Ga naar inhoud

RSIT logje


Aanbevolen berichten

Heb hier een laptop van een kennis en heb een RSIT logje gemaakt voor nazicht ;-)

Logfile of random's system information tool 1.09 (written by random/random)

Run by Laura at 2013-11-16 15:31:55

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 93 GB (64%) free of 145 GB

Total RAM: 3005 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:32:02, on 16-11-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\windows\system32\taskeng.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\windows\system32\Dwm.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\explorer.exe

C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\Laura\Downloads\RSIT.exe

C:\Program Files\trend micro\Laura.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"

O4 - HKLM\..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"

O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--

End of file - 9206 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\fjndoxwb.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

NPOFFICE.DLL

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\

bing.xml

bolcom-nl.xml

google.xml

marktplaats-nl.xml

wikipedia-nl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-16 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-16 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-12-14 8120864]

"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-03-09 40960]

"3170 Scan2PC"=C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe [2008-08-07 495616]

"HP Color LaserJet CM2320 MFP Series Fax"=C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [2009-09-22 2453504]

""= []

"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2009-05-11 24576]

"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-08-25 136216]

"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-08-25 171032]

"Persistence"=C:\windows\system32\igfxpers.exe [2010-08-25 170520]

"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

"ToolboxFX"=C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [2010-10-25 58936]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-09-17 152392]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11 958576]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APLangApp]

C:\Program Files\AnyPC Client\APLangApp.exe [2009-10-20 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2013-09-17 152392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-03-09 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]

C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2008-08-11 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-26 1713448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]

C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]

C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-07-21 210216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]

C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 159456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"msacm.siren"=sirenacm.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.PLCMsiren"=PLCMsiren.acm

"msacm.PLCMg729A"=PLCMg729A.acm

"msacm.PLCMg7221"=PLCMg7221.acm

"msacm.PLCMg719"=PLCMg719.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-11-16 15:31:55 ----D---- C:\rsit

2013-11-16 15:31:55 ----D---- C:\Program Files\trend micro

2013-11-16 15:26:37 ----D---- C:\ProgramData\Mozilla

2013-11-16 15:26:36 ----D---- C:\Program Files\Mozilla Maintenance Service

2013-11-16 15:05:15 ----D---- C:\ProgramData\Oracle

2013-11-16 15:05:09 ----D---- C:\Program Files\Common Files\Java

2013-11-16 15:04:47 ----A---- C:\windows\system32\javaws.exe

2013-11-16 15:04:39 ----A---- C:\windows\system32\WindowsAccessBridge.dll

2013-11-16 14:52:21 ----D---- C:\Program Files\Common Files\Adobe

2013-11-16 14:52:21 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 1 month======

2013-11-16 15:31:55 ----RD---- C:\Program Files

2013-11-16 15:31:04 ----D---- C:\windows\Temp

2013-11-16 15:30:42 ----D---- C:\windows\inf

2013-11-16 15:30:42 ----D---- C:\Windows

2013-11-16 15:26:37 ----HD---- C:\ProgramData

2013-11-16 15:26:37 ----D---- C:\Program Files\Mozilla Firefox

2013-11-16 15:20:57 ----D---- C:\windows\system32\drivers

2013-11-16 15:16:45 ----D---- C:\windows\system32\config

2013-11-16 15:07:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-11-16 15:05:11 ----SHD---- C:\windows\Installer

2013-11-16 15:05:10 ----HD---- C:\Config.Msi

2013-11-16 15:05:09 ----D---- C:\Program Files\Common Files

2013-11-16 15:05:00 ----SHD---- C:\System Volume Information

2013-11-16 15:04:47 ----D---- C:\windows\System32

2013-11-16 15:04:28 ----A---- C:\windows\system32\javaw.exe

2013-11-16 15:04:28 ----A---- C:\windows\system32\java.exe

2013-11-16 15:03:30 ----D---- C:\windows\Prefetch

2013-11-16 14:52:24 ----D---- C:\ProgramData\Adobe

2013-11-16 14:47:50 ----D---- C:\Users\Laura\AppData\Roaming\Dropbox

2013-11-15 11:20:29 ----D---- C:\windows\system32\FxsTmp

2013-11-14 12:38:56 ----A---- C:\windows\system32\PerfStringBackup.INI

2013-11-13 13:42:18 ----D---- C:\Program Files\Microsoft Silverlight

2013-11-11 13:58:45 ----D---- C:\windows\system32\catroot2

2013-11-01 07:40:26 ----D---- C:\windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-10-13 331288]

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]

R1 MpKsl62509657;MpKsl62509657; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{99BDCEB2-DCCF-47B5-9458-C5480E90A916}\MpKsl62509657.sys [2013-11-16 40392]

R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R2 SSPORT;SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-12-14 1245696]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-12-14 2977248]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]

R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]

R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]

R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-02-26 242992]

S2 DgiVecp;DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [2007-10-22 41984]

S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys [2009-11-04 112640]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2009-11-04 102912]

S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []

S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]

S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

S3 WinUsb;WinUsb-stuurprogramma; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\windows\system32\svchost.exe [2009-07-14 20992]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]

R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]

R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2009-07-14 20992]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-09-17 553288]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-16 129976]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 268512]

S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 6363872]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 444640]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2013-11-16 15:32:04

======Uninstall list======

-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}

-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}

1000Word-->C:\windows\uninst.exe -f"C:\Program Files\Halloween\Van A tot Alfabet\DeIsL1.isu"

32 Bit HP CIO Components Installer-->MsiExec.exe /I{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}

32 Bit HP CIO Components Installer-->MsiExec.exe /I{A80FA752-C491-4ED9-ABF0-4278563160B2}

Aangifte voor buitenlandse belastingplichtigen 2011-->C:\Program Files\Belastingdienst\Aangifte voor buitenlandse belastingplichtigen\2011\ca2011u.exe

Aangifte voor buitenlandse belastingplichtigen 2012-->C:\Users\Laura\Desktop\2012\ca2012u.exe

Adobe Flash Player 11 ActiveX-->C:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -maintain activex

Adobe Reader XI (11.0.03) - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AB0000000001}

AnyPC Client-->"C:\Program Files\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\setup.exe" -runfromtemp -l0x0409 -removeonly

Apple Application Support-->MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D}

Apple Mobile Device Support-->MsiExec.exe /I{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Atheros Client Installation Program-->"C:\Program Files\InstallShield Installation Information\{D1434266-0486-4469-B338-A60082CC04E1}\setup.exe" -runfromtemp -l0x0009 -removeonly

