Mededeling

Collapse
No announcement yet.

Pop ups en Rode Achtergrond "Your privacy is in danger

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Pop ups en Rode Achtergrond "Your privacy is in danger

    Hallo ,

    Wie kan mij helpen met dit probleem.
    Het is erg hardnekkig.

    Hier volgt mijn HijackThis file :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:45:35, on 3-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\Program Files\Hitman Pro\srhelper.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Janco\Mijn documenten\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmeter.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ekxdvft - {E5CBFDFA-6B88-4C04-AC4C-C6875D808503} - C:\WINDOWS\ekxdvft.dll (file missing)
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Automatisch EPSON Stylus DX4800 Series op CK701930-A] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" /P52 "Automatisch EPSON Stylus DX4800 Series op CK701930-A" /O32 "\\CK701930-A\Epson printer boven" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Hitman Pro\surfright.exe" "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Automatisch EPSON Stylus DX4800 Series op CK701930-A] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" /P52 "Automatisch EPSON Stylus DX4800 Series op CK701930-A" /M "Stylus DX4800" /EF "HKCU"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova_old/pano/prog/rundum.7.0.2.0.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.nl/online/online2/bejeweled2/popcaploader_v10.cab
    O21 - SSODL: bgrlsmn - {F4DA41B6-2642-4991-A640-38A4B307268B} - C:\WINDOWS\bgrlsmn.dll (file missing)
    O21 - SSODL: adsoowf - {1CFF2A4A-D07A-4585-B889-ED475759E92F} - C:\WINDOWS\adsoowf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 10826 bytes


    Ik hoop dat jullie mij kunnen helpen

    alvast bedankt voor de moeite


    Janco
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      Hallo Smeenk,

      Bedankt voor de snelle reactie !!

      Hier volgen de twee log files :

      ---RVAXO.exe Updated: 2008-02-03---first run---
      Files found:
      C:\WINDOWS\adsoowf.dll

      Uninstallers:


      Folders Found:

      C:\Program Files\MediaEntertainmentCodec
      C:\WINDOWS\privacy_danger

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------




      Deckard's System Scanner v20071014.68
      Run by Janco on 2008-02-04 07:57:14
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 4 Restore Point(s) --
      4: 2008-02-04 06:57:22 UTC - RP100 - Deckard's System Scanner Restore Point
      3: 2008-02-01 07:18:06 UTC - RP99 - Software Distribution Service 3.0
      2: 2008-02-01 07:03:54 UTC - RP98 - ComboFix created restore point
      1: 2008-02-01 07:00:37 UTC - RP97 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Janco.exe) -----------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 7:58:25, on 4-2-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\E_S00RP1.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Winamp Remote\bin\OrbTray.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Winamp Remote\bin\Orb.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Documents and Settings\Janco\Bureaublad\dss.exe
      C:\DOCUME~1\Janco\MIJNDO~1\Janco.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmeter.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
      O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
      O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Automatisch EPSON Stylus DX4800 Series op CK701930-A] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" /P52 "Automatisch EPSON Stylus DX4800 Series op CK701930-A" /O32 "\\CK701930-A\Epson printer boven" /M "Stylus DX4800"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Hitman Pro\surfright.exe" "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Automatisch EPSON Stylus DX4800 Series op CK701930-A] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" /P52 "Automatisch EPSON Stylus DX4800 Series op CK701930-A" /M "Stylus DX4800" /EF "HKCU"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova_old/pano/prog/rundum.7.0.2.0.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.nl/online/online2/bejeweled2/popcaploader_v10.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 10187 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
      R3 RT2500 (Hawking Technologies HWC54D Hi-Gain Wireless-G CardBus Card Driver) - c:\windows\system32\drivers\rt2500.sys <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 EPSON_PM_RPCV2_01 (EPSON V3 Service2(03)) - c:\windows\system32\e_s00rp1.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Status Monitor 3>

      S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
      Description: Broadcom NetXtreme Gigabit Ethernet
      Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_0890103C&REV_03\4&16793A72&0&70F0
      Manufacturer: Broadcom
      Name: Broadcom NetXtreme Gigabit Ethernet
      PNP Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_0890103C&REV_03\4&16793A72&0&70F0
      Service: b57w2k

      Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
      Description: Bluetooth LAN Access Server Driver
      Device ID: ROOT\NET\0000
      Manufacturer: WIDCOMM, Inc.
      Name: Bluetooth LAN Access Server Driver
      PNP Device ID: ROOT\NET\0000
      Service: BTWDNDIS


      -- Scheduled Tasks -------------------------------------------------------------

      2008-01-25 20:00:29 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Janco.job


      -- Files created between 2008-01-04 and 2008-02-04 -----------------------------

      2008-02-04 07:51:25 0 d-------- C:\RVAXO
      2008-02-04 07:48:14 659032 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-04 07:48:14 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-03 18:54:10 0 d-------- C:\WINDOWS\system32\LogFiles
      2008-01-31 12:41:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
      2008-01-31 12:37:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
      2008-01-28 22:43:18 0 d-------- C:\Documents and Settings\Janco\Application Data\Lavasoft
      2008-01-28 22:37:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
      2008-01-28 22:37:47 0 d-------- C:\Program Files\Webroot
      2008-01-28 22:37:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
      2008-01-28 22:37:23 164 --a------ C:\install.dat
      2008-01-28 22:37:17 0 d-------- C:\Documents and Settings\Janco\Application Data\Webroot
      2008-01-28 22:35:25 0 d-------- C:\Program Files\SpywareBlaster
      2008-01-28 20:10:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-01-28 20:10:35 0 d-------- C:\Temp
      2008-01-28 16:47:35 0 d-------- C:\Documents and Settings\Janco\Application Data\PC Tools
      2008-01-27 22:25:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-01-27 22:24:50 0 d-------- C:\Program Files\SUPERAntiSpyware
      2008-01-27 22:24:50 0 d-------- C:\Documents and Settings\Janco\Application Data\SUPERAntiSpyware.com
      2008-01-27 22:08:13 0 d-------- C:\Program Files\Enigma Software Group
      2008-01-27 21:22:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-27 20:25:26 0 d-------- C:\Program Files\Lavasoft
      2008-01-27 20:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-27 20:24:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-27 19:49:10 0 d-------- C:\WINDOWS\system32\appmgmt
      2008-01-27 19:33:50 0 d-------- C:\WINDOWS\system32\GroupPolicy
      2008-01-27 19:33:40 0 d-------- C:\Program Files\Hitman Pro
      2008-01-27 19:06:23 0 d---s---- C:\Documents and Settings\Administrator\UserData
      2008-01-27 19:05:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
      2008-01-27 19:04:40 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-01-27 19:04:40 0 dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-01-27 19:04:40 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
      2008-01-27 19:04:40 0 d-------- C:\Documents and Settings\Administrator\Favorieten
      2008-01-27 19:04:40 0 d---s---- C:\Documents and Settings\Administrator\Cookies
      2008-01-27 19:04:40 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-01-27 19:04:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
      2008-01-27 19:04:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
      2008-01-27 19:04:39 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-01-27 19:04:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
      2008-01-27 19:04:39 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-01-27 19:04:39 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
      2008-01-27 19:04:39 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-01-27 19:04:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
      2008-01-27 19:04:31 0 d--hs---- C:\WINDOWS\CSC
      2008-01-27 18:20:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-01-27 18:02:56 0 d-------- C:\Program Files\Spyware Doctor
      2008-01-27 13:03:07 0 d-------- C:\Program Files\Audacity
      2008-01-27 12:57:54 5 --a------ C:\WINDOWS\system32\SySMP3OC.dat
      2008-01-27 12:57:39 425984 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; NCT Company Ltd.; NCTAudioTransform2 ActiveX DLL>
      2008-01-27 12:57:39 315392 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
      2008-01-27 12:57:39 1871872 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
      2008-01-27 12:57:39 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
      2008-01-27 12:57:38 0 d-------- C:\Program Files\HiFisoftware
      2008-01-27 11:00:55 0 d-------- C:\Program Files\MSECache
      2008-01-27 10:44:49 0 d-------- C:\Program Files\Dnote Software
      2008-01-27 10:12:15 0 d-------- C:\Documents and Settings\Janco\Application Data\TomTom
      2008-01-27 10:12:15 0 d-------- C:\Documents and Settings\Janco\Application Data\Mozilla
      2008-01-27 10:12:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
      2008-01-27 10:11:45 0 d-------- C:\Program Files\TomTom HOME 2
      2008-01-27 10:11:24 0 d-------- C:\Documents and Settings\Janco\Application Data\InstallShield
      2008-01-26 22:37:54 0 d-------- C:\Program Files\TomTomActivation
      2008-01-07 22:29:12 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
      2008-01-07 22:29:12 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
      2008-01-07 22:29:12 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
      2008-01-07 22:29:12 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
      2008-01-07 22:29:11 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
      2008-01-07 22:29:11 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
      2008-01-07 22:29:11 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
      2008-01-07 22:29:11 0 d-------- C:\Program Files\Free Audio Pack
      2008-01-05 21:08:11 0 d-------- C:\Documents and Settings\Janco\Shared
      2008-01-05 21:08:03 0 d-------- C:\Documents and Settings\Janco\Incomplete
      2008-01-05 21:07:36 0 d-------- C:\Documents and Settings\Janco\Application Data\LimeWire
      2008-01-05 21:07:21 0 d-------- C:\Program Files\LimeWire


