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/09/20 07:19:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-2052111302-725345543-1003UA.job
[2010/09/20 03:23:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/20 03:23:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/20 03:21:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\ntuser.ini
[2010/09/20 03:21:10 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\NTUSER.DAT
[2010/09/20 01:19:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-2052111302-725345543-1003Core.job
[2010/09/19 22:23:06 | 002,306,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/19 22:22:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/19 22:06:00 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\OTL.exe
[2010/09/19 22:05:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\TFC.exe
[2010/09/18 16:20:38 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\Google Chrome.lnk
[2010/09/18 16:20:38 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/18 13:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/18 10:30:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/17 14:29:01 | 000,122,920 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/17 14:28:45 | 000,000,392 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/09/17 11:45:11 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/09/15 22:56:47 | 003,845,259 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\ComboFix.exe
[2010/09/15 14:50:22 | 000,319,994 | ---- | M] () -- C:\WINDOWS\hpdj9300.his
[2010/09/15 14:50:22 | 000,014,352 | ---- | M] () -- C:\WINDOWS\hpdj9300.ini
[2010/09/15 14:48:22 | 000,001,353 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010/09/15 14:39:32 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\hptrace.ini
[2010/09/15 14:31:12 | 036,405,316 | ---- | M] (Hewlett Packard) -- C:\dj9305du.exe
[2010/09/15 14:10:19 | 007,692,939 | ---- | M] (Hewlett Packard) -- C:\dj9307du.exe
[2010/09/14 13:46:09 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/13 23:51:52 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\iExplore.exe
[2010/09/13 23:50:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\rkill.exe
[2010/09/13 23:44:18 | 000,363,520 | ---- | M] () -- C:\rkill.exe
[2010/09/12 23:08:39 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 01:01:34 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Start MioNet.lnk
[2010/09/06 23:44:42 | 000,092,147 | ---- | M] () -- C:\kampioenschappen.pdf
[2010/09/02 10:38:24 | 000,109,103 | ---- | M] () -- C:\0012010058513_1.pdf
[2010/09/01 01:04:36 | 003,710,316 | ---- | M] () -- C:\18aug10 onweer 002.jpg
[2010/08/31 01:20:18 | 000,018,431 | ---- | M] () -- C:\BuzzuPass.pdf
[2010/08/25 09:42:34 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Media Impression.lnk
[2010/08/22 13:31:01 | 000,018,044 | ---- | M] () -- C:\Fa292010.pdf
[2010/08/22 13:04:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/22 13:04:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/22 13:04:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/22 13:04:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/22 13:04:11 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/22 00:06:59 | 002,876,164 | ---- | M] () -- C:\Frank De Fever - GVA 21 08 2010.pdf
[10 C:\Documents and Settings\Jan.TCCA-0002\My Documents\*.tmp files -> C:\Documents and Settings\Jan.TCCA-0002\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 22:56:47 | 003,845,259 | ---- | C] () -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\ComboFix.exe
[2010/09/15 14:48:21 | 000,009,838 | ---- | C] () -- C:\WINDOWS\System32\hpipxmui.hlp
[2010/09/15 14:48:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2010/09/15 14:48:04 | 000,000,095 | ---- | C] () -- C:\WINDOWS\hpw9300k.ini
[2010/09/15 14:39:32 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2010/09/15 14:31:44 | 000,319,994 | ---- | C] () -- C:\WINDOWS\hpdj9300.his
[2010/09/15 14:31:44 | 000,014,352 | ---- | C] () -- C:\WINDOWS\hpdj9300.ini
[2010/09/13 23:51:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\iExplore.exe
[2010/09/13 23:50:04 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jan.TCCA-0002\Desktop\rkill.exe
[2010/09/13 23:44:14 | 000,363,520 | ---- | C] () -- C:\rkill.exe
[2010/09/09 01:01:34 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Start MioNet.lnk
[2010/09/06 23:44:42 | 000,092,147 | ---- | C] () -- C:\kampioenschappen.pdf
[2010/09/02 10:38:23 | 000,109,103 | ---- | C] () -- C:\0012010058513_1.pdf
[2010/09/01 01:02:34 | 003,710,316 | ---- | C] () -- C:\18aug10 onweer 002.jpg
[2010/08/31 01:20:18 | 000,018,431 | ---- | C] () -- C:\BuzzuPass.pdf
[2010/08/25 09:42:34 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Media Impression.lnk
[2010/08/22 13:31:01 | 000,018,044 | ---- | C] () -- C:\Fa292010.pdf
[2010/08/22 00:06:58 | 002,876,164 | ---- | C] () -- C:\Frank De Fever - GVA 21 08 2010.pdf
[2010/05/28 19:32:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jan.TCCA-0002\Application Data\avdrn.dat
[2009/12/08 16:31:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2009/12/08 15:50:14 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2009/10/07 16:09:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/24 20:00:27 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2009/09/20 17:59:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Jan.TCCA-0002\Local Settings\Application Data\fusioncache.dat
[2009/09/20 17:43:09 | 000,001,353 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/09/20 17:43:08 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/09/20 16:54:51 | 000,021,666 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/09/19 00:34:01 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2009/09/19 00:34:01 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2009/09/18 23:47:56 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QSLLPSVCShare
[2009/09/18 17:31:22 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/09/18 17:31:22 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/09/18 17:31:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/09/18 17:31:16 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/09/18 17:31:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/09/18 17:18:50 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Jan.TCCA-0002\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 17:32:44 | 000,497,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/03/28 00:57:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\mscac0o0d.dll
[2008/10/29 11:43:26 | 004,202,496 | ---- | C] () -- C:\WINDOWS\System32\qt-mt334.dll
[2008/10/26 07:48:49 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\mscun2er2.dll
[2008/09/25 17:18:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\belpicppgui.dll
[2008/08/28 03:20:55 | 000,009,847 | ---- | C] () -- C:\WINDOWS\System32\mswan0o0e.dll
[2008/07/07 10:48:08 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\eidlibj.dll.manifest
[2008/06/23 12:13:42 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\beidlibjni.dll.manifest
[2007/01/13 21:52:05 | 000,000,669 | ---- | C] () -- C:\Program Files\3D Flash Animator 4.8.html
[2006/12/13 17:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2002/10/07 13:36:22 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\Reputil.dll
[2002/03/21 15:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8927A071
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1
< End of report >

