[OPGELOST] Spyware

[Samuel_Belgium]

Ik krijg altijd deze foutmelding:

Ik heb al met een aantal programma's gescant, maar hij vindt niets.

Wie kan mij helpen, want het is wel heel lastig. Ik heb HijackThis op mijn pc staan, maar kan het niet openen :s

[kape]

Kan je iets downloaden ? Probeer dan eerst met Malwarebytes.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

En probeer dan opnieuw of je HiJackThis aan de praat krijgt.

Plak de inhoud van het logje van MBAM in je volgende bericht, samen met een nieuw HijackThis log (indien dit gelukt is).

[Samuel_Belgium]

Heb het al weg gekregen met een programmake. En kan terug HiJackThis opstarten, en heb een logje gemaakt:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:51:50, on 21/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Family Safety\fssui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Advanced System Optimizer\wallpaper.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Adobe Media Player\Adobe Media Player.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Avant Browser\avant.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [sDFix] K:\SDFIX\RUNTHIS.BAT /second

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide

O4 - HKCU\..\Run: [systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220188919921

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220203462546

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--

End of file - 10464 bytes

[kape]

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -

Klik op 'Fix checked' om de items te verwijderen.

En laat dan die Malwarebytes nu eens runnen !

[Samuel_Belgium]

Ik kan Malwarebytes niet installeren, heb nog een log van Silent Runners. Kweetnie of je er iets mee bent ?

"Silent Runners.vbs", revision 58, Silent Runners - Adware? Disinfect, don't reformat!

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Nokia.PCSync" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ["Time Information Services Ltd."]

"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"]

"CTSyncU.exe" = ""C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"" [empty string]

"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]

"Eraser" = "C:\Program Files\Eraser\Eraser.exe -hide" ["The Eraser Project"]

"Systweak Wallpaper Changer" = "C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize" ["Systweak Inc"]

"AdobeUpdater" = ""C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"nTrayFw" = "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" ["NVIDIA Corporation"]

"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]

"SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Control Center" = "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" ["ASUSTeK COMPUTER INC."]

"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]

"fssui" = ""C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun" [MS]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" ["Apple Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"SBCSTray" = "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" ["Sunbelt Software"]

"SDFix" = "K:\SDFIX\RUNTHIS.BAT /second" [file not found]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

{7790769C-0471-11d2-AF11-00C04FA35D02}\(Default) = "Adresboek 6"

\StubPath = ""C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"

-> {HKLM...CLSID} = "IE Microsoft AutoComplete"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

-> {HKLM...CLSID} = "Groove Folder Synchronization"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

-> {HKLM...CLSID} = "Groove XML Icon Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mijn Gedeelde mappen"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"

-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll" ["Nokia"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{24849E2F-0A86-40CD-A62A-B12F161882DB}" = "ZEN V Series Media Explorer"

-> {HKLM...CLSID} = "ZEN V Series Media Explorer"

\InProcServer32\(Default) = "C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll" ["Creative Technology Ltd"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

-> {HKLM...CLSID} = "TuneUp Theme Extension"

\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]

"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"| [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

<<!>> RegCompact\DLLName = "RegCompact.dll" ["AMUST Software"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-ZIP\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"

-> {HKLM...CLSID} = "CtMtpContextMenu Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-ZIP\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"

-> {HKLM...CLSID} = "CtMtpContextMenu Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS3ImportMediaOnArrival\

"Provider" = "Adobe Bridge CS3"

"InvokeProgID" = "Adobe.adobebridge"

"InvokeVerb" = "launch"

HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

CTMTPHandler\

"Provider" = "Creative Media Explorer"

"ProgID" = "CTMtpAut.CTMtpEventHandler"

"InitCmdLine" = "OrganizeUsingZME"

HKLM\SOFTWARE\Classes\CTMtpAut.CTMtpEventHandler\CLSID\(Default) = "{9F40AC21-F4D1-477C-AC95-7A935224220F}"

-> {HKLM...CLSID} = "CTMtpEventHandler Class"

\LocalServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CTMtpAut.exe" ["Creative Technology Ltd."]

CTPlayAudioOnArrivalu\

"Provider" = "Creative MediaSource 5 Player"

"InvokeProgID" = "CTAutoPLu.AudioCDPlayer.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\CTAutoPLu.AudioCDPlayer.1\shell\open\command\(Default) = ""C:\Program Files\Creative\MediaSource5\CTCMSu.exe" /T=CLASSKEY_AudioCD IN %L PlayNow" ["Creative Technology Ltd"]

CTPlayMusicFilesOnArrivalu\

"Provider" = "Creative MediaSource 5 Player"

"InvokeProgID" = "CTAutoPLu.MusicFilesPlayer.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\CTAutoPLu.MusicFilesPlayer.1\shell\open\command\(Default) = ""C:\Program Files\Creative\MediaSource5\CTCMSu.exe" /Organizer" ["Creative Technology Ltd"]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSLivePhotoAcqHWEventHandler\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"

