Ga naar inhoud

spam


Dummy

Aanbevolen berichten

Kape,

Hierbij de log

ComboFix 13-03-31.01 - francois 31/03/2013 13:53:10.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1022.132 [GMT 2:00]

Gestart vanuit: c:\users\francois\Downloads\ComboFix.exe

AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578}

FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}

SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\uninstall.dat

c:\windows\_detmp.2

c:\windows\animbigN.bmp

c:\windows\animsmalN.bmp

c:\windows\IsUn0413.exe

c:\windows\system32\rnaph.dll

c:\windows\system32\SETE55C.tmp

c:\windows\system32\spool\prtprocs\w32x86\1_CNMPD8R.DLL

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\unin0413.exe

D:\setup.exe

.

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-28 to 2013-03-31 ))))))))))))))))))))))))))))))

.

.

2013-03-29 09:12 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC366E34-B6E9-46E1-A9FC-C7DBB6C5532B}\mpengine.dll

2013-03-20 20:00 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-10 16:07 . 2013-03-10 16:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-03 23:47 . 2013-03-03 23:47 -------- d-----w- c:\program files\Common Files\Skype

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-23 09:37 . 2012-05-14 14:27 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-23 09:37 . 2011-07-09 06:51 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-21 17:06 . 2010-02-17 13:33 54624 ----a-w- c:\windows\system32\BGLsp.dll

2013-03-21 17:06 . 2010-01-11 09:30 108968 ----a-w- c:\windows\system32\BgGamingMonitor.dll

2013-03-21 17:06 . 2009-12-04 09:59 64624 ----a-w- c:\windows\system32\drivers\BdSpy.sys

2013-03-10 16:06 . 2012-06-14 14:22 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-10 16:06 . 2010-08-08 12:21 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-02 07:12 . 2009-12-04 10:00 33888 ----a-r- c:\windows\system32\drivers\afw.sys

2013-03-02 07:12 . 2012-02-29 16:19 343456 ----a-w- c:\windows\system32\drivers\Trufos.sys

2013-03-02 07:12 . 2009-12-04 10:00 337504 ----a-r- c:\windows\system32\drivers\afwcore.sys

2013-01-17 00:28 . 2009-10-03 08:15 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-05 05:26 . 2013-02-13 07:20 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:26 . 2013-02-13 07:20 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 11:28 . 2013-02-13 07:20 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 01:38 . 2013-02-13 07:20 2048512 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-07-26 353736]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]

"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2007-02-13 94212]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"BullGuard"="c:\program files\bullguard ltd\bullguard\BullGuard.exe" [2013-03-21 837984]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2013-03-21 1879904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-992474526-248551049-2733349607-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

BullGuard_Main REG_MULTI_SZ BsMain

BullGuard REG_MULTI_SZ BsFileScan BsFire

BullGuard_LowPriv REG_MULTI_SZ BsBrowser

hpdevmgmt REG_MULTI_SZ hpqcxs08

BullGuard_Backup REG_MULTI_SZ BsBackup

BullGuard_Proxy REG_MULTI_SZ BsMailProxy

.

Inhoud van de 'Gedeelde Taken' map

.

2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 09:37]

.

2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 11:33]

.

2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 11:33]

.

2013-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000Core.job

- c:\users\francois\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 16:34]

.

2013-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000UA.job

- c:\users\francois\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 16:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://www.telenet.be

mWindow Title = Telenet Internet

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\BGLsp.dll

Trusted Zone: kapaza.be\www

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-03-31 14:25

Windows 6.0.6002 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwOpenFile

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(156)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

c:\windows\System32\LEXBCES.EXE

c:\windows\System32\LEXPPS.EXE

c:\windows\system32\conime.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\System32\rundll32.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\System32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\IncrediMail\bin\IMApp.exe

c:\windows\System32\wsqmcons.exe

c:\windows\system32\sdclt.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Voltooingstijd: 2013-03-31 14:33:13 - machine werd herstart

ComboFix-quarantined-files.txt 2013-03-31 12:33

.

Pre-Run: 199.963.607.040 bytes beschikbaar

Post-Run: 200.718.774.272 bytes beschikbaar

.