Magic49

20 September 2010, 08:55

OTL Extras logfile created on: 20/09/2010 7:51:25 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Jan.TCCA-0002\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93,07 Gb Total Space | 3,30 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TCCA-0002
Current User Name: Jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)
.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\PPLiveVA\PPLiveVA.exe" = C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- File not found
"C:\Program Files\PPLiveVA\FlvPick.exe" = C:\Program Files\PPLiveVA\FlvPick.exe:*:Enabled:FlvPick -- File not found
"C:\Program Files\PPLiveVA\CrashUpload.exe" = C:\Program Files\PPLiveVA\CrashUpload.exe:*:Enabled:CrashUplo ad -- File not found
"C:\Program Files\PPLiveVA\Download.exe" = C:\Program Files\PPLiveVA\Download.exe:*:Enabled:Download -- File not found
"C:\Program Files\PPLiveVA\DownloadProgress.exe" = C:\Program Files\PPLiveVA\DownloadProgress.exe:*:Enabled:Down loadProgress -- File not found
"C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLiveVA\Application\PPAP.exe" = C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLiveVA\Application\PPAP.exe:*:Enabled:PPAP -- File not found
"C:\Program Files\PPLive\PPVA\PPLiveVA.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- File not found
"C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe" = C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveV A -- File not found
"C:\Program Files\PPLive\PPVA\FlvPick.exe" = C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick -- File not found
"C:\Program Files\PPLive\PPVA\crashreporter.exe" = C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:Cras hUpload -- File not found
"C:\Program Files\PPLive\PPVA\PPVADownload.exe" = C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Downl oad -- File not found
"C:\Program Files\PPLive\PPVA\DownloadProgress.exe" = C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:D ownloadProgress -- File not found
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetMan ager -- ()
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = WD Anywhere Access Powered by MioNet
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824563DE-75AD-4166-9DC0-B6482F205775}" = Belgium e-ID middleware 3.5.2 (build 5775)
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90510413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{9A745078-B1B9-4C01-AEE5-508AD16708E3}" = MPLAB Tools v8.43
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AC76BA86-1030-D700-7760-000000000002}" = Adobe Acrobat 7.0 Professional - Dansk, Nederlands
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{ADED1413-4029-4CB3-92D5-55545BC18898}" = hp deskjet 9300 series
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C896D417-10AD-4AAB-A491-22FD67AC2220}" = ACS CCID PCSC Driver 1.1.6.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"ACS Analyze ATR_is1" = ACSAnalyzeATR v1.0.0.0
"ACS Reader Monitor_is1" = ACSReaderMonitor v1.0.0.1
"Adobe Acrobat 7.0 Professional - Dansk, Nederlands" = Adobe Acrobat 7.0 Professional - Dansk, Nederlands
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"AvantBrowser" = Avant Browser (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485D F8CE.1" = Adobe Media Player
"E3D9A28446F164880F53982F2C8F2D15E31E3987" = Windows Driver Package - ACS (A38CCID) SmartCardReader (08/30/2008 1.1.6.3)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 4.8
"G Scriptor_is1" = Pro-Active G Scriptor
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.47pre4
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{9A745078-B1B9-4C01-AEE5-508AD16708E3}" = MPLAB Tools v8.43
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LeCroy ArbStudio_is1" = LeCroy ArbStudio version 3.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PICC 9.70PL0" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.70PL0
"ProInst" = Intel(R) PROSet/Wireless Software
"Smart Card ToolSet PRO_is1" = Smart Card ToolSet PRO v3.4 ( build 02 from Mar-10-2008 )
"SpringCard SDD4C0_is1" = SpringCard PC/SC QuickStart (SDD4C0)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TcjC90s0v_is1" = All In One
"Tina 7 - Demo" = Tina 7 - Demo
"Totalcmd" = Total Commander (Remove or Repair)
"touchatag_is1" = touchatag 1.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/09/2010 19:09:03 | Computer Name = TCCA-0002 | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live aanmeldhulp -- Er is een onverwachte fout opgetreden
tijdens de installatie van dit pakket. Er is mogelijk een probleem met dit pakket.
De foutcode is: 2753. De schakelopties zijn: SDKCOMPONENTS_PPCRL_WLLOGINPROXY.EXE,
, .

