Mededeling

Collapse
No announcement yet.

Trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan

    Hallo,

    Mijn zusje heeft via MSN rotzooi binnengehaald. Mijn virusscanner herkent het trojaans paard smalltroj. Het leidt tot instabiliteit van mijn systeem, het afsluiten werkt niet altijd meer en bij het opstarten doet 'ie altijd een schijfscan, waarbij de computer altijd wel iets vindt wat niet in de haak is...

    Mijn log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:43:00, on 1-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norman\NPF\NPFSVICE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Norman\Npm\bin\ZLH.EXE
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norman\NPF\npfmsg.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\npfmsg.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 9216 bytes


    Hartelijk dank,
    Hans

  • #2
    Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart de pc in de veilige modus.
    Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

    Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te be?indigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

    Comment


    • #3
      Is het de bedoeling dat het bestandje real.txt nog altijd op mijn computer staat, namelijk in Documents and Settings onder Hans Mulder?

      Dit zijn de logs:


      SDFix: Version 1.165

      Run by Hans Mulder on wo 02-04-2008 at 15:19

      Microsoft Windows XP [versie 5.1.2600]
      Running From: C:\SDFix

      Checking Services :


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      Checking Files :

      Trojan Files Found:

      C:\Documents and Settings\Hans Mulder\new.txt - Deleted
      C:\WINDOWS\system32\real.txt - Deleted





      Removing Temp Files

      ADS Check :



      Final Check :

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-02 15:25:31
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scanning hidden processes ...

      scanning hidden services ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      Remaining Services :



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
      "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\WINDOWS\\system32\\^^^^^.exe"="C:\\WINDOWS\\system32\\^^^^^.exe:*:Enabled:Flash Media"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      Remaining Files :


      File Backups: - C:\SDFix\backups\backups.zip

      Files with Hidden Attributes :

      Fri 16 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
      Fri 16 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
      Fri 16 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
      Fri 16 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
      Fri 16 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
      Sun 11 Jun 2006 4,789,792 ...H. --- "C:\Program Files\Picasa\setup.exe"
      Sun 16 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Fri 25 Jan 2008 34,308 A..H. --- "C:\System Volume Information\_restore{1490C98B-E813-4548-8350-6371A68AF294}\RP793\A0044064.dll"
      Fri 25 Jan 2008 34,308 A..H. --- "C:\System Volume Information\_restore{1490C98B-E813-4548-8350-6371A68AF294}\RP794\A0044108.dll"
      Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
      Wed 27 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2112b4f456fe6310ed58588b71b93f62\BIT5.tmp"
      Wed 27 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT4.tmp"
      Wed 13 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
      Fri 25 Jan 2008 34,308 ...H. --- "C:\Documents and Settings\Hans Mulder\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"

      Finished!

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:29:42, on 2-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
      C:\Program Files\Norman\Npm\Bin\Zanda.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Acer\Empowering Technology\admServ.exe
      C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Norman\NPF\NPFSVICE.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
      C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
      C:\Program Files\Norman\Nvc\bin\nvcoas.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Launch Manager\PowerKey.exe
      C:\Program Files\Launch Manager\HotkeyApp.exe
      C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\Program Files\Norman\Npm\bin\ZLH.EXE
      C:\acer\Empowering Technology\ePower\epm-dm.exe
      C:\Program Files\Launch Manager\Wbutton.exe
      C:\Program Files\Launch Manager\OSDCtrl.exe
      C:\Acer\Empowering Technology\admtray.exe
      C:\Program Files\Norman\Nvc\BIN\NIP.EXE
      C:\Program Files\Launch Manager\LaunchAp.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Norman\Nvc\bin\cclaw.exe
      C:\Program Files\Norman\NPF\npfmsg.exe
      C:\Program Files\Last.fm\LastFMHelper.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe
      O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
      O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
      O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
      O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
      O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
      O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
      O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
      O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
      O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
      O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\npfmsg.exe
      O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
      O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
      O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
      O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
      O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
      O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 9119 bytes

      Hartelijk dank!

      Hans

      Comment


      • #4
        Start Hijackthis op en kies voor 'Do a system scan only'
        Selecteer alleen de items die hieronder zijn genoemd:

        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe

        Sluit alle vensters behalve Hijackthis
        Klik op 'Fix checked' om de items te verwijderen.

        Dat bestand real.txt mag je nog verwijderen.

        Herstart de computer en post een nieuw log van hijackthis.