- - End Of File - - 3448E8D7885D0A459B0B25E1B310A3B4

Link naar reactie
Delen op andere sites

  • Reacties 24
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Logje

ComboFix 13-03-31.01 - francois 31/03/2013 13:53:10.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1022.132 [GMT 2:00]

Gestart vanuit: c:\users\francois\Downloads\ComboFix.exe

AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578}

FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}

SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\uninstall.dat

c:\windows\_detmp.2

c:\windows\animbigN.bmp

c:\windows\animsmalN.bmp

c:\windows\IsUn0413.exe

c:\windows\system32\rnaph.dll

c:\windows\system32\SETE55C.tmp

c:\windows\system32\spool\prtprocs\w32x86\1_CNMPD8R.DLL

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\unin0413.exe

D:\setup.exe

.

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-28 to 2013-03-31 ))))))))))))))))))))))))))))))

.

.

2013-03-29 09:12 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC366E34-B6E9-46E1-A9FC-C7DBB6C5532B}\mpengine.dll

2013-03-20 20:00 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-10 16:07 . 2013-03-10 16:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-03 23:47 . 2013-03-03 23:47 -------- d-----w- c:\program files\Common Files\Skype

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-23 09:37 . 2012-05-14 14:27 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-23 09:37 . 2011-07-09 06:51 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-21 17:06 . 2010-02-17 13:33 54624 ----a-w- c:\windows\system32\BGLsp.dll

2013-03-21 17:06 . 2010-01-11 09:30 108968 ----a-w- c:\windows\system32\BgGamingMonitor.dll

2013-03-21 17:06 . 2009-12-04 09:59 64624 ----a-w- c:\windows\system32\drivers\BdSpy.sys

2013-03-10 16:06 . 2012-06-14 14:22 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-10 16:06 . 2010-08-08 12:21 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-02 07:12 . 2009-12-04 10:00 33888 ----a-r- c:\windows\system32\drivers\afw.sys

2013-03-02 07:12 . 2012-02-29 16:19 343456 ----a-w- c:\windows\system32\drivers\Trufos.sys

2013-03-02 07:12 . 2009-12-04 10:00 337504 ----a-r- c:\windows\system32\drivers\afwcore.sys

2013-01-17 00:28 . 2009-10-03 08:15 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-05 05:26 . 2013-02-13 07:20 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:26 . 2013-02-13 07:20 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 11:28 . 2013-02-13 07:20 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 01:38 . 2013-02-13 07:20 2048512 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-07-26 353736]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-06-02 6123032]

"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-17 1975296]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2007-02-13 94212]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"BullGuard"="c:\program files\bullguard ltd\bullguard\BullGuard.exe" [2013-03-21 837984]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2013-03-21 1879904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-992474526-248551049-2733349607-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

BullGuard_Main REG_MULTI_SZ BsMain

BullGuard REG_MULTI_SZ BsFileScan BsFire

BullGuard_LowPriv REG_MULTI_SZ BsBrowser

hpdevmgmt REG_MULTI_SZ hpqcxs08

BullGuard_Backup REG_MULTI_SZ BsBackup

BullGuard_Proxy REG_MULTI_SZ BsMailProxy

.

Inhoud van de 'Gedeelde Taken' map

.

2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 09:37]

.

2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 11:33]

.

2013-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 11:33]

.

2013-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000Core.job

- c:\users\francois\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 16:34]

.

2013-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000UA.job

- c:\users\francois\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 16:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://www.telenet.be

mWindow Title = Telenet Internet

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\BGLsp.dll

Trusted Zone: kapaza.be\www

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-03-31 14:25

Windows 6.0.6002 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwOpenFile

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(156)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

c:\windows\System32\LEXBCES.EXE

c:\windows\System32\LEXPPS.EXE

c:\windows\system32\conime.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\System32\rundll32.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\System32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\IncrediMail\bin\IMApp.exe

c:\windows\System32\wsqmcons.exe

c:\windows\system32\sdclt.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Voltooingstijd: 2013-03-31 14:33:13 - machine werd herstart

ComboFix-quarantined-files.txt 2013-03-31 12:33

.

Pre-Run: 199.963.607.040 bytes beschikbaar

Post-Run: 200.718.774.272 bytes beschikbaar

.

- - End Of File - - 3448E8D7885D0A459B0B25E1B310A3B4

Link naar reactie
Delen op andere sites

Kape,

Nog altijd de SPAM bij het openen van GOOGLE. Weet je of het mogelijk is om incredimail te contacteren om met deze spam te stoppen? Ik kan toch niet de enige zijn die dit probleem heeft . Ik gebruik dit mailprogramma graag en zou het jammer vinden om het te verwijderen.