Error - 14/09/2010 7:36:06 | Computer Name = TCCA-0002 | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 15/09/2010 6:47:55 | Computer Name = TCCA-0002 | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a5f7a.

Error - 16/09/2010 3:08:43 | Computer Name = TCCA-0002 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/09/2010 10:00:37 | Computer Name = TCCA-0002 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/09/2010 17:30:56 | Computer Name = TCCA-0002 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/09/2010 20:02:37 | Computer Name = TCCA-0002 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/09/2010 16:23:08 | Computer Name = TCCA-0002 | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a5f7a.

Error - 19/09/2010 16:25:42 | Computer Name = TCCA-0002 | Source = Application Error | ID = 1004
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a5f7a.

Error - 19/09/2010 16:28:05 | Computer Name = TCCA-0002 | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 16/02/2010 15:42:32 | Computer Name = TCCA-0002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37620
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 27/07/2010 12:19:25 | Computer Name = TCCA-0002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 187263
seconds with 1980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/09/2010 21:20:26 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/09/2010 21:20:26 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The GoToMyPC service terminated unexpectedly. It has done this 1
time(s).

Error - 19/09/2010 21:20:26 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 19/09/2010 21:20:26 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The MioNet service terminated unexpectedly. It has done this 1 time(s).

Error - 19/09/2010 21:20:27 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 19/09/2010 21:20:27 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/09/2010 21:20:27 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 19/09/2010 21:20:28 | Computer Name = TCCA-0002 | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/09/2010 21:23:35 | Computer Name = TCCA-0002 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 19/09/2010 21:23:35 | Computer Name = TCCA-0002 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

< End of report >

Woudje100

20 September 2010, 10:35

Hallo,

Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar de huidige (oude) versie van HijackThis.

Download HijackThis Install (http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi) naar je bureaublad.
Dubbelklik op HijackThisInstaller.exe om de installatie te starten.

Start HijackThis op. Klik op "Do a system scan only". Selecteer, indien aanwezig, het volgende:

O17 - HKLM\System\CCS\Services\Tcpip\..\{648DDE4C-B9E3-4E09-866E-45078BEBC834}: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4772821-17C6-45D0-8BE0-DEEA4487E7BA}: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233

Klik op "Fix checked" en sluit HijackThis

Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "Rechtermuisknop uitvoeren als", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)

Ga naar de site van de ESET Online Scanner (http://www.eset.com/onlinescan/)

Klik op de knop ESET Online Scanner
Zet een vinkje bij YES, I accept the Terms of Use
Klik op Start
Sta het ActiveX control toe om te installeren.
Klik op "Advanced settings"
Zet een vinkje bij de volgende opties:

Remove found threats
Scan archives
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Klik op Start
De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
Je mag het venster sluiten wanneer de scan klaar is.
Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt
Kopieer en plak de inhoud van dit logje in je volgende bericht.

Woudje100