Ga naar inhoud

Twee p.c.'s die zijn gehackt (ik maak er bijna gehakt van)


Wati

Aanbevolen berichten

Graag uw hulp bij het volgende.

Een week of zes geleden kwam ik tot de ontdekking dat mijn pc is gehackt. Het spontaan bewegen van de cursor, beeindigen van programma's en meer van dat soort plagerijen kwamen steeds vaker voor. Met mijn gebrekkige kennis van de pc ben ik tevergeefs nu al wekenlang aan het tobben om het e.e.a. weer in orde te krijgen. Tot overmaat van ramp is er ook nog een tweede (geleende) pc door deze "lolbroeken" overgenomen. Onlangs kwam ik tot de ontdekking dat beide pc's op afstand (remote) bestuurd kunnen worden zonder dat ik een internetverbinding heb gemaakt. Hieronder aanvullende info die u wellicht meer inzage in de problemen geeft.

2010/07/22 02:13:53 ===========================================

2010/07/22 02:13:53 HCUPDATE Log started

2010/07/22 02:13:53 ===========================================

2010/07/22 02:13:53

2010/07/22 02:13:53 Imported package C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\TSHOOT.CAB into package store

2010/07/22 02:13:53

2010/07/22 02:13:54 0 - Extracted package_description.xml from help package

2010/07/22 02:13:54 0 - Recreating index for scope '<SYSTEM>'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Briefcase'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Control_Panel'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Home_or_small_office_networking'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Network_Connections'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Printers_and_Faxes'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Recycle_Bin'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Scanners_and_Cameras'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:13:55 0 - Recreating index for scope 'Search'

2010/07/22 02:13:55 0 - Successfully merged index

2010/07/22 02:14:01

2010/07/22 02:14:01 Processing package MS_RemoteAssistance [1.0.1.0] (Vendor: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US) from package store, Personal_32/1043

2010/07/22 02:14:01

2010/07/22 02:14:01 0 - Update package has OEM credentials of CN=Microsoft Corporation,L=Redmond,S=Washington,C=US

2010/07/22 02:14:01 0 - Extracted package_description.xml from help package

2010/07/22 02:14:01 0 - Extracted rcBuddy.xml from help package

2010/07/22 02:14:01 0 - Processing SAF file : ADD : rcBuddy.xml. OwnerName : Microsoft Corporation, Owner ID : CN=Microsoft Corporation,L=Redmond,S=Washington,C=US

2010/07/22 02:14:01 0 - SAF file registered

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\confirm.htm

2010/07/22 02:14:01 0 - Extracted confirm.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\rcstatus.htm

2010/07/22 02:14:01 0 - Extracted rcstatus.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\rcscreen1.htm

2010/07/22 02:14:01 0 - Extracted rcscreen1.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\rcscreen2.htm

2010/07/22 02:14:01 0 - Extracted rcscreen2.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\rcscreen3.htm

2010/07/22 02:14:01 0 - Extracted rcscreen3.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\rcConnection.htm

2010/07/22 02:14:01 0 - Extracted rcConnection.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\Remote_Assistance_Graphic.png

2010/07/22 02:14:01 0 - Extracted Remote_Assistance_Graphic.png from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\monitor_left.gif

2010/07/22 02:14:01 0 - Extracted monitor_left.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\monitor_right.gif

2010/07/22 02:14:01 0 - Extracted monitor_right.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\address_book.gif

2010/07/22 02:14:01 0 - Extracted address_book.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\attention.gif

2010/07/22 02:14:01 0 - Extracted attention.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\arrow.gif

2010/07/22 02:14:01 0 - Extracted arrow.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\buddy.gif

2010/07/22 02:14:01 0 - Extracted buddy.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\buddy_attention.gif

2010/07/22 02:14:01 0 - Extracted buddy_attention.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\logon_anim.gif

2010/07/22 02:14:01 0 - Extracted logon_anim.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\buddy_away.gif

2010/07/22 02:14:01 0 - Extracted buddy_away.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\buddy_busy.gif

2010/07/22 02:14:01 0 - Extracted buddy_busy.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\buddy_none.gif

2010/07/22 02:14:01 0 - Extracted buddy_none.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\buddy_offline.gif

2010/07/22 02:14:01 0 - Extracted buddy_offline.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\generic_mail.gif