Auditieve Training 2.2-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Auditief\ST6UNST.LOG"

BatteryLifeExtender-->MsiExec.exe /I{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

Brother DCP-8065DN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BFA7F0AB-68C8-4F7D-BC2D-66547E2FCD5A}\setup.exe" -l0x13 -removeonly /uninst

Brother DCP-9042CDN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50C0B584-FEAA-432F-807E-83B0A31A8F76}\setup.exe" -l0x13 -removeonly /uninst

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

ClearSea-->MsiExec.exe /X{B12A4529-0FCF-4D9B-BCAE-88E625D3A336}

Compatibiliteitspakket voor het 2007 Microsoft Office system-->MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}

Cool Edit 2000-->C:\Program Files\Cool2000\ce2Kunin.exe

CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall

CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall

CyberLink LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

CyberLink LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall

CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall

CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall

CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

deskPDF 2.5 Standard Edition-->"C:\Program Files\Docudesk\deskPDF\unins000.exe"

Docudesk GPL Ghostscript 8.15-->"C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"

Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly

Easy Network Manager-->MsiExec.exe /I{A5675A9E-F073-414A-9A04-F9BCD50459D7}

Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove

EasyBatteryManager-->"C:\Program Files\InstallShield Installation Information\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}\setup.exe" -runfromtemp -l0x0009 -removeonly

EDUROM Klanken en rijmen-->C:\windows\IsUn0413.exe -fC:\windows\Edurom31.isu

EDUROM Luistervaardigheid-->C:\windows\IsUn0413.exe -fC:\windows\Edurom33.isu

EDUROM Werkwoordspelling-->C:\windows\IsUn0413.exe -fC:\windows\Edurom26.isu

EDUROM Woordenschat en dictee-->MsiExec.exe /I{B8A1C988-7394-41B0-B7AE-48769D01F90A}

Flits 3-->"C:\nib\unins000.exe"

Flits 3-->"C:\nib\unins001.exe"

HP Color LaserJet CM2320 MFP Series 3.1-->C:\Program Files\HP\Digital Imaging\{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}\setup\hpzscr01.exe -datfile hppscr12.dat -onestop -forcereboot

HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP LaserJet Professional CM1410 Series-->C:\Program Files\HP\csiInstaller\0EF0EA0D-F945-4958-85CC-60FF1E86D216\Setup.exe /Uninstall

HP LJ CM1410 MFP Series HP Scan-->MsiExec.exe /I{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}

HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}

HPLaserJetHelp_LearnCenter-->MsiExec.exe /X{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}

I.R.I.S. OCR-->MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61}

Intel® Graphics Media Accelerator Driver-->C:\windows\system32\igxpun.exe -uninstall

Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall

iTunes-->MsiExec.exe /I{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}

Java 7 Update 45-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217045FF}

Java 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}

Malwarebytes Anti-Malware versie 1.75.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Marketsplash Shortcuts-->MsiExec.exe /X{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}

Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe

Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}

Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Antimalware Service NL-NL Language Pack-->MsiExec.exe /X{7C4C5B40-43E1-4890-AD50-E1E8F8446D5F}

Microsoft Antimalware Service NL-NL Language Pack-->MsiExec.exe /X{A39FD4D2-002C-49F9-A13D-C15BC435D92E}

Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (Dutch)-->MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE}

Microsoft Office Professional Editie 2003-->MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Security Client NL-NL Language Pack-->MsiExec.exe /I{859B9BCA-5376-4566-9F88-C6C9DAA7A925}

Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Mozilla Firefox 12.0 (x86 nl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}

QuickTime-->MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}

QuickVoice Sync-->MsiExec.exe /X{5021DBA5-81AF-4AE9-81DE-DD43FA0D8C94}

Readiris Pro 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}\setup.exe" -l0x9

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly

Safari-->MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}

Samsung CLX-3170 Series-->C:\Program Files\Samsung\Samsung CLX-3170 Series\Install\Setup.exe /R

Samsung Recovery Solution 4-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0009 -removeonly

Samsung Support Center-->MsiExec.exe /I{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}

Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}\setup.exe" -runfromtemp -l0x0009 -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP

Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}

Skype™ 5.10-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}

SmarThru 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\Setup.exe" -l0x9 uninstall -l0009

SmarThru PC Fax-->C:\windows\prinst.exe /m"Samsung" /u"SmarThru PC Fax"

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Taal voor kleuters-->C:\windows\iun6002.exe "C:\muiswerk\thuis\CD001unin.ini"

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP

TCD 19 Begrijpend Lezen-->C:\windows\iun6002.exe "C:\muiswerk\thuis\CD519unin.ini"

TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe

TNL-lezen 2.0-->"C:\Program Files\Toch Nog Leren Lezen - Lezen\unins000.exe"

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Voice Profiler 5.0 USB-->C:\windows\uninst.exe -f"C:\Program Files\Voice Quality Systems\Voice Profiler 5.0 USB\DeIsL2.isu" -cC:\PROGRA~1\VOICEQ~1\VOICEP~1.0US\_ISREG32.DLL

Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}

Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}

Windows Live Messenger-->MsiExec.exe /X{10F5387D-1728-423A-A578-B00982CF2646}

Windows Live Sync-->MsiExec.exe /X{CD19EDD9-1632-4002-9212-7478E4BA0423}

Windows Mobile Device Updater Component-->MsiExec.exe /X{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}

Woordenhaai 3.06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D6C5809-1A06-4209-BCC0-9BC634A1B41E}\setup.exe" -l0x13 -removeonly

WoordenSTART Thuis Thema 5-->MsiExec.exe /I{492771DD-641A-4B30-8608-38A73EC7D055}

Woordkennis voor kleuters-->C:\windows\iun6002.exe "C:\muiswerk\thuis\CD077unin.ini"

Zune Language Pack (CHS)-->MsiExec.exe /X{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}

Zune Language Pack (CHT)-->MsiExec.exe /X{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}

Zune Language Pack (CSY)-->MsiExec.exe /X{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}

Zune Language Pack (DAN)-->MsiExec.exe /X{8B112338-2B08-4851-AF84-E7CAD74CEB32}

Zune Language Pack (DEU)-->MsiExec.exe /X{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}

Zune Language Pack (ELL)-->MsiExec.exe /X{3589A659-F732-4E65-A89A-5438C332E59D}

Zune Language Pack (ESP)-->MsiExec.exe /X{6B33492E-FBBC-4EC3-8738-09E16E395A10}

Zune Language Pack (FIN)-->MsiExec.exe /X{B4870774-5F3A-46D9-9DFE-06FB5599E26B}

Zune Language Pack (FRA)-->MsiExec.exe /X{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}