        Comment


        • #5
          De nieuwe log:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:45:38, on 2-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
          C:\Program Files\Norman\Npm\Bin\Zanda.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Launch Manager\PowerKey.exe
          C:\Program Files\Launch Manager\HotkeyApp.exe
          C:\Acer\Empowering Technology\eRecovery\Monitor.exe
          C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
          C:\Program Files\Norman\Npm\bin\ZLH.EXE
          C:\acer\Empowering Technology\ePower\epm-dm.exe
          C:\Program Files\Launch Manager\Wbutton.exe
          C:\Program Files\Launch Manager\OSDCtrl.exe
          C:\Acer\Empowering Technology\admtray.exe
          C:\Program Files\Norman\Nvc\BIN\NIP.EXE
          C:\Program Files\Launch Manager\LaunchAp.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Norman\NPF\npfmsg.exe
          C:\Program Files\Last.fm\LastFMHelper.exe
          C:\Acer\Empowering Technology\admServ.exe
          C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\Program Files\Norman\NPF\NPFSVICE.EXE
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
          C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
          C:\Program Files\Norman\Nvc\bin\nvcoas.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\Program Files\Norman\Nvc\bin\cclaw.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\Program Files\Mozilla Thunderbird\thunderbird.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
          O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
          O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
          O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
          O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
          O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
          O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
          O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
          O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
          O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
          O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
          O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
          O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
          O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\npfmsg.exe
          O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
          O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
          O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
          O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
          O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
          O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

          --
          End of file - 9046 bytes

          Comment


          • #6
            Ziet er weer goed uit.

            Download Java Runtime Environment (JRE) 6u5.
            • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
            • Klik op de "Download" knop aan de rechterkant.
            • Vink aan: "Accept License Agreement", en klik op Continue.
            • De pagina zal herladen.
            • Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Probleem nu opgelost?

            Comment


            • #7
              Volgens mij werkt het allemaal. Hartelijk dank!

              Comment


              • #8
                Even aan je zus doorgeven dat ze altijd eerst vraagt of het linkje dat ze via MSN krijgt ook bewust is verstuurd door een ander.

                Ik zal deze als opgelost markeren.

                Comment


                • #9
                  Zou je nog een log kunnen maken met DSS scanner:

                  Download Deckard's System Scanner naar je Bureaublad.
                  • Sluit alle toepassingen en vensters.
                  • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
                  • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
                  • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

                  Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
                  - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
                  Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
                  Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

                  Comment


                  • #10
                    Sorry voor de late reactie. De eerste log komt hier, de extra in een tweede post omdat er teveel tekens in zitten:

                    Deckard's System Scanner v20071014.68
                    Run by Hans Mulder on 2008-04-07 09:45:52
                    Computer is in Normal Mode.
                    --------------------------------------------------------------------------------

                    -- System Restore --------------------------------------------------------------

                    Successfully created a Deckard's System Scanner Restore Point.


                    -- Last 5 Restore Point(s) --
                    67: 2008-04-07 07:46:00 UTC - RP852 - Deckard's System Scanner Restore Point
                    66: 2008-04-04 16:00:31 UTC - RP851 - Software Distribution Service 3.0
                    65: 2008-04-03 08:10:25 UTC - RP850 - Installed Java(TM) 6 Update 5
                    64: 2008-04-03 08:01:22 UTC - RP849 - Removed J2SE Runtime Environment 5.0 Update 9
                    63: 2008-04-03 08:00:51 UTC - RP848 - Removed J2SE Runtime Environment 5.0 Update 8


                    -- First Restore Point --
                    1: 2008-01-21 12:59:36 UTC - RP786 - Verwijderd: Microsoft Business Solutions-Navision 4.0 SP3


                    Backed up registry hives.
                    Performed disk cleanup.