2010/07/22 02:14:01 0 - Extracted generic_mail.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\info.gif

2010/07/22 02:14:01 0 - Extracted info.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\messenger_big.gif

2010/07/22 02:14:01 0 - Extracted messenger_big.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\square_bullet.gif

2010/07/22 02:14:01 0 - Extracted square_bullet.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\outlook.gif

2010/07/22 02:14:01 0 - Extracted outlook.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\outlook_express.gif

2010/07/22 02:14:01 0 - Extracted outlook_express.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\Envelope.gif

2010/07/22 02:14:01 0 - Extracted Envelope.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\floppy.gif

2010/07/22 02:14:01 0 - Extracted floppy.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\IM_icon.gif

2010/07/22 02:14:01 0 - Extracted IM_icon.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Common\icon_extweb.gif

2010/07/22 02:14:01 0 - Extracted icon_extweb.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreen4.htm

2010/07/22 02:14:01 0 - Extracted rcscreen4.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreen5.htm

2010/07/22 02:14:01 0 - Extracted rcscreen5.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreen6.htm

2010/07/22 02:14:01 0 - Extracted rcscreen6.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\ShieldsUpMsg.htm

2010/07/22 02:14:01 0 - Extracted ShieldsUpMsg.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreen6_head.htm

2010/07/22 02:14:01 0 - Extracted rcscreen6_head.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcInviteStatus.htm

2010/07/22 02:14:01 0 - Extracted rcInviteStatus.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreen7.htm

2010/07/22 02:14:01 0 - Extracted rcscreen7.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreen8.htm

2010/07/22 02:14:01 0 - Extracted rcscreen8.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreen9.htm

2010/07/22 02:14:01 0 - Extracted rcscreen9.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcDetails.htm

2010/07/22 02:14:01 0 - Extracted rcDetails.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\check.gif

2010/07/22 02:14:01 0 - Extracted check.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\help.gif

2010/07/22 02:14:01 0 - Extracted help.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\rcscreenshot3.gif

2010/07/22 02:14:01 0 - Extracted rcscreenshot3.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Email\escalationhelp.htm

2010/07/22 02:14:01 0 - Extracted escalationhelp.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm

2010/07/22 02:14:01 0 - Extracted UnSolicitedRCUI.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Css\rcbuddy.css

2010/07/22 02:14:01 0 - Extracted rcbuddy.css from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Css\rc.css

2010/07/22 02:14:01 0 - Extracted rc.css from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Css\RAChat.css

2010/07/22 02:14:01 0 - Extracted RAChat.css from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\common.js

2010/07/22 02:14:01 0 - Extracted common.js from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\constants.js

2010/07/22 02:14:01 0 - Extracted constants.js from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\RAHelp.htm

2010/07/22 02:14:01 0 - Extracted RAHelp.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\RCMoreInfo.htm

2010/07/22 02:14:01 0 - Extracted RCMoreInfo.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\ConnIssue.htm

2010/07/22 02:14:01 0 - Extracted ConnIssue.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\LearnInternet.htm

2010/07/22 02:14:01 0 - Extracted LearnInternet.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\icon_warning_32x.gif

2010/07/22 02:14:01 0 - Extracted icon_warning_32x.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Common\icon_information_32x.gif

2010/07/22 02:14:01 0 - Extracted icon_information_32x.gif from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\RAClientLayout.xml

2010/07/22 02:14:01 0 - Extracted RAClientLayout.xml from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\RAURA.xml

2010/07/22 02:14:01 0 - Extracted RAURA.xml from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\RAIMLayout.xml

2010/07/22 02:14:01 0 - Extracted RAIMLayout.xml from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\RAHelpeeAcceptLayout.xml

2010/07/22 02:14:01 0 - Extracted RAHelpeeAcceptLayout.xml from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\rcBuddy.htm

2010/07/22 02:14:01 0 - Extracted rcBuddy.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\RAStartPage.htm

2010/07/22 02:14:01 0 - Extracted RAStartPage.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\ding.wav

2010/07/22 02:14:01 0 - Extracted ding.wav from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\helpeeaccept.htm

2010/07/22 02:14:01 0 - Extracted helpeeaccept.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Interaction\Client\rctoolScreen1.htm