Zune Language Pack (HUN)-->MsiExec.exe /X{C6BE19C6-B102-4038-B2A6-1C313872DBB4}

Zune Language Pack (IND)-->MsiExec.exe /X{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}

Zune Language Pack (ITA)-->MsiExec.exe /X{C5D37FFA-7483-410B-982B-91E93FD3B7DA}

Zune Language Pack (JPN)-->MsiExec.exe /X{D8A781C9-3892-4E2E-9320-480CF896CFBB}

Zune Language Pack (KOR)-->MsiExec.exe /X{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}

Zune Language Pack (MSL)-->MsiExec.exe /X{76BA306B-2AA0-47C0-AB6B-F313AB56C136}

Zune Language Pack (NLD)-->MsiExec.exe /X{6740BCB0-5863-47F4-80F4-44F394DE4FE2}

Zune Language Pack (NOR)-->MsiExec.exe /X{5DEFD397-4012-46C3-B6DA-E8013E660772}

Zune Language Pack (PLK)-->MsiExec.exe /X{8960A0A1-BB5A-479E-92CF-65AB9D684B43}

Zune Language Pack (PTB)-->MsiExec.exe /X{07EEE598-5F21-4B57-B40B-46592625B3D9}

Zune Language Pack (PTG)-->MsiExec.exe /X{5C93E291-A1CC-4E51-85C6-E194209FCDB4}

Zune Language Pack (RUS)-->MsiExec.exe /X{57C51D56-B287-4C11-9192-EC3C46EF76A4}

Zune Language Pack (SVE)-->MsiExec.exe /X{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}

Zune-->C:\Program Files\Zune\ZuneSetup.exe /x

Zune-->MsiExec.exe /X{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}

======Hosts File======

10.0.0.17 NPI03217F

======System event log======

Computer Name: Laura-PC

Event Code: 26

Message: De volgende statuswaarden zijn beschikbaar op de processor 1 in de groep 0:

3 inactief

3 prestaties

8 vertraging

Record Number: 344356

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20130319064508.109616-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

Computer Name: Laura-PC

Event Code: 26

Message: De volgende statuswaarden zijn beschikbaar op de processor 0 in de groep 0:

3 inactief

3 prestaties

8 vertraging

Record Number: 344355

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20130319064507.891216-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

Computer Name: Laura-PC

Event Code: 138

Message: Autonegotiation Mode 2

Record Number: 344354

Source Name: yukonw7

Time Written: 20130319064507.392015-000

Event Type: Informatie

User:

Computer Name: Laura-PC

Event Code: 89

Message: ACPI-thermale zone ACPI\ThermalZone\TZ01 is geïnventariseerd.

_PSV = 368K

_TC1 = 0

_TC2 = 10

_TSP = 200ms

_AC0 = 0K

_AC1 = 0K

_AC2 = 0K

_AC3 = 0K

_AC4 = 0K

_AC5 = 0K

_AC6 = 0K

_AC7 = 0K

_AC8 = 0K

_AC9 = 0K

_CRT = 371K

_HOT = 0K

_PSL - zie gebeurtenisgegevens.

Record Number: 344353

Source Name: Microsoft-Windows-Kernel-Power

Time Written: 20130319064506.440413-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

Computer Name: Laura-PC

Event Code: 89

Message: ACPI-thermale zone ACPI\ThermalZone\TZ00 is geïnventariseerd.

_PSV = 368K

_TC1 = 0

_TC2 = 10

_TSP = 200ms

_AC0 = 0K

_AC1 = 0K

_AC2 = 0K

_AC3 = 0K

_AC4 = 0K

_AC5 = 0K

_AC6 = 0K

_AC7 = 0K

_AC8 = 0K

_AC9 = 0K

_CRT = 371K

_HOT = 0K

_PSL - zie gebeurtenisgegevens.

Record Number: 344352

Source Name: Microsoft-Windows-Kernel-Power

Time Written: 20130319064506.440413-000

Event Type: Informatie

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Laura-PC

Event Code: 1001

Message: Foutbucket 111712637, type 5

Naam van gebeurtenis: ServiceHang

Antwoord: Niet beschikbaar

Id van CAB-bestand: 0

Handtekening van probleem:

P1: hpqddsvc

P2: hpqddsvc.dll

P3: 100.0.190.0

P4: 20

P5: 2

P6:

P7:

P8:

P9:

P10:

Bijgevoegde bestanden:

C:\Windows\Temp\WERAB99.tmp.WERInternalMetadata.xml

C:\Windows\Temp\WERABBA.tmp.hdmp

C:\Windows\Temp\WERB201.tmp.mdmp

Deze bestanden zijn mogelijk hier beschikbaar:

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_hpqddsvc_a6f121c83dded3627eb065cae3e3fc6dd735017_0db214e6

Analysesymbool:

Opnieuw zoeken naar oplossing: 0nRapport-id: dc5537d6-7c28-11e1-948f-0024545955dc

Rapportstatus: 0

Record Number: 59051

Source Name: Windows Error Reporting

Time Written: 20120401183141.000000-000

Event Type: Informatie

User:

Computer Name: Laura-PC

Event Code: 1003

Message: De Windows Search-service is gestart.

Record Number: 59050

Source Name: Microsoft-Windows-Search

Time Written: 20120401183135.000000-000

Event Type: Informatie

User:

Computer Name: Laura-PC

Event Code: 302

Message: Windows (152) Windows: De database-engine heeft de herstelstappen uitgevoerd.

Record Number: 59049

Source Name: ESENT

Time Written: 20120401183128.000000-000

Event Type: Informatie

User:

Computer Name: Laura-PC

Event Code: 301

Message: Windows (152) Windows: De database-engine is begonnen met het opnieuw afspelen van logboekbestand C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Record Number: 59048

Source Name: ESENT

Time Written: 20120401183127.000000-000

Event Type: Informatie

User:

Computer Name: Laura-PC

Event Code: 301

Message: Windows (152) Windows: De database-engine is begonnen met het opnieuw afspelen van logboekbestand C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01F09.log.