Groeten; Dummy

Link naar reactie
Delen op andere sites

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

 
startupall; 
filesrcm; 

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.

    • Running processes
    • Installed Programs
    • HijackThis Log
    • Firefox Look
    • Chrome Look
    • Silent Runners
    • Firefox Defaults
    • Reset Chrome
    • Empty Temp Folders
    • Shortcut Fix
    • IE Defaults
    • Reset Hosts
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

aangepast door kape
Link naar reactie
Delen op andere sites

Logje

Zoek.exe Version 4.0.0.2 Updated 31-03-2013

Tool run by francois on ma 01/04/2013 at 14:47:46,07.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\SvcHost.exe -k BullGuard_Main

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\LEXBCES.EXE

C:\Windows\System32\LEXPPS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\SvcHost.exe -k BullGuard_Backup

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

C:\Windows\System32\SvcHost.exe -k BullGuard

C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\conime.exe

C:\Windows\system32\mspaint.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVMTGBXD\zoek.exe

C:\Windows\system32\wbem\wmiprvse.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-992474526-248551049-2733349607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6945BC5E-7860-4D49-A374-9898876739DD} deleted successfully

HKEY_USERS\S-1-5-21-992474526-248551049-2733349607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4 - Nederlands

Adobe Shockwave Player 11

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assistant 5.05.013

Belgium e-ID middleware 3.5.1 (build 5075)

BitLord v2.0

Bonjour

BufferChm

BullGuard 9.0

CCleaner

Cherry Smart Device Package V1.8 Build 1

D3DX10

Destinations

DocProc

DYMO ILP219

EaseUS Data Recovery Wizard Free Edition 5.5.1

FUJIFILM FinePixViewer S Ver.2.1

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Product Detection

HP Scanjet G3110

HP Solution Center 13.0

HP Update

hpg3110

HPPhotosmartEssential

HPProductAssistant

IncrediMail

IncrediMail 2.0

iTunes

Java 7 Update 17

Java Auto Updater

Junk Mail filter update

Kruidvat fotoservice

LibreOffice 3.6

LightScribe 1.4.124.1

Logitech High Quality Video

Logitech QuickCam-stuurprogrammapakket

Logitech Updater

Logitech Vid HD

Logitech Webcam Software

MakeDisc

MediaShow 3.0

Medion GoPal Assistant 4.03.006

Microcular

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft Application Error Reporting

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC100_CRT_SP1_x86

MobileMe Control Panel

MP3 Skype Recorder

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

Nokia Connectivity Cable Driver

Nokia PC Suite

NVIDIA Drivers

OCR Software by I.R.I.S. 13.0

OGA Notifier 2.0.0048.0

OpenOffice.org 3.4.1

Paint.NET v3.5.10

PC Connectivity Solution

PhotoMail Maker

PhotoNow 1.0

Platform

PowerCinema Linux 5.0

QuickTime

Scan

ScanSoft OmniPage SE 4

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Segoe UI

Shockwave Director 11.0.3

Skype Click to Call

SkypeT 6.1

SolutionCenter

SoulSeek 157 test 5

SoulSeek Client 156b

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Total Video Converter 3.61 100319

Ulead PhotoImpact 12

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VIA Platform apparaatbeheer

WebReg

Windows-stuurprogrammapakket - Hewlett-Packard Image (05/15/2008 11.5.0.116)

Windows-stuurprogrammapakket - Nokia pccsmcfd "LegacyDriver" (05/31/2012 7.1.2.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

X10 Hardware

Youtube Music Downloader V3.7.9

YTD Toolbar v6.6

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

::1 localhost

==== FireFox Fix ======================

Deleted from C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\bookmarkbackups\prefs.js:

user_pref("browser.search.defaultenginename", "Yahoo");

user_pref("browser.search.selectedEngine", "Yahoo");

user_pref("keyword.URL", "Yahoo! Search - Web Search=");

Added to C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\bookmarkbackups\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\Mail\prefs.js:

Added to C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\Mail\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins\prefs.js:

Added to C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\bookmarkbackups

user.js not found

---- Lines crossrider removed from prefs.js ----

---- Lines crossrider modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_20130104_1454_.backup

ProfilePath: C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found

---- Lines crossrider removed from prefs.js ----

---- Lines crossrider modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_20130104_1454_.backup

ProfilePath: C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\Mail

user.js not found

---- Lines crossrider removed from prefs.js ----

---- Lines crossrider modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_20130104_1454_.backup