2010/07/22 02:14:01 0 - Extracted rctoolScreen1.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Interaction\Client\rcscreen6_head.htm

2010/07/22 02:14:01 0 - Extracted rcscreen6_head.htm from help package

2010/07/22 02:14:01 0 - Installing file : ADD : Remote Assistance\Interaction\Client\RAClient.htm

2010/07/22 02:14:02 0 - Extracted RAClient.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\setting.htm

2010/07/22 02:14:02 0 - Extracted Setting.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\RAToolBar.htm

2010/07/22 02:14:02 0 - Extracted RAToolBar.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\RAToolBar.xml

2010/07/22 02:14:02 0 - Extracted RAToolBar.xml from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\RAStatusBar.htm

2010/07/22 02:14:02 0 - Extracted RAStatusBar.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\RAChatClient.htm

2010/07/22 02:14:02 0 - Extracted RAChatClient.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\DividerBar.htm

2010/07/22 02:14:02 0 - Extracted DividerBar.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\RAClient.js

2010/07/22 02:14:02 0 - Extracted RAClient.js from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\DownArrow.gif

2010/07/22 02:14:02 0 - Extracted DownArrow.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\UpArrow.gif

2010/07/22 02:14:02 0 - Extracted UpArrow.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\TakeControl.gif

2010/07/22 02:14:02 0 - Extracted TakeControl.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\TakeControl.bmp

2010/07/22 02:14:02 0 - Extracted TakeControl.bmp from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\Animation.gif

2010/07/22 02:14:02 0 - Extracted Animation.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\connected.gif

2010/07/22 02:14:02 0 - Extracted connected.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\combobox_line.gif

2010/07/22 02:14:02 0 - Extracted combobox_line.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Client\DividerBar.gif

2010/07/22 02:14:02 0 - Extracted DividerBar.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\RAServer.htm

2010/07/22 02:14:02 0 - Extracted RAServer.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\RAChatServer.htm

2010/07/22 02:14:02 0 - Extracted RAChatServer.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\RAServerToolBar.htm

2010/07/22 02:14:02 0 - Extracted RAServerToolBar.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\DividerBar1.htm

2010/07/22 02:14:02 0 - Extracted DividerBar1.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\DividerBar2.htm

2010/07/22 02:14:02 0 - Extracted DividerBar2.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\SettingServer.htm

2010/07/22 02:14:02 0 - Extracted SettingServer.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\TakeControlMsgs.htm

2010/07/22 02:14:02 0 - Extracted TakeControlMsgs.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\RAServer.js

2010/07/22 02:14:02 0 - Extracted RAServer.js from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\StopControl.gif

2010/07/22 02:14:02 0 - Extracted StopControl.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\StopControl.bmp

2010/07/22 02:14:02 0 - Extracted StopControl.bmp from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\Helpee_line.gif

2010/07/22 02:14:02 0 - Extracted Helpee_line.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Server\ESC_key.gif

2010/07/22 02:14:02 0 - Extracted ESC_key.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\RCFileXfer.htm

2010/07/22 02:14:02 0 - Extracted RCFileXfer.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\RAControl.js

2010/07/22 02:14:02 0 - Extracted RAControl.js from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\ErrorMsgs.htm

2010/07/22 02:14:02 0 - Extracted ErrorMsgs.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\VOIPMsgs.htm

2010/07/22 02:14:02 0 - Extracted VOIPMsgs.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\hide-chat.gif

2010/07/22 02:14:02 0 - Extracted hide-chat.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\show-chat.gif

2010/07/22 02:14:02 0 - Extracted show-chat.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\Options.gif

2010/07/22 02:14:02 0 - Extracted Options.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\Options.bmp

2010/07/22 02:14:02 0 - Extracted Options.bmp from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\Quit.gif

2010/07/22 02:14:02 0 - Extracted Quit.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\Quit.bmp

2010/07/22 02:14:02 0 - Extracted Quit.bmp from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\SendChat.gif

2010/07/22 02:14:02 0 - Extracted SendChat.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\SendFile.gif

2010/07/22 02:14:02 0 - Extracted SendFile.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\SendFile.bmp

2010/07/22 02:14:02 0 - Extracted SendFile.bmp from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\SendVoice.gif

2010/07/22 02:14:02 0 - Extracted SendVoice.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\SendVoice.bmp