                    -- HijackThis (run as Hans Mulder.exe) -----------------------------------------

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 9:47:19, on 7-4-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\csrss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Windows Defender\MsMpEng.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
                    C:\Program Files\Norman\Npm\Bin\Zanda.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\Program Files\Launch Manager\PowerKey.exe
                    C:\Program Files\Launch Manager\HotkeyApp.exe
                    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
                    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
                    C:\Program Files\Norman\Npm\bin\ZLH.EXE
                    C:\acer\Empowering Technology\ePower\epm-dm.exe
                    C:\Program Files\Launch Manager\Wbutton.exe
                    C:\Program Files\Launch Manager\OSDCtrl.exe
                    C:\Acer\Empowering Technology\admtray.exe
                    C:\Program Files\Launch Manager\LaunchAp.exe
                    C:\Program Files\Norman\Nvc\BIN\NIP.EXE
                    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                    C:\Program Files\Messenger\msmsgs.exe
                    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Norman\NPF\npfmsg.exe
                    C:\Program Files\Last.fm\LastFMHelper.exe
                    C:\Acer\Empowering Technology\admServ.exe
                    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
                    C:\Program Files\Eset\nod32krn.exe
                    C:\Program Files\Norman\NPF\NPFSVICE.EXE
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                    C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
                    C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
                    C:\Program Files\Norman\Nvc\bin\nvcoas.exe
                    C:\WINDOWS\system32\wbem\wmiprvse.exe
                    C:\WINDOWS\System32\alg.exe
                    C:\Program Files\Norman\Nvc\bin\cclaw.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Documents and Settings\Hans Mulder\Bureaublad\dss.exe
                    C:\WINDOWS\system32\wbem\wmiprvse.exe
                    C:\PROGRA~1\TRENDM~1\HIJACK~1\Hans Mulder.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
                    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
                    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
                    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
                    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
                    O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
                    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
                    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
                    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
                    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
                    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
                    O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\npfmsg.exe
                    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
                    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
                    O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
                    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
                    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
                    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
                    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

                    --
                    End of file - 9183 bytes

                    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                    backup-20080402-204116-381 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe

                    -- File Associations -----------------------------------------------------------

                    All associations okay.


                    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                    R0 NDIS_RD (Firewall Engine Type-R2) - c:\windows\system32\drivers\ndis_rd.sys
                    R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
                    R1 Hotkey - c:\windows\system32\drivers\hotkey.sys
                    R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
                    R1 TDI_RD (Firewall Engine Type-R) - c:\windows\system32\drivers\tdi_rd.sys
                    R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
                    R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
                    R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
                    R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
                    R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
                    R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >
                    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
                    R3 POWERKEY - c:\program files\launch manager\powerkey.sys

                    S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing)
                    S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing)
                    S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys (file missing)
                    S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys (file missing)
                    S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing)
                    S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing)
                    S3 catchme - c:\docume~1\hansmu~1\locals~1\temp\catchme.sys (file missing)
                    S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt.sys
                    S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
                    S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing)
                    S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing)


                    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                    R2 AWService (AdminWorks Agent X6) - "c:\acer\empowering technology\admserv.exe" <Not Verified; Avocent Inc.; Acer Empowering framework>
                    R2 Norman Type-R - c:\program files\norman\npf\npfsvice.exe


                    -- Device Manager: Disabled ----------------------------------------------------

                    Class GUID: {D76B962B-F0B8-41F2-8590-6605FE4EA312}
                    Description: Bluetooth VComm Manager
                    Device ID: ROOT\BLUETOOTH\0001
                    Manufacturer: IVT Corporation
                    Name: Bluetooth VComm Manager
                    PNP Device ID: ROOT\BLUETOOTH\0001
                    Service: VcommMgr


                    -- Scheduled Tasks -------------------------------------------------------------

                    2008-04-07 09:37:28 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


                    -- Files created between 2008-03-07 and 2008-04-07 -----------------------------

                    2008-04-03 10:10:32 0 d-------- C:\Program Files\Java
                    2008-04-03 10:10:29 0 d-------- C:\Program Files\Common Files\Java
                    2008-04-02 15:16:28 0 d-------- C:\WINDOWS\ERUNT
                    2008-04-02 15:14:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
                    2008-04-01 17:36:05 0 d-------- C:\Program Files\Trend Micro
                    2008-04-01 00:09:00 0 d--hs---- C:\FOUND.004
                    2008-03-31 19:31:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
                    2008-03-31 19:30:57 0 d-------- C:\Program Files\Spyware Doctor
                    2008-03-31 19:30:57 0 d-------- C:\Documents and Settings\Hans Mulder\Application Data\PC Tools
                    2008-03-31 19:30:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
                    2008-03-31 19:30:29 0 d-------- C:\Program Files\Webroot
                    2008-03-31 19:30:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                    2008-03-31 19:29:48 0 d-------- C:\Documents and Settings\Hans Mulder\Application Data\Webroot
                    2008-03-31 19:29:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                    2008-03-31 19:28:42 0 d-------- C:\Program Files\SpywareBlaster
                    2008-03-31 19:27:16 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
                    2008-03-31 19:25:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
                    2008-03-31 19:25:19 0 d-------- C:\Temp
                    2008-03-31 19:01:49 0 d-------- C:\WINDOWS\system32\GroupPolicy
                    2008-03-31 19:01:41 0 d-------- C:\Program Files\Hitman Pro
                    2008-03-31 18:55:56 0 d--hs---- C:\FOUND.003
                    2008-03-30 23:47:27 0 dr-h----- C:\Documents and Settings\Hans Mulder\Onlangs geopend
                    2008-03-30 12:40:42 0 d--hs---- C:\FOUND.002