"InitCmdLine" = "WLXVideoAcquireWizard"

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"

-> {HKLM...CLSID} = "WLXWEventHandler Class"

\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

NMMPlayCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMPlayCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]

NMMRipCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMRipCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]

VLCPlayCDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.CDAudio"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.DVDMovie"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Startup items in "Samuel" & "All Users" startup folders:

--------------------------------------------------------

C:\Documents and Settings\Samuel\Menu Start\Programma's\Opstarten

"Adobe Media Player" -> shortcut to: "C:\Program Files\Adobe Media Player\Adobe Media Player.exe" [null data]

"OneNote 2007 Schermopname en Snel starten" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

"Bluetooth Manager" -> shortcut to: "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe" [null data]

Enabled Scheduled Tasks:

------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" ["TuneUp Software GmbH"]

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SYSTEMROOT%\system32\nvappfilter.dll ["NVIDIA"], 01 - 03, 09

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{32099AAC-C132-4136-9E9A-4E364A424E17}"

-> {HKLM...CLSID} = "DAEMON Tools Toolbar"

\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided)

-> {HKLM...CLSID} = "DAEMON Tools Toolbar"

\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Onderzoeken"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Verzenden naar OneNote"

"MenuText" = "Verz&enden naar OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]

Bonjour-service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]

ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe" [empty string]

ForceWare IP service, nSvcIp, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe" ["NVIDIA Corporation"]

ForceWare user log service, nSvcLog, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe" ["NVIDIA"]

Forceware Web Interface, ForcewareWebInterface, ""C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice" ["Apache Software Foundation"]

iPod-service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

Mobiel Apple apparaat, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]

Spyware Terminator Realtime Shield Service, sp_rssrv, ""C:\Program Files\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"]

Sunbelt CounterSpy Antispyware, SBCSSvc, ""C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe"" ["Sunbelt Software"]

TuneUp Thema-uitbreiding, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

Windows Live OneCare Family Safety, fsssvc, ""C:\Program Files\Windows Live\Family Safety\fsssvc.exe"" [MS]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."]

---------- (launch time: 2008-11-21 21:24:47)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 25 seconds, including 3 seconds for message boxes)

[Samuel_Belgium]

Ik kan Malwarebytes niet installeren, heb nog een log van Silent Runners. Kweetnie of je er iets mee bent ?

"Silent Runners.vbs", revision 58, Silent Runners - Adware? Disinfect, don't reformat!

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Nokia.PCSync" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog" ["Time Information Services Ltd."]

"PC Suite Tray" = ""C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray" ["Nokia"]

"CTSyncU.exe" = ""C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"" [empty string]

"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]

"Eraser" = "C:\Program Files\Eraser\Eraser.exe -hide" ["The Eraser Project"]

"Systweak Wallpaper Changer" = "C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize" ["Systweak Inc"]

"AdobeUpdater" = ""C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"nTrayFw" = "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" ["NVIDIA Corporation"]

"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]

"SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Control Center" = "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" ["ASUSTeK COMPUTER INC."]

"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]

"fssui" = ""C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun" [MS]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" ["Apple Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"SBCSTray" = "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" ["Sunbelt Software"]

"SDFix" = "K:\SDFIX\RUNTHIS.BAT /second" [file not found]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

{7790769C-0471-11d2-AF11-00C04FA35D02}\(Default) = "Adresboek 6"

\StubPath = ""C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"

-> {HKLM...CLSID} = "IE Microsoft AutoComplete"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

-> {HKLM...CLSID} = "Groove Folder Synchronization"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

-> {HKLM...CLSID} = "Groove XML Icon Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mijn Gedeelde mappen"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"

-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll" ["Nokia"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{24849E2F-0A86-40CD-A62A-B12F161882DB}" = "ZEN V Series Media Explorer"

-> {HKLM...CLSID} = "ZEN V Series Media Explorer"

\InProcServer32\(Default) = "C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll" ["Creative Technology Ltd"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

-> {HKLM...CLSID} = "TuneUp Theme Extension"

\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]

"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"| [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

<<!>> RegCompact\DLLName = "RegCompact.dll" ["AMUST Software"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-ZIP\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"

-> {HKLM...CLSID} = "CtMtpContextMenu Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-ZIP\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"

-> {HKLM...CLSID} = "CtMtpContextMenu Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"

-> {HKLM...CLSID} = "Eraser Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS3ImportMediaOnArrival\

"Provider" = "Adobe Bridge CS3"

"InvokeProgID" = "Adobe.adobebridge"

"InvokeVerb" = "launch"

HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

CTMTPHandler\

"Provider" = "Creative Media Explorer"

"ProgID" = "CTMtpAut.CTMtpEventHandler"

"InitCmdLine" = "OrganizeUsingZME"

HKLM\SOFTWARE\Classes\CTMtpAut.CTMtpEventHandler\CLSID\(Default) = "{9F40AC21-F4D1-477C-AC95-7A935224220F}"

-> {HKLM...CLSID} = "CTMtpEventHandler Class"

\LocalServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CTMtpAut.exe" ["Creative Technology Ltd."]