ProfilePath: C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins

user.js not found

---- Lines crossrider removed from prefs.js ----

---- Lines crossrider modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_20130104_1454_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Public\Desktop\YTD Video Downloader.lnk" deleted

"C:\Program Files\Uninstall Information\ib_uninst_0" deleted

"C:\Program Files\Uninstall Information\ib_uninst_349" deleted

"C:\Program Files\Uninstall Information\ib_uninst_527" deleted

"C:\Program Files\RegClean Pro" deleted

"C:\Program Files\YTD Toolbar" deleted

"C:\Users\francois\AppData\Roaming\Systweak" deleted

"C:\Users\francois\AppData\Local\CRE" deleted

"C:\Users\francois\AppData\LocalLow\DataMngr" deleted

"C:\Users\francois\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\crossriderapp5060@crossrider.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-03-31 11:48:26 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-03-31 11:48:26 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-03-31 11:48:26 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-03-31 11:48:26 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-03-31 11:48:26 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

====== C:\Users\francois\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-04-01 07:13:24 40C7CD881EDE88755EAC1DA1F434C317 544 ----a-w- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD

====== C:\Windows\system32\drivers =====

2013-03-20 20:00:44 8D31A140B55021BBD3A608F5A7AA2E18 15872 ----a-w- C:\Windows\System32\drivers\usb8023.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-03-03 23:47:54 -------- d-----w- C:\Program Files\Common Files\Skype

======= C: =====

2013-03-30 12:06:33 EEAC0518CF0D90F0294E1FBEC99655EA 16174 ----a-w- C:\AdwCleaner[s2].txt

2013-03-30 11:00:44 71C21617893FCBCF4BF3D31E22B38B81 17383 ----a-w- C:\AdwCleaner[R1].txt

2013-03-30 10:47:22 504743D96774AFCE749D0C8B41DF7A42 384 ----a-w- C:\AdwCleaner[s1].txt

====== C:\Users\francois\AppData\Roaming ======

2013-03-31 12:33:21 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-03-31 12:33:20 -------- d-----w- C:\users\francois\AppData\Local\temp

2013-03-31 12:33:20 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-03-31 12:33:20 -------- d-----w- C:\users\Default User\AppData\Local\temp

====== C:\Users\francois ======

2013-03-31 12:33:21 -------- d-----w- C:\Users\Public\AppData

====== C: exe-files ==

2013-03-31 11:48:26 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-03-31 11:48:26 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-03-31 11:48:26 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-03-31 11:48:26 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-03-31 11:48:26 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-03-30 10:58:37 EC4961D7E0F6ACEF4E8446E062048D88 609993 ----a-w- C:\Users\francois\Downloads\adwcleaner (3).exe

2013-03-30 10:57:03 EC4961D7E0F6ACEF4E8446E062048D88 609993 ----a-w- C:\Users\francois\Downloads\adwcleaner (2).exe

2013-03-30 10:53:59 EC4961D7E0F6ACEF4E8446E062048D88 609993 ----a-w- C:\Users\francois\Downloads\adwcleaner (1).exe

2013-03-30 10:46:10 EC4961D7E0F6ACEF4E8446E062048D88 609993 ----a-w- C:\Users\francois\Downloads\adwcleaner.exe

2013-03-29 12:55:43 4BD5431F5F1E1252A817D340B145D29B 312672 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

2013-03-25 20:54:36 D13879F9A51F6F8C6AC33A5B86694E9F 24449680 ----a-w- C:\Program Files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe

=== C: other files ==

2013-04-01 07:11:04 38892FADF852D74476E4C32F77A49693 96 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-992474526-248551049-2733349607-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode"

"MP3 Skype Recorder"="C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe"

"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

"NvSvc"="RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart"

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide"

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

"BullGuard"="c:\program files\bullguard ltd\bullguard\BullGuard.exe -boot"

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe"

"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode"

"MP3 Skype Recorder"="C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\@C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/04/2012 13:33]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/04/2012 13:33]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000Core.job --a------ C:\Users\francois\AppData\Local\Google\Update\GoogleUpdate.exe [29/05/2012 18:34]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000UA.job --a------ C:\Users\francois\AppData\Local\Google\Update\GoogleUpdate.exe [29/05/2012 18:34]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- DealPly - %AppDir%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

==== Firefox Plugins ======================

==== Deleting Files \ Folders ======================

"C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}" deleted

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.telenet.be"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{C8104039-BA75-4514-9D27-86BA9CEAD80C} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}"