                    -- Find3M Report ---------------------------------------------------------------

                    2008-04-07 09:37:10 494688 --a------ C:\WINDOWS\system32\perfh013.dat
                    2008-04-07 09:37:10 92980 --a------ C:\WINDOWS\system32\perfc013.dat
                    2008-04-07 09:35:16 5 --a------ C:\NPF_USER.DAT
                    2008-02-26 20:23:02 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
                    2008-02-25 21:59:30 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
                    2008-02-17 22:47:34 0 d-------- C:\Program Files\Last.fm
                    2008-02-16 17:35:36 0 d-------- C:\Program Files\Belastingdienst
                    2008-01-30 22:14:40 229376 --a------ C:\Documents and Settings\Hans Mulder\Application Data\fin.zup


                    -- Registry Dump ---------------------------------------------------------------

                    *Note* empty entries & legit default entries are not shown


                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [30-08-2002 15:02]
                    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [08-11-2005 10:45]
                    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [02-01-2006 10:31]
                    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [26-07-2005 11:36]
                    "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [09-08-2007 14:40]
                    "epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [10-11-2005 19:09]
                    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [08-11-2005 10:19]
                    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [25-07-2005 10:45]
                    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [16-09-2003 14:28]
                    "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [24-10-2005 16:45]
                    "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [09-11-2005 11:04]
                    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25-07-2005 13:36]
                    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-05-2006 20:27]
                    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [30-01-2007 14:41]
                    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 18:24]
                    "Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [13-07-2006 16:41]
                    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 05:00]

                    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                    "DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
                    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

                    C:\Documents and Settings\Hans Mulder\Menu Start\Programma's\Opstarten\
                    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [17-2-2008 22:47:33]

                    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                    NPF Messenger.lnk - C:\Program Files\Norman\NPF\npfmsg.exe [2-6-2006 16:39:30]

                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
                    @="Service"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
                    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
                    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
                    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
                    backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
                    C:\WINDOWS\system32\ctfmon.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
                    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
                    "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
                    C:\WINDOWS\system32\hkcmd.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
                    C:\WINDOWS\system32\igfxpers.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
                    C:\WINDOWS\system32\igfxtray.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
                    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                    "C:\Program Files\Messenger\msmsgs.exe" /background

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
                    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
                    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
                    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
                    C:\Windows\RUNXMLPL.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                    "C:\Program Files\QuickTime\qttask.exe" -atboottime

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
                    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
                    SOUNDMAN.EXE

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
                    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                    "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
                    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
                    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
                    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
                    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
                    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

                    *Newly Created Service* - INT15.SYS



                    -- End of Deckard's System Scanner: finished at 2008-04-07 09:49:08 ------------

                    Comment


                    • #11
                      Hier logfile extra.txt:

                      Deckard's System Scanner v20071014.68
                      Extra logfile - please post this as an attachment with your post.
                      --------------------------------------------------------------------------------

                      -- System Information ----------------------------------------------------------

                      Microsoft Windows XP Professional (build 2600) SP 2.0
                      Architecture: X86; Language: Dutch

                      CPU 0: Intel(R) Celeron(R) M processor 1.60GHz
                      Percentage of Memory in Use: 60%
                      Physical Memory (total/avail): 1014.42 MiB / 399.66 MiB
                      Pagefile Memory (total/avail): 1671.72 MiB / 1166.39 MiB
                      Virtual Memory (total/avail): 2047.88 MiB / 1931.25 MiB

                      C: is Fixed (FAT32) - 35.45 GiB total, 15.95 GiB free.
                      D: is Fixed (FAT32) - 35.93 GiB total, 19.26 GiB free.
                      E: is CDROM (No Media)
                      F: is CDROM (No Media)

                      \\.\PHYSICALDRIVE0 - HTS421280H9AT00 - 74.53 GiB - 3 partitions
                      \PARTITION0 - Unknown - 3.13 GiB
                      \PARTITION1 (bootable) - Unknown - 35.46 GiB - C:
                      \PARTITION2 - Unknown - 35.94 GiB - D:



                      -- Security Center -------------------------------------------------------------

                      AUOptions is scheduled to auto-install.
                      Windows Internal Firewall is disabled.