CTPlayAudioOnArrivalu\

"Provider" = "Creative MediaSource 5 Player"

"InvokeProgID" = "CTAutoPLu.AudioCDPlayer.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\CTAutoPLu.AudioCDPlayer.1\shell\open\command\(Default) = ""C:\Program Files\Creative\MediaSource5\CTCMSu.exe" /T=CLASSKEY_AudioCD IN %L PlayNow" ["Creative Technology Ltd"]

CTPlayMusicFilesOnArrivalu\

"Provider" = "Creative MediaSource 5 Player"

"InvokeProgID" = "CTAutoPLu.MusicFilesPlayer.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\CTAutoPLu.MusicFilesPlayer.1\shell\open\command\(Default) = ""C:\Program Files\Creative\MediaSource5\CTCMSu.exe" /Organizer" ["Creative Technology Ltd"]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSLivePhotoAcqHWEventHandler\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"

"InitCmdLine" = "WLXVideoAcquireWizard"

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"

-> {HKLM...CLSID} = "WLXWEventHandler Class"

\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

NMMPlayCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMPlayCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]

NMMRipCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMRipCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]

VLCPlayCDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.CDAudio"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.DVDMovie"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Startup items in "Samuel" & "All Users" startup folders:

--------------------------------------------------------

C:\Documents and Settings\Samuel\Menu Start\Programma's\Opstarten

"Adobe Media Player" -> shortcut to: "C:\Program Files\Adobe Media Player\Adobe Media Player.exe" [null data]

"OneNote 2007 Schermopname en Snel starten" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

"Bluetooth Manager" -> shortcut to: "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe" [null data]

Enabled Scheduled Tasks:

------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" ["TuneUp Software GmbH"]

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SYSTEMROOT%\system32\nvappfilter.dll ["NVIDIA"], 01 - 03, 09

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{32099AAC-C132-4136-9E9A-4E364A424E17}"

-> {HKLM...CLSID} = "DAEMON Tools Toolbar"

\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided)

-> {HKLM...CLSID} = "DAEMON Tools Toolbar"

\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Onderzoeken"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Verzenden naar OneNote"

"MenuText" = "Verz&enden naar OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]

Bonjour-service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]

ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe" [empty string]

ForceWare IP service, nSvcIp, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe" ["NVIDIA Corporation"]

ForceWare user log service, nSvcLog, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe" ["NVIDIA"]

Forceware Web Interface, ForcewareWebInterface, ""C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice" ["Apache Software Foundation"]

iPod-service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

Mobiel Apple apparaat, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]

Spyware Terminator Realtime Shield Service, sp_rssrv, ""C:\Program Files\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"]

Sunbelt CounterSpy Antispyware, SBCSSvc, ""C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe"" ["Sunbelt Software"]

TuneUp Thema-uitbreiding, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

Windows Live OneCare Family Safety, fsssvc, ""C:\Program Files\Windows Live\Family Safety\fsssvc.exe"" [MS]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."]

---------- (launch time: 2008-11-21 21:24:47)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 25 seconds, including 3 seconds for message boxes)

[kape]

SDFix gebruikt, zie ik. Welke andere programma's heb je ondertussen nog laten bollen om je probleem op te lossen ? Gewoon om een idee te krijgen wat er al gebeurd is ? Want zo zonder info is het een beetje gokken geblazen.

Probeer alvast eens of je ook Combofix kan downloaden.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[Samuel_Belgium]

Ik kan Combofix niet downloaden, heb het dan maar gedownload op een andere computer en geprobeerd het te starten, maar dat lukte ook niet. Buiten SDFix heb ik ook AFT Cleaner gebruikt. Ik hoop dat dit probleem opgelost kan worden.

[filkill]

En in veilige modus? (pak wel de veilige modus met netwerk verbinding)

[Samuel_Belgium]

Heb maar iets anders gezocht, ik hoop dat je hier mee wat bent.

SmitFraudFix v2.376

Scan done at 18:06:44,32, za 22/11/2008

Run from C:\Documents and Settings\Samuel\Mijn documenten\Folder

OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT

The filesystem type is

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Family Safety\fssui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Advanced System Optimizer\wallpaper.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Adobe Media Player\Adobe Media Player.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avant Browser\avant.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samuel

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Samuel\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samuel\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Samuel\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Mijn huidige introductiepagina"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

C:\WINDOWS\system32\drivers\beep.sys infected !

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ASUS USB Wireless Network Adapter - Pakketplanner-minipoort

DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{80BC753B-C343-4364-81AB-203A5AB04094}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{80BC753B-C343-4364-81AB-203A5AB04094}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{80BC753B-C343-4364-81AB-203A5AB04094}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End