Record Number: 59047

Source Name: ESENT

Time Written: 20120401183124.000000-000

Event Type: Informatie

User:

=====Security event log=====

Computer Name: Laura-PC

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-0-0

Accountnaam: -

Accountdomein: -

Aanmeldings-id: 0x0

Aanmeldingstype: 3

Nieuwe aanmelding:

Beveiligings-id: S-1-5-7

Accountnaam: ANONIEME LOGON

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x7d706f

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x0

Naam proces: -

Netwerkgegevens:

Naam van werkstation: LOGOPEDICA-PC

Netwerkadres van bron: 10.0.0.10

Poort van bron: 49769

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: NtLmSsp

Verificatiepakket: NTLM

Doorgezette services: -

Pakketnaam (alleen NTLM): NTLM V1

Sleutellengte: 128

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 71986

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120625124011.280251-000

Event Type: Controle geslaagd

User:

Computer Name: Laura-PC

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-0-0

Accountnaam: -

Accountdomein: -

Aanmeldings-id: 0x0

Aanmeldingstype: 3

Nieuwe aanmelding:

Beveiligings-id: S-1-5-7

Accountnaam: ANONIEME LOGON

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x7d700f

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x0

Naam proces: -

Netwerkgegevens:

Naam van werkstation: LOGOPEDICA-PC

Netwerkadres van bron: 10.0.0.10

Poort van bron: 49768

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: NtLmSsp

Verificatiepakket: NTLM

Doorgezette services: -

Pakketnaam (alleen NTLM): NTLM V1

Sleutellengte: 128

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 71985

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120625124010.359850-000

Event Type: Controle geslaagd

User:

Computer Name: Laura-PC

Event Code: 4634

Message: Er is een account afgemeld.

Onderwerp:

Beveiligings-id: S-1-5-7

Accountnaam: ANONIEME LOGON

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x7a8008

Aanmeldingstype: 3

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt vernietigd. De gebeurtenis kan met behulp van de aanmeldings-id positief worden afgestemd met een aanmeldingsgebeurtenis. Aanmeldings-id's zijn alleen uniek wanneer de computer opnieuw is opgestart.

Record Number: 71984

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120625122821.756805-000

Event Type: Controle geslaagd

User:

Computer Name: Laura-PC

Event Code: 4634

Message: Er is een account afgemeld.

Onderwerp:

Beveiligings-id: S-1-5-7

Accountnaam: ANONIEME LOGON

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x7a7a0d

Aanmeldingstype: 3

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt vernietigd. De gebeurtenis kan met behulp van de aanmeldings-id positief worden afgestemd met een aanmeldingsgebeurtenis. Aanmeldings-id's zijn alleen uniek wanneer de computer opnieuw is opgestart.

Record Number: 71983

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120625122821.756805-000

Event Type: Controle geslaagd

User:

Computer Name: Laura-PC

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-0-0

Accountnaam: -

Accountdomein: -

Aanmeldings-id: 0x0

Aanmeldingstype: 3

Nieuwe aanmelding:

Beveiligings-id: S-1-5-7

Accountnaam: ANONIEME LOGON

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x7a8008

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x0

Naam proces: -

Netwerkgegevens:

Naam van werkstation: LOGOPEDICA-PC

Netwerkadres van bron: 10.0.0.10

Poort van bron: 49755

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: NtLmSsp

Verificatiepakket: NTLM

Doorgezette services: -

Pakketnaam (alleen NTLM): NTLM V1

Sleutellengte: 128

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 71982

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120625122809.011583-000

Event Type: Controle geslaagd

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Sprint Nederlands\speech\components\common;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Ik zie niks bijzonders, had je klachten?

- - - Updated - - -

Voor de zekerheid.

Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag

1fadad0a-9261-4491-96ff-bfe101a6e5ef_zpsc967aa95.jpg

  1. XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.
    Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".
  2. Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
  3. Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.
  4. Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.
  5. Dubbelklik nu op de snelkoppeling met de naam ZHPDiag
  6. Het startvenster verschijnt, klik nu op "Configurer".
  7. Klik rechts onderaan op het icoontje met het huisje "Sélectionner une langue" en kies "Anglais"(Engels).
  8. Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnostic options".
  9. Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
  10. Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze in je volgende bericht.

Link naar reactie
Delen op andere sites

Ja er waren diverse klachten, bij de personen in kwestie liep de laptop zowat vast en was heel erg traag na het opstarten en ze hadden een hele slechte connectie met het netwerk.

Heb de laptop mee naar huis genomen en hier werkt alles zoals het hoort :hmmmm: blijkbaar zit het met het netwerk bij hun niet goed.

Ze gebruiken diverse netwerk mappen en zo meer en door de slechte netwerkverbinding liep de laptop heel erg traag met het zoeken naar deze netwerk mappen.

Hier loopt de laptop alvast als een trein en zal morgen eens langs gaan om daar verder te kijken.

Maar hier het door jou gevraagde logje.

~ Report of ZHPDiag v2013.11.16.34 - Nicolas Coolman (16-11-2013)

~ Launched by Laura (16-11-2013 22:31:44)

~ Web site address : Home - Malicius Software Information

~ Free support forums for disinfection : Links - Malicius Software Information

~ Translated by

~ Version State :

~ White List : Activate by program

~ Elevation of privilege : OK

~ User Account Control : Deactivate by user

---\\ Internet browsers

MSIE: Internet Explorer v10.0.9200.16736

MFIE: Mozilla Firefox 12.0 (Defaut)

OBIE: Safari v5.34.57.2

---\\ Windows product information

~ Langage: Anglais

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ System protection software

Malwarebytes Anti-Malware versie 1.75.0.1300

Microsoft Security Client NL-NL Language Pack v2.0.0657.0

Windows Defender W7

---\\ System optimization software

CCleaner v3.26 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software

Adobe Flash Player 11 ActiveX

Adobe Reader XI

Java 7 Update 45

---\\ Information on the system

~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3004 MB (58% free)

System Restore: Activé (Enable)

System drive C: has 89 GB (63%) free of 141 GB

---\\ Connection to the system mode

~ Computer Name: LAURA-PC

~ User Name: Laura

~ All Users Names: Laura, HomeGroupUser$, Gast, Administrator,

~ Unselected Option: None

Logged in as Administrator

---\\ Environment variables

~ System Unit : C:\

~ %AppZHP% : C:\Users\Laura\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Laura\AppData\Roaming\

~ %Desktop% : C:\Users\Laura\Desktop\

~ %Favorites% : C:\Users\Laura\Favorites\

~ %LocalAppData% : C:\Users\Laura\AppData\Local\

~ %StartMenu% : C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units

C: Hard drive, Flash drive, Thumb drive (Free 89 Go of 141 Go)

D: Hard drive, Flash drive, Thumb drive (Free 106 Go of 141 Go)

E: CD-ROM drive (Not Inserted)

---\\ State of the Windows Security Center

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

~ Security Center: 43 Legitimates Filtered in 00mn 00s

---\\ Search Generic System Files

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 6:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.5FD4335DCD343D0FEA9FA6B18ED408D9] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.16-11-2013 - 17:30:21.) -- C:\Windows\System32\wininet.dll [1767936]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.20-11-2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]