{F5CF7204-EB01-4AD7-9CBB-63F8A8FE4C35} Yahoo//uk.search.yahoo.com/search?p={searchTerms}&fr=FP-tab-web-t340&ei=UTF-8&meta=vc%3D"

==== Reset Google Chrome ======================

C:\users\francois\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\users\francois\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe -setDX

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe -setOGL

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth verwijderen.lnk - C:\Windows\System32\msiexec.exe /x {468D22C0-8080-11E2-B86E-B8AC6F98CCE3}

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe

==== HijackThis Entries ======================

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe

O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [bullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode

O4 - HKCU\..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll

O20 - AppInit_DLLs: C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

==== Silent Runners ======================

"Silent Runners.vbs", revision 69, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c [incrediMail, Ltd.]

Logitech Vid = "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [Logitech Inc.]

MP3 Skype Recorder = C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe [null data]

Skype = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

toolbar_eula_launcher = C:\Program Files\GoogleEULA\EULALauncher.exe [null data]

InstantOn = "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " [null data]

Windows Mobile-based device management = C:\Windows\WindowsMobile\wmdSync.exe

OpwareSE4 = "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [Nuance Communications, Inc.]

NvSvc = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [MS]

NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [MS]

beid = "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup [belgian Government]

LogitechQuickCamRibbon = "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [Logitech Inc.]

AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [Apple Inc.]

BullGuard = "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot [bullGuard Ltd.]

HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]

NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [MS]

Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]

BullGuardUpdate2 = c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [bullGuard Ltd.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub

-> {HKLM.CLSID} = Adobe PDF Link Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM.CLSID} = Java Plug-In SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM.CLSID} = Windows Live ID Sign-in Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM.CLSID} = Google Toolbar Helper

\InProcServer32\(Default) = c:\program files\google\googletoolbar1.dll [Google Inc.]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO

-> {HKLM.CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM.CLSID} = Java Plug-In 2 SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class

-> {HKLM.CLSID} = DesktopContext Class

\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]

{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper

-> {HKLM.CLSID} = NVIDIA CPL Extension

\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]

{9458E603-FF43-4134-9036-04B4C71791E3} = BullGuard Backup

-> {HKLM.CLSID} = BackupCopyHook Class

\InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [bullGuard Ltd.]

{1F25C6E4-E60D-421A-863F-D0C76F6AB211} = BullGuard Backup

-> {HKLM.CLSID} = BullGuard Online Drive

\InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BackupShellNamespace.dll [bullGuard Ltd.]

{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} = Nokia Phone Browser

-> {HKLM.CLSID} = Nokia Phone Browser

\InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler

-> {HKLM.CLSID} = OpenOffice.org Property Handler

\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll [Apache Software Foundation]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes

-> {HKLM.CLSID} = iTunes

\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

<<!>> AppInit_DLLs = C:\Windows\System32\BgGamingMonitor.dll c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll [bullGuard Ltd.]

HKCU\Software\Classes\PROTOCOLS\Handler\

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

-> {HKCU.CLSID} = IEProtocolHandler Class

\InProcServer32\(Default) = C:\Program Files\MP3 Skype Recorder\Skype4COM.dll [skype Technologies]

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

-> {HKLM.CLSID} = IEProtocolHandler Class

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS]

<<!>> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754}

-> {HKLM.CLSID} = Microsoft Infotech Storage Protocol for IE 4.0

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS]

<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS]

<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}

-> {HKLM.CLSID} = Skype IE add-on Pluggable Protocol

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

-> {HKCU.CLSID} = IEProtocolHandler Class

\InProcServer32\(Default) = C:\Program Files\MP3 Skype Recorder\Skype4COM.dll [skype Technologies]

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

-> {HKLM.CLSID} = IEProtocolHandler Class

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies]

<<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}

-> {HKLM.CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler

\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

{F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E}\(Default) = (no title provided)

-> {HKLM.CLSID} = BgShellExt Class

\InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [bullGuard Ltd.]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

BackupCopyHook\(Default) = {9458E603-FF43-4134-9036-04B4C71791E3}

-> {HKLM.CLSID} = BackupCopyHook Class

\InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [bullGuard Ltd.]