2010/07/22 02:14:02 0 - Extracted SendVoice.bmp from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\SendVoiceOn.gif

2010/07/22 02:14:02 0 - Extracted SendVoiceOn.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\HelpCenter.gif

2010/07/22 02:14:02 0 - Extracted HelpCenter.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\HelpCenter.bmp

2010/07/22 02:14:02 0 - Extracted HelpCenter.bmp from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Css\rcbuddy.css

2010/07/22 02:14:02 0 - Extracted rcbuddy.css from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Css\rc.css

2010/07/22 02:14:02 0 - Extracted rc.css from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Css\RAChat.css

2010/07/22 02:14:02 0 - Extracted RAChat.css from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\common.js

2010/07/22 02:14:02 0 - Extracted common.js from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\constants.js

2010/07/22 02:14:02 0 - Extracted constants.js from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\RAHelp.htm

2010/07/22 02:14:02 0 - Extracted RAHelp.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\RCMoreInfo.htm

2010/07/22 02:14:02 0 - Extracted RCMoreInfo.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\ConnIssue.htm

2010/07/22 02:14:02 0 - Extracted ConnIssue.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\LearnInternet.htm

2010/07/22 02:14:02 0 - Extracted LearnInternet.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\voicefirewallmsg.htm

2010/07/22 02:14:02 0 - Extracted voicefirewallmsg.htm from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\icon_warning_32x.gif

2010/07/22 02:14:02 0 - Extracted icon_warning_32x.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Common\icon_information_32x.gif

2010/07/22 02:14:02 0 - Extracted icon_information_32x.gif from help package

2010/07/22 02:14:02 0 - Installing file : ADD : Remote Assistance\Interaction\Common\info.gif

2010/07/22 02:14:02 0 - Extracted info.gif from help package

2010/07/22 02:14:02 0 - Registering trusted content : ADD : hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance

2010/07/22 02:14:02 0 - Registering trusted content : ADD : hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Communities

2010/07/22 02:14:02 0 - No headlines items found

2010/07/22 02:14:02

2010/07/22 02:14:02 Processing package PSS Online Assisted Support [01.01.01.21] (Vendor: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US) from package store, Personal_32/1043

2010/07/22 02:14:02

2010/07/22 02:14:02 0 - Update package has OEM credentials of CN=Microsoft Corporation,L=Redmond,S=Washington,C=US

2010/07/22 02:14:02 0 - Extracted package_description.xml from help package

2010/07/22 02:14:02 0 - Adding Search Engine : Name : D23D0028-A543-4767-B4AA-1581D8E1CDB2, CLSID : {833E4016-AFF7-4AC3-AAC2-9F24C1457BCE}

2010/07/22 02:14:03 0 - Extracted pss.xml from help package

2010/07/22 02:14:03 0 - Processing SAF file : ADD : pss.xml. OwnerName : Microsoft Corporation, Owner ID : CN=Microsoft Corporation,L=Redmond,S=Washington,C=US

2010/07/22 02:14:03 0 - SAF file registered

2010/07/22 02:14:03 0 - Installing file : ADD : pssmachinesnapshot.xml

2010/07/22 02:14:03 0 - Extracted pssmachinesnapshot.xml from help package

2010/07/22 02:14:03 0 - Installing file : ADD : pssmachinesnapshot-less.xml

2010/07/22 02:14:03 0 - Extracted pssmachinesnapshot-less.xml from help package

2010/07/22 02:14:03 0 - Installing file : ADD : pssmachinesnapshot-wo-com.xml

2010/07/22 02:14:03 0 - Extracted pssmachinesnapshot-wo-com.xml from help package

2010/07/22 02:14:03 0 - Installing file : ADD : OfflineOptions.htm

2010/07/22 02:14:03 0 - Extracted OfflineOptions.htm from help package

2010/07/22 02:14:03 0 - Installing file : ADD : OfflineDC.htm

2010/07/22 02:14:03 0 - Extracted OfflineDC.htm from help package

2010/07/22 02:14:03 0 - Installing file : ADD : Connection.htm

2010/07/22 02:14:03 0 - Extracted Connection.htm from help package

2010/07/22 02:14:03 0 - Installing file : ADD : pss_getting_worldwide_help.htm

2010/07/22 02:14:03 0 - Extracted pss_getting_worldwide_help.htm from help package