[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14-9-2013 - 1:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 9:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 9:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 0:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 9:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12-4-2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 0:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-7-2009 - 0:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 0:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 9:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]

[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]

~ Generic Processes: Scanned in 00mn 00s

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 1/92

~ Mes musiques (My Musics) : 1/320

~ Mes Favoris (My Favorites) : 1/107

~ Mes Documents (My Documents) : 2/199

~ Mon Bureau (My Desktop) : 2/43

~ Menu demarrer (Programs) : 1/66

~ Hidden Files: Scanned in 00mn 00s

---\\ Process running

[MD5.06F7D67EC4D15F11A2923268BAA937D3] - (...) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [300912] [PID.3020]

[MD5.A46796CCF032D35720347262998D1F90] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [835072] [PID.3324]

[MD5.E3735DC796E5183D63F35921B058934C] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800] [PID.2544]

[MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [91136] [PID.2072]

[MD5.091A0924AC02AE0A04F3D03BCCDE2712] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2246144] [PID.2844]

[MD5.F2F3617C63B87AA2DE139DC9E37420B5] - (.Intel Corporation - igfxext Module.) -- C:\windows\system32\igfxext.exe [179224] [PID.232]

[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [266776] [PID.2836]

[MD5.97101B7CCCFA2BDFEFC2E0B84205D144] - (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864] [PID.4040]

[MD5.E37EA88F25B7CB5831A5B3C60F53DEED] - (.No owner - ScanToPc MFC Application.) -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe [495616] [PID.1124]

[MD5.2110F60508EA102B5B4B85A9307C34E5] - (.Hewlett-Packard Company - hppfaxprintersrv.) -- C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [2453504] [PID.2280]

[MD5.D51F9443E97EE4546685591E8FC66646] - (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe [24576] [PID.3984]

[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.4080]

[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.3036]

[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3724]

[MD5.B2387FD351A3D4780A917E4C00A83310] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.2364]

[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3704]

[MD5.D9335549EAE48B14FB66EFCB6FFAE736] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [214360] [PID.1936]

[MD5.273653EE7F9201F31834A9E6C5CDCF62] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe [29769432] [PID.3148]

[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\windows\system32\wuauclt.exe [53784] [PID.1204]

[MD5.4F69AABB5D82AA4EF6DFF7871212ADF6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924600] [PID.3308]

[MD5.8FCF9BFFCA49923C504C4BFE8378BF8A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8220160] [PID.3956]

~ Processes Running: Scanned in 00mn 01s

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\fjndoxwb.default\prefs.js

M3 - MFPP: Plugins - [Laura] -- C:\Program Files\Mozilla FireFox\searchplugins\bolcom-nl.xml

M3 - MFPP: Plugins - [Laura] -- C:\Program Files\Mozilla FireFox\searchplugins\marktplaats-nl.xml

M3 - MFPP: Plugins - [Laura] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-nl.xml

~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)

O1 - Hosts: 10.0.0.17 NPI03217F

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 22

---\\ Other User Links (O4)

O4 - GS\Desktop [Public]: Aangifte voor buitenlandse belastingplichtigen 2011.lnk . (.Belastingdienst - Aangifte voor buitenlandse belastingplichti.) -- C:\Program Files\Belastingdienst\Aangifte voor buitenlandse belastingplichtigen\2011\ca2011.exe

O4 - GS\Desktop [Public]: Aangifte voor buitenlandse belastingplichtigen 2012.lnk . (.Belastingdienst - Aangifte voor buitenlandse belastingplichti.) -- C:\Users\Laura\Desktop\2012\ca2012.exe

O4 - GS\Desktop [Public]: Juffrouwblom.com Taal voor kleuters Thuis.lnk . (.Muiswerk Educatief - No Comment.) -- C:\muiswerk\thuis\Mk3.exe

O4 - GS\Desktop [Public]: Juffrouwblom.com TCD 19 Begrijpend Lezen Thuis.lnk . (.Muiswerk Educatief - No Comment.) -- C:\muiswerk\thuis\Mk3.exe

O4 - GS\Desktop [Public]: Juffrouwblom.com Woordkennis voor kleuters Thuis.lnk . (.Muiswerk Educatief - No Comment.) -- C:\muiswerk\thuis\Mk3.exe

O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - GS\Desktop [Public]: WoordenSTART Thema 5.lnk . (.AmbraSoft - WoordenSTART Schoolmenu.) -- C:\Program Files\WoordenSTART Thuis\thema 5\Programma\wsschlmenu.exe

O4 - GS\Program [Public]: I.R.I.S. OCR-registratie.lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files\HP\IrisOCR_12.3.4.0\regipe.exe

O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

O4 - GS\QuickLaunch [Laura]: Apple Safari.lnk . (...) -- C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

O4 - GS\QuickLaunch [Laura]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch [Laura]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - GS\TaskBar [Laura]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [Laura]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - GS\Program [Laura]: AT2.LNK . (.SACE - No Comment.) -- C:\Program Files\Auditief\at2.exe

O4 - GS\Program [Laura]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\SystemTools [Laura]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\SendTo [Laura]: Cool Edit.lnk . (.Syntrillium Software Corporation - Cool Edit 2000.) -- C:\Program Files\Cool2000\cool2000.exe

O4 - GS\Desktop [Laura]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Desktop [Laura]: Silvain - Snelkoppeling.lnk . (...) -- C:\Users\Laura\Documents\Silvain

~ Global Startup: 76 Legitimates Filtered in 00mn 09s

---\\ Auto loading programs from Registry and folders (O4)

O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co

O4 - GS\Startup [Laura]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [indexSearch] . (.ScanSoft, Inc. - PaperPort IndexSearch.) -- C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [3170 Scan2PC] . (.No owner - ScanToPc MFC Application.) -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

O4 - HKLM\..\Run: [HP Color LaserJet CM2320 MFP Series Fax] . (.Hewlett-Packard Company - hppfaxprintersrv.) -- C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe

O4 - HKLM\..\Run: [HPUsageTracking] . (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe

O4 - HKLM\..\Run: [ToolboxFX] . (.Hewlett-Packard Company - HPTLBXFX.) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co

O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe

O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

~ Application: Scanned in 00mn 00s

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

~ Objets ActiveX: Scanned in 00mn 00s

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{C8CF49E1-D098-4464-82FB-02E5C57802E8}: DhcpNameServer = 195.130.130.131 195.130.131.131