      -- Find3M Report ---------------------------------------------------------------

      2008-02-04 07:40:59 0 d-------- C:\Program Files\Winamp Remote
      2008-01-27 20:24:13 0 d-------- C:\Program Files\Common Files
      2008-01-27 18:21:13 459122 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-01-27 18:21:13 78060 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-01-27 12:54:07 0 d-------- C:\Documents and Settings\Janco\Application Data\GrabIt
      2008-01-27 10:11:44 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-01-25 08:36:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
      2008-01-24 22:17:17 0 d-------- C:\Program Files\Wizzl
      2008-01-24 22:16:49 0 d-------- C:\Documents and Settings\Janco\Application Data\Wizzl BV
      2007-12-28 16:46:30 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
      2007-12-28 16:10:50 0 d-------- C:\Documents and Settings\Janco\Application Data\WinTrack
      2007-12-28 16:05:36 0 d-------- C:\Program Files\WinTrack8Demo
      2007-12-19 07:54:17 0 d-------- C:\Documents and Settings\Janco\Application Data\Winamp
      2007-12-19 07:53:16 0 d-------- C:\Program Files\Winamp
      2007-12-08 07:41:44 0 d-------- C:\Program Files\Panorama-speler-innoPlus
      2007-12-06 22:17:30 0 d-------- C:\Program Files\Trivial Pursuit The 90s Deluxe
      2007-12-05 07:42:16 0 d-------- C:\Program Files\Symantec
      2007-11-29 14:11:46 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04-11-2004 17:40]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04-11-2004 17:38]
      "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [03-12-2004 12:24]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07-06-2005 20:05]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 00:11]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-09-2006 01:04]
      "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [05-09-2006 19:22]
      "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20-03-2006 16:34]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01-09-2006 14:57]
      "Automatisch EPSON Stylus DX4800 Series op CK701930-A"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [02-02-2005 05:00]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [28-11-2007 19:51]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10-10-2007 06:28]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [31-10-2007 10:19]
      "AGRSMMSG"="AGRSMMSG.exe" [19-04-2005 09:03 C:\WINDOWS\AGRSMMSG.exe]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
      "MsnMsgr"="C:\Program Files\Hitman Pro\surfright.exe" [28-01-2008 20:08]
      "Automatisch EPSON Stylus DX4800 Series op CK701930-A"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [02-02-2005 05:00]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]
      "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [23-10-2007 01:47]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2-6-2004 16:48:22]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Hawking Wireless Utility.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Hawking Wireless Utility.lnk
      backup=C:\WINDOWS\pss\Hawking Wireless Utility.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"




      -- End of Deckard's System Scanner: finished at 2008-02-04 07:59:05 ------------

      Ik hoop dat je hier wat mee kunt
      • Citaat

      Comment

      • #4
        Logjes lijken me schoon

        Doe dit nog:
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Je mag het 2e logje van Deckard's System Scanner(extra.txt) wel even ter controle posten
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X