2010/07/22 02:14:03 0 - Installing file : ADD : spacer.gif

2010/07/22 02:14:03 0 - Extracted spacer.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : r3_c2.gif

2010/07/22 02:14:03 0 - Extracted r3_c2.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : r1_c3.gif

2010/07/22 02:14:03 0 - Extracted r1_c3.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : r1_c2.gif

2010/07/22 02:14:03 0 - Extracted r1_c2.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : r1_c1.gif

2010/07/22 02:14:03 0 - Extracted r1_c1.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : Info_Icon.gif

2010/07/22 02:14:03 0 - Extracted Info_Icon.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : GRect.gif

2010/07/22 02:14:03 0 - Extracted GRect.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : GArrow.gif

2010/07/22 02:14:03 0 - Extracted GArrow.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : status_ok.gif

2010/07/22 02:14:03 0 - Extracted status_ok.gif from help package

2010/07/22 02:14:03 0 - Installing file : ADD : PSS.css

2010/07/22 02:14:03 0 - Extracted PSS.css from help package

2010/07/22 02:14:03 0 - Registering trusted content : ADD : hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://assisted.support.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://assistedsupport.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://assistedsupport.one.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : Search Microsoft.com

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://members.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://premier.members.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://premier.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://pssra.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://ra.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://secure.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : Microsoft Support Services

2010/07/22 02:14:03 0 - Registering trusted content : ADD : Microsoft Support

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://webresponse.ectest.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://webresponse.one.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://webservices.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://wrsup.ectest.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : http://wrsup.one.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : Microsoft Corporation

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://assisted.support.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://assistedsupport.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://assistedsupport.one.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://members.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://premier.members.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://premier.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://pssra.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://ra.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://secure.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://services.support.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://webresponse.ectest.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://webresponse.one.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://webservices.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://wrsup.ectest.microsoft.com/

2010/07/22 02:14:03 0 - Registering trusted content : ADD : https://wrsup.one.microsoft.com/

2010/07/22 02:14:03 0 - No headlines items found

2010/07/22 02:14:03

2010/07/22 02:14:03 Processing package MS_Newsgroups [1.0.0.0] (Vendor: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US) from package store, Personal_32/1043

2010/07/22 02:14:03

2010/07/22 02:14:03 0 - Update package has OEM credentials of CN=Microsoft Corporation,L=Redmond,S=Washington,C=US

2010/07/22 02:14:03 0 - Extracted package_description.xml from help package

2010/07/22 02:14:03 0 - Extracted windows_newsgroups.xml from help package

2010/07/22 02:14:03 0 - Processing SAF file : ADD : windows_newsgroups.xml. OwnerName : Microsoft Corporation, Owner ID : CN=Microsoft Corporation,L=Redmond,S=Washington,C=US

2010/07/22 02:14:03 0 - SAF file registered

2010/07/22 02:14:03 0 - No headlines items found

2010/07/22 02:14:03

2010/07/22 02:14:03 Processing package TSHOOT [4.90.2.2445] (Vendor: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US) from package store, Personal_32/1043

2010/07/22 02:14:03

2010/07/22 02:14:03 0 - Update package has OEM credentials of CN=Microsoft Corporation,L=Redmond,S=Washington,C=US

2010/07/22 02:14:03 0 - Extracted package_description.xml from help package

2010/07/22 02:14:03 0 - Registering trusted content : ADD : hcp://help/tshoot

2010/07/22 02:14:03 0 - Registering trusted content : ADD : ms-its:%HELP_LOCATION%\tshoot.chm::/

2010/07/22 02:14:03 0 - No headlines items found

2010/07/22 02:14:03 ===========================================

2010/07/22 02:14:03 HCUPDATE Log ended

2010/07/22 02:14:03 ===========================================

"Silent Runners.vbs", revision 60, Silent Runners - Adware? Disinfect, don't reformat!

Operating System: Windows XP SP3

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" ["Hewlett-Packard Development Company, L.P."]