O17 - HKLM\System\CCS\Services\Tcpip\..\{CCF363E7-6B40-4746-B7A3-88D79E98B1C9}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{CCF363E7-6B40-4746-B7A3-88D79E98B1C9}: DhcpDomain = lan

O17 - HKLM\System\CS1\Services\Tcpip\..\{C8CF49E1-D098-4464-82FB-02E5C57802E8}: DhcpNameServer = 195.130.130.131 195.130.131.131

O17 - HKLM\System\CS1\Services\Tcpip\..\{CCF363E7-6B40-4746-B7A3-88D79E98B1C9}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{CCF363E7-6B40-4746-B7A3-88D79E98B1C9}: DhcpDomain = lan

O17 - HKLM\System\CS2\Services\Tcpip\..\{C8CF49E1-D098-4464-82FB-02E5C57802E8}: DhcpNameServer = 195.130.130.131 195.130.131.131

O17 - HKLM\System\CS2\Services\Tcpip\..\{CCF363E7-6B40-4746-B7A3-88D79E98B1C9}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{CCF363E7-6B40-4746-B7A3-88D79E98B1C9}: DhcpDomain = lan

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.131 195.130.131.131

~ Domain: Scanned in 00mn 00s

---\\ Extra protocols (O18)

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML-viewer.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Task Planned Automatically (039)

[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{C8727CB2-A962-4927-885D-8AB457D30149}] (...) -- E:\Setup.exe (.not file.) [0]

~ Scheduled Task: 12 Legitimates Filtered in 00mn 06s

---\\ Software installed (O42)

O42 - Logiciel: 1000Word - (...) [HKLM] -- 1000WordDeinstKey

O42 - Logiciel: Aangifte voor buitenlandse belastingplichtigen 2011 - (.Belastingdienst.) [HKLM] -- Aangifte voor buitenlandse belastingplichtigen 2011

O42 - Logiciel: Aangifte voor buitenlandse belastingplichtigen 2012 - (.Belastingdienst.) [HKLM] -- Aangifte voor buitenlandse belastingplichtigen 2012

O42 - Logiciel: Auditieve Training 2.2 - (...) [HKLM] -- ST6UNST #1

O42 - Logiciel: ClearSea - (.Mirial.) [HKLM] -- {B12A4529-0FCF-4D9B-BCAE-88E625D3A336}

O42 - Logiciel: EDUROM Klanken en rijmen - (...) [HKLM] -- EDUROM Klanken en rijmen

O42 - Logiciel: EDUROM Luistervaardigheid - (...) [HKLM] -- EDUROM Luistervaardigheid

O42 - Logiciel: EDUROM Werkwoordspelling - (...) [HKLM] -- EDUROM Werkwoordspelling

O42 - Logiciel: EDUROM Woordenschat en dictee - (.A.W Bruna MultiMedia.) [HKLM] -- {B8A1C988-7394-41B0-B7AE-48769D01F90A}

O42 - Logiciel: Flits 3 - (.NIB Software.) [HKLM] -- Flits 3_is1

O42 - Logiciel: Flits 3 - (.NIB Software.) [HKLM] -- Update Flits 3 (p)_is1

O42 - Logiciel: QuickVoice Sync - (.nFinity.) [HKLM] -- {5021DBA5-81AF-4AE9-81DE-DD43FA0D8C94}

O42 - Logiciel: TCD 19 Begrijpend Lezen - (...) [HKLM] -- Juffrouwblom.com_CD519

O42 - Logiciel: Taal voor kleuters - (...) [HKLM] -- Juffrouwblom.com_CD001

O42 - Logiciel: Voice Profiler 5.0 USB - (...) [HKLM] -- Voice Profiler 5.0 USB

O42 - Logiciel: Woordenhaai 3.06 - (.Mr. Woto bv.) [HKLM] -- {8D6C5809-1A06-4209-BCC0-9BC634A1B41E}

O42 - Logiciel: Woordkennis voor kleuters - (...) [HKLM] -- Juffrouwblom.com_CD077

O42 - Logiciel: eLogoBase Connect - 1 - (.eLogoBase.) [HKCU] -- 5dac03cf4f2720e6

~ Logic: 161 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\YahooPartnerToolbar]

[HKLM\Software\A.W. Bruna Uitgevers B.V.]

[HKLM\Software\ASK]

[HKLM\Software\Halloween]

[HKLM\Software\Mirial]

[HKLM\Software\Mr. Woto bv]

[HKLM\Software\Polycom]

[HKLM\Software\woordenhaai]

~ Key Software: 178 Legitimates Filtered in 00mn 01s

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 15-6-2010 - 0:34:26 - [174,070] ----D C:\Program Files\Auditief

O43 - CFD: 15-3-2012 - 21:37:21 - [7,448] ----D C:\Program Files\Belastingdienst

O43 - CFD: 13-10-2011 - 18:17:26 - [51,287] ----D C:\Program Files\ClearSea

O43 - CFD: 14-6-2010 - 22:23:55 - [13,194] ----D C:\Program Files\Cool2000

O43 - CFD: 27-6-2012 - 15:04:57 - [0,009] ----D C:\Program Files\Halloween

O43 - CFD: 22-8-2012 - 17:41:43 - [8,738] ----D C:\Program Files\nFinity

O43 - CFD: 2-7-2013 - 14:44:57 - [143,811] ----D C:\Program Files\WoordenSTART Thuis

O43 - CFD: 15-7-2010 - 11:19:10 - [0,002] ----D C:\ProgramData\NDUhO2Zs80TQy6

O43 - CFD: 14-6-2010 - 18:27:06 - [0,001] ----D C:\ProgramData\Partner

O43 - CFD: 10-7-2013 - 15:12:56 - [0] ----D C:\Users\Laura\AppData\Roaming\Belastingdienst

O43 - CFD: 22-8-2012 - 17:41:01 - [0] ----D C:\Users\Laura\AppData\Roaming\nFinity

O43 - CFD: 15-7-2010 - 11:19:21 - [0] ----D C:\Users\Laura\AppData\Roaming\SprintPDF

O43 - CFD: 25-11-2010 - 18:01:34 - [11,737] ----D C:\Users\Laura\AppData\Local\{9A51B9F7-E6AF-4C55-9C1E-E02A701F9C0C}

O43 - CFD: 14-6-2010 - 23:22:21 - [0,001] ----D C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eLogoBase

~ Program Folder: 182 Legitimates Filtered in 00mn 13s

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.B6237507942296095D4A37EEA8540F79] - 16-11-2013 - 16:56:41 ---A- . (...) -- C:\Windows\win.ini [595]