Nokia\(Default) = {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}

-> {HKLM.CLSID} = Nokia Phone Browser

\InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439}

-> {HKLM.CLSID} = DesktopContext Class

\InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM.CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

bgshellext\(Default) = {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E}

-> {HKLM.CLSID} = BgShellExt Class

\InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [bullGuard Ltd.]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

EnableLUA = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

Wallpaper = C:\Windows\Web\Wallpaper\img36.jpg

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Windows\Web\Wallpaper\img36.jpg

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

SCRNSAVE.EXE = C:\Windows\system32\Bubbles.scr [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

HPAutoplayPSE\

Provider = HP Photosmart Essential 3.5

InvokeProgID = HpqPSApl.Autoplay

InvokeVerb = Play

HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1}

-> {HKLM.CLSID} = (no title provided)

\LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard]

iTunesBurnCDOnArrival\

Provider = iTunes

InvokeProgID = iTunes.BurnCD

InvokeVerb = burn

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ImportSongsOnCD

InvokeVerb = import

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.PlaySongsOnCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ShowSongsOnCD

InvokeVerb = showsongs

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

NeroAutoPlay7AudioToNeroDigital\

Provider = Nero Burning ROM Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = AudioToNeroDigital_PlayCDAudioOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L [Nero AG]

NeroAutoPlay7CDAudio\

Provider = Nero Express Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = CDAudio_HandleCDBurningOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD [Nero AG]

NeroAutoPlay7CopyCD\

Provider = Nero Burning ROM Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = CopyCD_PlayMusicFilesOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L [Nero AG]

NeroAutoPlay7DataDisc\

Provider = Nero Express Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = DataDisc_HandleCDBurningOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc [Nero AG]

NeroAutoPlay7LaunchNeroStartSmart\

Provider = Nero StartSmart Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG]

NeroAutoPlay7PlayAudioCD\

Provider = Nero ShowTime Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = PlayAudioCD_PlayMusicFilesOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L [Nero AG]

NeroAutoPlay7PlayDVD\

Provider = Nero ShowTime Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = PlayDVD_PlayVideoFilesOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L [Nero AG]

NeroAutoPlay7RipCD\

Provider = Nero Burning ROM Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = RipCD_PlayCDAudioOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L [Nero AG]

NeroAutoPlay7TranscodeVideo\

Provider = Nero Recode Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = TranscodeVideo_PlayDVDMovieOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo [Nero AG]

NeroAutoPlay7VideoCapture\

Provider = Nero Vision Essentials

ProgID = Shell.HWEventHandlerShellExecute

InitCmdLine = "C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

-> {HKLM.CLSID} = Shell Execute Hardware Event Handler

\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

NeroAutoPlay7ViewPhotos\

Provider = Nero PhotoSnap Viewer Essentials

InvokeProgID = Nero.AutoPlay7

InvokeVerb = ViewPhotos_ShowPicturesOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe / [Nero AG]

TVPPlayDVDMovieOnArrival\

Provider = Total Video Player

InvokeProgID = totalplayer.dvd

InvokeVerb = open

HKLM\SOFTWARE\Classes\totalplayer.dvd\shell\open\command\(Default) = C:\Program Files\Total Video Converter\tvp.exe -dvd %1 [empty string]

WIA_{4DD10255-97A3-4B04-9D9E-D6B39980EBF8}\

Provider = Ulead PhotoImpact 12

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;"C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\iedit.exe" /W;

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{72D327BF-A6E2-4D6F-853E-B5DA345C76AA}\

Provider = HP Photosmart Essential 3.5

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe;

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{AF2B178F-085C-4E1E-A8ED-6D6236D2408B}\

Provider = PhotoImpact 12

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit_.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{B6927D7D-C265-404F-83EA-6E36EAC96626}\

Provider = PhotoImpact 12

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit.Exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{D695D376-E623-477B-83FF-42AFEE6AA593}\

Provider = OmniPage SE 4

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\ScanSoft\OmniPageSE4\omnipage.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Windows Sidebar Gadgets: {++}

------------------------

C:\Users\francois\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCPU.Gadget"

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]

CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]

CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS]

GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000Core -> launches: C:\Users\francois\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskUserS-1-5-21-992474526-248551049-2733349607-1000UA -> launches: C:\Users\francois\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

User_Feed_Synchronization-{52016BC6-1CD0-4618-A682-240D98DD3EAC} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]

{038A256B-DE02-458B-8C87-9E4F7621807C} -> launches: C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ [MS]

{0FCAC9BA-CE71-40A1-8CEE-AF20EADEB580} -> launches: C:\Program Files\Skype\Phone\Skype.exe [skype Technologies S.A.]