"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"

"(Default)" = "(empty string)" [file not found]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"Synchronization Manager" = "C:\WINDOWS\system32\mobsync.exe /logon"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Symantec NCO BHO"

-> {HKLM...CLSID} = "Symantec NCO BHO"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll" ["Symantec Corporation"]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention"

-> {HKLM...CLSID} = "Symantec Intrusion Prevention"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\IPSBHO.DLL" ["Symantec Corporation"]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

OverlayExcluded\(Default) = "{4433A54A-1AC8-432F-90FC-85F045CF383C}"

-> {HKLM...CLSID} = "OverlayExcluded Class"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\buShell.dll" ["Symantec Corporation"]

OverlayPending\(Default) = "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"

-> {HKLM...CLSID} = "OverlayPending Class"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\buShell.dll" ["Symantec Corporation"]

OverlayProtected\(Default) = "{476D0EA3-80F9-48B5-B70B-05E677C9C148}"

-> {HKLM...CLSID} = "OverlayProtected Class"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\buShell.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning"

-> {HKLM...CLSID} = "Configuratiescherm-uitbreiding Beeldscherm-panning"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

BUContextMenu\(Default) = "{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}"

-> {HKLM...CLSID} = "BUContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\buShell.dll" ["Symantec Corporation"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = ""C:\Program Files\Norton 360\Engine\4.2.0.12\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

BuPropertySheet\(Default) = "{B59987EA-25FE-44B4-8802-E4DE67073D8C}"

-> {HKLM...CLSID} = "BuPropertySheet Class"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\buShell.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

00nView\(Default) = "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"]

NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

BUContextMenu\(Default) = "{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}"

-> {HKLM...CLSID} = "BUContextMenu Class"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\buShell.dll" ["Symantec Corporation"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = ""C:\Program Files\Norton 360\Engine\4.2.0.12\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoCrashDetection" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

"EnableVirtualization" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Ierland.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Ierland.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

PDirDVArrival\

"Provider" = "PowerDirector"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\CyberLink\PowerDirector\PDR8.exe" /DV"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

VLCPlayCDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.CDAudio"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]

VLCPlayDVDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.OPENFolder"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlayDVDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.DVDMovie"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]

VLCPlayMusicFilesOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.OPENFolder"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlaySVCDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.SVCDMovie"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVCDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.VCDMovie"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVideoFilesOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.OPENFolder"

"InvokeVerb" = "Open"

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

Enabled Scheduled Tasks:

------------------------

"User_Feed_Synchronization-{4305A644-F159-4AC9-BDD2-068F452969D2}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"

-> {HKLM...CLSID} = "Norton Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" = "Norton Toolbar"

-> {HKLM...CLSID} = "Norton Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]

Dot3svc, Dot3svc, "C:\WINDOWS\System32\svchost.exe -k dot3svc" {"C:\WINDOWS\System32\dot3svc.dll" [MS]}

Extensible Authentication Protocol-service, EapHost, "C:\WINDOWS\System32\svchost.exe -k eapsvcs" {"C:\WINDOWS\System32\eapsvc.dll" [MS]}

hpqwmiex, hpqwmiex, ""C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"" ["Hewlett-Packard Development Company, L.P."]

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]

napagent, napagent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\qagentrt.dll" [MS]}

Norton 360, N360, ""C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\4.2.0.12\diMaster.dll" /prefetch:1" ["Symantec Corporation"]

---------- (launch time: 2010-06-29 20:19:05)

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 46 seconds, including 23 seconds for message boxes)

Ik hoop dat het bovenstaande een beetje relevant is.

Met vriendelijke groeten en bij voorbaat dank,

Wati "Gates"

Link naar reactie
Delen op andere sites

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

HijackThis zal openen na het installeren.

Klik op "Do a systemscan and save a logfile".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

N.B. : gebruikers van Windows Vista en Windows 7 zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".

Wel slechts 1 PC doen.

Voor de tweede PC kan je beter een nieuwe topic maken.

Link naar reactie
Delen op andere sites

Fijn om al zo snel reactie op mijn schrijven te hebben mogen ontvangen.

Korte toelichting: Om het logje te kunnen maken heb ik XP weer eens opnieuw geinstalleerd. Misschien is het nu al zichtbaar wat er mis is met mijn pc('s)...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:16:19, on 23-7-2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\CTFMON.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--

End of file - 1739 bytes

De programa's die ik normaal altijd gebruik (zoals AV) zijn nu nog niet geinstalleerd.

Met vriendelijke groet,

Wati

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.