O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 16-11-2013 - 17:30:20 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]

O44 - LFC:[MD5.928917C0B73F53B5385F27AC894933C5] - 16-11-2013 - 17:33:16 ---A- . (...) -- C:\Windows\IE10_main.log [11688]

~ Files: 228 Legitimates Filtered in 00mn 20s

---\\ Last files created in Windows Prefetcher (O45)

O45 - LFCP:[MD5.F8C7E46EF4AA976A73D9C271E702054E] - 16-11-2013 - 22:11:29 ---A- - C:\Windows\Prefetch\INDEXSEARCH.EXE-A6ECE653.pf

O45 - LFCP:[MD5.BDAA7CAF858B33ACAACE1F3E279EB529] - 16-11-2013 - 22:11:40 ---A- - C:\Windows\Prefetch\HPPFAXPRINTERSRV.EXE-1621A9AB.pf

O45 - LFCP:[MD5.9F42D2EB5F6FD00CFDF19119286A68E4] - 16-11-2013 - 22:11:50 ---A- - C:\Windows\Prefetch\SSCAN2IO.EXE-2E97E440.pf

~ Prefetcher: 73 Legitimates Filtered in 00mn 00s

---\\ MountPoints2 Shell Key (MPKS) (O51)

O51 - MPSK:{5c585a28-1d64-11e0-a952-0024545955dc}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)

O51 - MPSK:{c4aa1860-f85e-11df-9eb0-0024545955dc}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.)

O51 - MPSK:{c4aa1872-f85e-11df-9eb0-0024545955dc}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.)

O51 - MPSK:{c6c526fb-6fcb-11e0-8214-0024545955dc}\AutoRun\command. (...) -- F:\NokiaPCIA_Autorun.exe (.not file.)

~ Keys: Scanned in 00mn 00s

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.PLCMsiren"="PLCMsiren.acm" . (.Polycom, Inc. - Polycom Siren Codec for MSACM.) -- C:\Windows\System32\PLCMsiren.acm

O52 - TDSD: \Drivers32\"msacm.PLCMg729A"="PLCMg729A.acm" . (.Polycom, Inc. - Polycom G.729A Codec for MSACM.) -- C:\Windows\System32\PLCMg729A.acm

O52 - TDSD: \Drivers32\"msacm.PLCMg7221"="PLCMg7221.acm" . (.Polycom, Inc. - Polycom G.722.1 Codec for MSACM.) -- C:\Windows\System32\PLCMg7221.acm

O52 - TDSD: \Drivers32\"msacm.PLCMg719"="PLCMg719.acm" . (.Polycom, Inc. - Polycom G.719 Codec for MSACM.) -- C:\Windows\System32\PLCMg719.acm

O52 - TDSD: \drivers.desc\"PLCMsiren.acm"="Polycom Siren" . (.Polycom, Inc. - Polycom Siren Codec for MSACM.) -- C:\Windows\System32\PLCMsiren.acm

~ TDSD: 8 Legitimates Filtered in 00mn 00s

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Samsung PanelMgr [Key] . (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14-7-2009 - 2:20:28 ----- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13-7-2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

~ Drivers: 16 Legitimates Filtered in 00mn 00s

---\\ Last modified or created user files (O61)

O61 - LFC: 13-11-2013 - 22:34:35 ---A- . (...) -- C:\Users\Laura\Documents\Silvain\telenet\nov 13.pdf [999424]

O61 - LFC: 15-11-2013 - 22:34:25 ---A- . (...) -- C:\Users\Laura\AppData\Roaming\Microsoft\Handtekeningen\Laura.htm [2573]

O61 - LFC: 15-11-2013 - 22:34:25 ---A- . (...) -- C:\Users\Laura\AppData\Roaming\Microsoft\Handtekeningen\Laura.rtf [7231]

O61 - LFC: 15-11-2013 - 22:34:25 ---A- . (...) -- C:\Users\Laura\AppData\Roaming\Microsoft\Handtekeningen\Laura.txt [254]

O61 - LFC: 15-11-2013 - 22:34:35 ---A- . (...) -- C:\Users\Laura\Documents\Silvain\TIMETABEL STAG.docx [12114]

O61 - LFC: 15-11-2013 - 22:34:35 ---A- . (.SRIW.) -- C:\Users\Laura\Documents\Silvain\programma BAP STAG 2013.xls [133632]

O61 - LFC: 16-11-2013 - 22:34:28 ---A- . (...) -- C:\Users\Laura\AppData\Roaming\ZHP\Log.txt [18396] =>.Nicolas Coolman

O61 - LFC: 16-11-2013 - 22:34:28 ---A- . (...) -- C:\Users\Laura\AppData\Roaming\ZHP\TestsZHPDiag.txt [2819] =>.Nicolas Coolman

O61 - LFC: 16-11-2013 - 22:34:35 ---A- . (...) -- C:\Users\Laura\Downloads\RSIT.exe [781383]

O61 - LFC: 16-11-2013 - 22:34:35 ---A- . (.Laura.) -- C:\Users\Laura\Documents\Test voor het opslaan van een Word document.doc [24064]

O61 - LFC: 16-11-2013 - 22:34:37 ---A- . (...) -- C:\Users\Laura\Links\Desktop.lnk [483]

O61 - LFC: 16-11-2013 - 22:34:37 ---A- . (...) -- C:\Users\Laura\Links\Downloads.lnk [882]

O61 - LFC: 16-11-2013 - 22:34:37 ---A- . (...) -- C:\Users\Laura\Links\RecentPlaces.lnk [367]

~ 52 Fichiers temporaires (Temporary files)

~ Files: 139 Legitimates Filtered in 01mn 36s

---\\ List all tools cleaner (LATC) (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: RSIT - (.random/random.)