{1B0C6B7C-8DEF-4184-A278-C4E7308902CE} -> launches: C:\Windows\system32\pcalua.exe -a E:\Setup\English\demo32.exe -d E:\Setup\English [MS]

{297EF8D0-F8A0-4FFC-BB31-30C657465201} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\francois\Desktop\OOo_3.2.1_Win_x86_install-wJRE_nl.exe -d C:\Users\francois\Desktop [MS]

{3494A759-D0F9-450D-A5FF-11C64900D47F} -> launches: C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ [MS]

{3525F545-8AAC-4F0E-AB9C-785A5F0332EE} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\francois\Desktop\OpenOffice.org 2.4 (nl) Installation Files\instmsia.exe" -d "C:\Users\francois\Desktop\OpenOffice.org 2.4 (nl) Installation Files" [MS]

{3A3DD8F8-F870-45E3-8410-D543FD9CC7D4} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\francois\Desktop\OpenOffice.org 2.4 (nl) Installation Files\instmsiw.exe" -d "C:\Users\francois\Desktop\OpenOffice.org 2.4 (nl) Installation Files" [MS]

{3B34B355-84E3-405E-9D30-F2E8C53FAA34} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NYAC5R8\setup_basic_G3110_3.exe" -d C:\Users\francois\Desktop [MS]

{48898A06-0BD5-44F8-B8D0-5F6E4CDF83C1} -> launches: C:\Windows\system32\pcalua.exe -a E:\Nederlands\ar500nld.exe -d E:\Nederlands [MS]

{5430CC89-60AD-42E6-B909-096E7E34FD7E} -> launches: C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN [MS]

{55602F1F-9B9A-40F8-AA9B-472C6A7BBDAE} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\BrowserCompanion\uninstall.exe" [MS]

{60450085-23EC-42EB-9515-BEE5D7BB5873} -> launches: "C:\Program Files\Internet Explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype [MS]

{771086A4-68A1-4682-9B99-9F5339EA2E8B} -> launches: C:\Windows\system32\pcalua.exe -a E:\PC-Okular_Driver\Setup.exe -d E:\PC-Okular_Driver [MS]

{816BB3C0-EC31-4F8F-A5E4-2CD17B299F06} -> launches: "C:\Program Files\Internet Explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype [MS]

{9588F8D1-2DF9-44F5-88DA-7A8B51D2F6AD} -> launches: "C:\Program Files\Internet Explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype [MS]

{968BADB1-9D31-41D6-83D9-5CBFFE170FC5} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\francois\Downloads\setup.exe -d C:\Users\francois\Downloads [MS]

{AA535FDE-6D70-4298-BAF4-836A505DA1E6} -> launches: C:\Windows\system32\pcalua.exe -a E:\_ISDEL.EXE -d E:\ [MS]

{BD7572A9-3013-495F-832E-89DDE22E5240} -> launches: C:\Windows\system32\pcalua.exe -a "c:\Users\francois\Downloads\open office.exe" [MS]

{BEB5C13E-76D1-4392-B93C-141CAF384E97} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\Belgium Identity Card\beidoutlooksnc.exe" -d "C:\Program Files\Belgium Identity Card\" [MS]

{C8856147-FF06-4BA0-A3EA-FDC96BA16922} -> launches: C:\Windows\system32\pcalua.exe -a E:\NL\MSWorks\instmsia.exe -d E:\NL\MSWorks [MS]

{C8F79C96-3467-4D5B-921C-D9398D5AB82F} -> launches: "C:\Program Files\Internet Explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype [MS]

{D31F66BA-3A78-4030-9DB2-83F551302D5D} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\francois\Desktop\OOo_3.0.0_Win32Intel_install_wJRE_nl.exe -d C:\Users\francois\Desktop [MS]

{DE6A1B01-868A-497B-B30F-C26591B222E6} -> launches: C:\Windows\system32\pcalua.exe -a E:\Nederlands\Install.exe -d E:\Nederlands [MS]

{DFCEBC01-F83F-49DF-8395-1DCEB760657F} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1XZ6BIY\slsk156b[1].exe" -d C:\Users\francois [MS]

{F03D4E2A-0016-4F0C-AC93-60549F9BC21D} -> launches: "C:\Program Files\Internet Explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype [MS]

{F2E11E0C-4F96-49BF-8C2F-9110519DBC9D} -> launches: C:\Program Files\Skype\Phone\Skype.exe [skype Technologies S.A.]

C:\Windows\System32\Tasks\Apple

AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM.CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM.CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM.CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ManualDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -i -g [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS]

OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]

OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM.CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61}

-> {HKLM.CLSID} = Transient Multi-Monitor Manager

\InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM.CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection

NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f}

-> {HKLM.CLSID} = Nap ITask Handler Implementation

\InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell

CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2}

-> {HKLM.CLSID} = CrawlStartPages Task Handler

\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM.CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]

IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM.CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM.CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS]

CheckFull -> launches: sdclt.exe /CHECKFULL [MS]

Windows Backup Monitor -> launches: sdclt.exe /DETECTFAILURE [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar

Reminders - francois -> launches: C:\Program Files\Windows Calendar\WinCal.exe /reminder [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired

GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless

GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender

MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges [MS]

MP Scheduled Signature Update -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe SignatureUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}

-> {HKLM.CLSID} = Windows Live Social Object Extractor Engine Definition Updater

\InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD

SqmUpload_S-1-5-21-992474526-248551049-2733349607-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\Windows\system32\BGLsp.dll [bullGuard Ltd.], 01 - 10, 21

%SystemRoot%\system32\mswsock.dll [MS], 11 - 20, 22 - 39

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

-> {HKLM.CLSID} = &Google

\InProcServer32\(Default) = c:\program files\google\googletoolbar1.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)

-> {HKLM.CLSID} = &Google

\InProcServer32\(Default) = c:\program files\google\googletoolbar1.dll [Google Inc.]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{27FD17FB-CF63-486B-B2BE-8D8781CBEA01}\

ButtonText = BullGuard

CLSIDExtension = {27FD17FB-CF63-486b-B2BE-8D8781CBEA01}

-> {HKLM.CLSID} = BGIEToolbarButton Class

\InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll [bullGuard Ltd.]

{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\

ButtonText = Skype Click to Call

CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

-> {HKLM.CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]

Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]

BullGuard backup service, BsBackup, C:\Windows\System32\SvcHost.exe -k BullGuard_Backup {C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [bullGuard Ltd.]}

BullGuard behavioural detection service, BsBhvScan, C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [bullGuard Ltd.]

BullGuard e-mail monitoring service, BsMailProxy, C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy {c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [bullGuard Ltd.]}

BullGuard firewall service, BsFire, C:\Windows\System32\SvcHost.exe -k BullGuard {c:\program files\bullguard ltd\bullguard\BsFire.dll [bullGuard Ltd.]}

BullGuard main service, BsMain, C:\Windows\System32\SvcHost.exe -k BullGuard_Main {C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [bullGuard Ltd.]}

BullGuard on-access service, BsFileScan, C:\Windows\System32\SvcHost.exe -k BullGuard {c:\program files\bullguard ltd\bullguard\BsFileScan.dll [bullGuard Ltd.]}

BullGuard scanning service, BsScanner, C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [bullGuard Ltd.]

BullGuard update service, BsUpdate, C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [bullGuard Ltd.]

iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]

LexBce Server, LexBceS, C:\Windows\System32\LEXBCES.EXE [Lexmark International, Inc.]

LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company]

Op Windows Mobile gebaseerde apparaatverbinding, RapiMgr, C:\Windows\system32\svchost.exe -k WindowsMobile {C:\Windows\WindowsMobile\rapimgr.dll [MS]}

Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]}

Process Monitor, LVPrcSrv, "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [Logitech Inc.]

Skype C2C Service, Skype C2C Service, "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [skype Technologies S.A.]

UMVPFSrv, UMVPFSrv, C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [Logitech Inc.]

Windows Installer, msiserver, C:\Windows\system32\msiexec.exe /V [MS]

Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]

X10 Device Network Service, x10nets, C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [X10]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> BsMain, Service

<<!>> BsScanner, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> BsMain, Service

<<!>> BsScanner, Service

<<!>> BsUpdate, Service

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor MP140 series\Driver = CNMLM8R.DLL [CANON INC.]

Lexmark Network Port\Driver = LEXLMPM.DLL [Lexmark International, Inc.]

PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company]

==== Empty IE Cache ======================

C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\479L409T will be deleted at reboot

C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVMTGBXD will be deleted at reboot

C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\francois\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\francois\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\479L409T" not found

"C:\Users\francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVMTGBXD" not found

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.