~ ADS: Scanned in 00mn 00s

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe

~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

~ Keys: Scanned in 00mn 00s

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.7AF4FC856FEE483FD31921A43A1776DC] [sPRF][20-11-2011] (...) -- C:\ProgramData\ezsidmv.dat [48]

[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [sPRF][17-8-2009] (...) -- C:\ProgramData\FullRemove.exe [131368]

[MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][17-6-2010] (...) -- C:\Program Files\error.dat [0]

~ Files: 6 Legitimates Filtered in 00mn 00s

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "TCP Query User{CF245F32-E201-4F41-9BE3-1AD91BA7A40D}C:\program files\clearsea\bin\clearsea.exe" | In - Private - P6 - TRUE | .(.Mirial - Softphone.) -- C:\program files\clearsea\bin\clearsea.exe

O87 - FAEL: "UDP Query User{44E9D97E-A695-4871-A9CB-2C156FBF780B}C:\program files\clearsea\bin\clearsea.exe" | In - Private - P17 - TRUE | .(.Mirial - Softphone.) -- C:\program files\clearsea\bin\clearsea.exe

O87 - FAEL: "{9857DB88-ACAE-41F1-B26A-0064C4D46ABE}" | In - Public - P17 - TRUE | .(.Mirial - Softphone.) -- C:\program files\clearsea\bin\clearsea.exe

O87 - FAEL: "{8AB89AA1-3110-4A46-9C21-426ECFA9CEA7}" | In - Public - P6 - TRUE | .(.Mirial - Softphone.) -- C:\program files\clearsea\bin\clearsea.exe

~ Firewall: 243 Legitimates Filtered in 00mn 02s

---\\ Product Upgrade Codes (PUC) (O90)

O90 - PUC: "9254A21BFCF0B9D4CBEA886E523D3A63" . (.ClearSea.) -- C:\windows\Installer\{B12A4529-0FCF-4D9B-BCAE-88E625D3A336}\ClearSea.ico

O90 - PUC: "DD177294A14603B46880837AE37C0D55" . (.WoordenSTART Thuis Thema 5.) -- C:\windows\Installer\{492771DD-641A-4B30-8608-38A73EC7D055}\ARPPRODUCTICON.exe

~ Update Products: 110 Legitimates Filtered in 00mn 00s

---\\ Windows Installer Scan (WIS) (O93) (NTFS)

[MD5.01ABC91CB8FB377832916408F0FAA573] [WIS][25-7-2007] (.DeviceManagementQFolder - DeviceManagementQFolder.) -- C:\Windows\Installer\12411b1.msi [124928]

[MD5.40F3214A6E512208E5713525861F0CBA] [WIS][25-7-2007] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\12411d3.msi [124928]

[MD5.8045BAB577E62B5F1C4B536C100DF7E5] [WIS][22-8-2012] (.nFinity - QuickVoice Sync.) -- C:\Windows\Installer\25c1794.msi [151552]

[MD5.2B6C0C5DA13BFECE206EC6E79C09B4E7] [WIS][13-10-2011] (.Mirial Surl - Mirial Softphone Installer.) -- C:\Windows\Installer\3c7715e.msi [24813568]

~ WIS: 111 Legitimates Filtered in 00mn 13s

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 11-5-2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

SS - | Demand 9-10-2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 7-9-2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 30-8-2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SS - | Auto 25-10-2010 145920 | (HP LaserJet Service) . (.HP.) - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

SR - | Demand 14-7-2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 14-7-2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Demand 14-11-2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

SR - | Demand 17-9-2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SS - | Demand 16-11-2013 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 14-7-2009 20992 | C:\windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 14-7-2009 20992 | C:\windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 7-7-2009 247152 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

SS - | Auto 13-7-2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 21-5-2010 173352 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

SS - | Demand 14-7-2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 14-7-2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 14s

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by Laura at 16-11-2013 22:35:22

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll

C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 nt!IofCallDriver[0x8347DFC6] >> \Device\Harddisk0\DR0[0x8717B030]

kernel: MBR read successfully

user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, PC Helpforum - Gratis hulp bij computer problemen

Run by Laura at 16-11-2013 22:35:24

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

---\\ Scan Additionnel (O88)

Database Version : 12995 - (16-11-2013)

Clés trouvées (Keys found) : 12

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 1

Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype

[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype

[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype

[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype

[HKLM\Software\Classes\Installer\Features\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent

[HKLM\Software\Classes\Installer\Products\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{981029E0-7FC9-4CF3-AB39-6F133621921A}] =>Toolbar.Agent

[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy

C:\ProgramData\Partner =>Spyware.Partner

~ Additionnel Scan: 329746 Items scanned in 00mn 21s

---\\ Summary of the detections found on your workstation

~ Adware.MapsGalaxy - Malicius Software Information =>Adware.MapsGalaxy

~ Spyware.Partner - Malicius Software Information =>Spyware.Partner

~ MSI: 2 link(s) detected in 00mn 21s

~ 1761 Legitimates filtered by white list

End of the scan (543 lines in 04mn 02s)(0)

Link naar reactie
Delen op andere sites

Ik neem aan de je de legitieme toolbar van Skype wil houden ?

Start ZHPFix opnieuw.

Kopieer de tekst in het code-veld volledig:

Script ZHPFix 
[HKLM\Software\Classes\Installer\Features\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent
[HKLM\Software\Classes\Installer\Products\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{981029E0-7FC9-4CF3-AB39-6F133621921A}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy
C:\ProgramData\Partner =>Spyware.Partner
shortcutfix
emptytemp
emptyflash
emptyjava

Dubbelklik de snelkoppeling: ZHPFix

Druk op de button "Import"

Druk daarna onderaan op de knop "Go".

De fix zal beginnen post het resultaat ZPHFix[r2].txt

Link naar reactie
Delen op andere sites

Ja de toolbar van skype mag behouden blijven. Hier het gevraagde logje ;-)

Rapport de ZHPFix 2013.11.14.5 par Nicolas Coolman, Update du 14/11/2013

Fichier d'export Registre :

Run by Laura at 17-11-2013 18:58:46

High Elevated Privileges : OK

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Papierkorb geleert (00mn 10s)

Reparatur von Browser-Verknüpfungen

========== Registry-Schlüssel ==========

ENTFERNT: HKLM\Software\Classes\Installer\Features\0E9201899CF73FC4BA93F631631229A1

ENTFERNT: HKLM\Software\Classes\Installer\Products\0E9201899CF73FC4BA93F631631229A1

ENTFERNT: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0E9201899CF73FC4BA93F631631229A1

ENTFERNT: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{981029E0-7FC9-4CF3-AB39-6F133621921A}

ENTFERNT: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}

========== Ordner ==========

ENTFERNT: c:\programdata\partner

Löscht temporäre Windows (35)

Flash-Cookies entfernt (0)

========== Dateien ==========

Löscht temporäre Windows (100) (100.408.058 octets)

Flash-Cookies entfernt (0) (0 octets)

========== Andere ==========

VERTRAG emptyjava

========== Zusammenfassung ==========

5 : Registry-Schlüssel

3 : Ordner

2 : Dateien

1 : Andere

End of clean in 00mn 12s

========== Pfad zu Datei-Bericht ==========

C:\Users\Laura\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17-11-2013 18:58:56 [1354]

Link naar reactie
Delen op andere sites

Je mag de gebruikte tools weer verwijderen.

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.