                      FirstRunDisabled is set.

                      FW: Norman Personal Firewall v. 1.4 vv.5.8 (Norman ASA)
                      AV: Norman Virus Control ver. 5.90 v5.90 (Norman ASA)
                      AV: ESET NOD32 antivirus systeem 2.70 v2.70 (ESET, spol. s r.o.) Disabled

                      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
                      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

                      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                      "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
                      "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
                      "C:\\WINDOWS\\system32\\^^^^^.exe"="C:\\WINDOWS\\system32\\^^^^^.exe:*:Enabled:Flash Media"


                      -- Environment Variables -------------------------------------------------------

                      ALLUSERSPROFILE=C:\Documents and Settings\All Users
                      APPDATA=C:\Documents and Settings\Hans Mulder\Application Data
                      CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
                      CLIENTNAME=Console
                      CommonProgramFiles=C:\Program Files\Common Files
                      COMPUTERNAME=HANS
                      ComSpec=C:\WINDOWS\system32\cmd.exe
                      FP_NO_HOST_CHECK=NO
                      HOMEDRIVE=C:
                      HOMEPATH=\Documents and Settings\Hans Mulder
                      LOGONSERVER=\\HANS
                      NpmLib=C:\Program Files\Norman\Npm\Bin
                      NUMBER_OF_PROCESSORS=1
                      OS=Windows_NT
                      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Norman\Npm\Bin
                      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
                      PROCESSOR_ARCHITECTURE=x86
                      PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
                      PROCESSOR_LEVEL=6
                      PROCESSOR_REVISION=0d08
                      ProgramFiles=C:\Program Files
                      PROMPT=$P$G
                      QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
                      SESSIONNAME=Console
                      SystemDrive=C:
                      SystemRoot=C:\WINDOWS
                      TEMP=C:\DOCUME~1\HANSMU~1\LOCALS~1\Temp
                      TMP=C:\DOCUME~1\HANSMU~1\LOCALS~1\Temp
                      USERDOMAIN=HANS
                      USERNAME=Hans Mulder
                      USERPROFILE=C:\Documents and Settings\Hans Mulder
                      windir=C:\WINDOWS


                      -- User Profiles ---------------------------------------------------------------

                      Hans Mulder (admin)
                      Administrator (admin)


                      -- Add/Remove Programs ---------------------------------------------------------

                      --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
                      --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
                      --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
                      --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
                      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
                      Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
                      Acer eDataSecurity Management 1.00.21 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x13 -removeonly
                      Acer eLock Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
                      Acer Empowering Technology framework --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
                      Acer ePerformance Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
                      Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
                      Acer ePresentation Management --> C:\WINDOWS\UnInst32.exe AcerePrj.UNI
                      Acer eSettings Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
                      Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
                      Acoustica Audio Converter Pro --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
                      Active Desktop Calendar 6.2 --> "C:\Program Files\XemiComputers\Active Desktop Calendar\unins000.exe"
                      Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
                      Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
                      Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
                      Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
                      Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
                      Azureus --> C:\Program Files\Azureus\Uninstall.exe
                      Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
                      BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
                      CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
                      Codec Pack - All In 1 6.0.2.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
                      DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
                      DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
                      Everest Poker (Remove Only) --> C:\Program Files\Everest Poker\cstart.exe /uninstall
                      ExcelModules --> C:\PROGRA~1\EXCELM~1\UNWISE.EXE C:\PROGRA~1\EXCELM~1\INSTALL.LOG
                      HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
                      Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
                      Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
                      Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
                      Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
                      Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
                      Kluwer Collegebundel --> C:\PROGRA~1\KLUWER\COLLEG~1\KLUCB\KCB\uninstal.exe
                      Last.fm 1.4.2.59470 --> "C:\Program Files\Last.fm\unins000.exe"
                      Launch Manager V1.0.9.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe" -l0x13
                      Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
                      Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
                      Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
                      Microsoft Dynamics NAV 5.0 CSIDE Client --> MsiExec.exe /I{00000000-0000-5000-9B00-0000836BD2D2}
                      Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
                      Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
                      Microsoft SQL Server Desktop Engine --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
                      Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
                      Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
                      Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
                      MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
                      MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
                      NOD32 antivirus systeem --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
                      Norman Personal Firewall 1.42 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E471E704-51E5-45C7-AED3-000DF14B50B7}\Setup.exe" -l0x13
                      Norman Virus Control --> C:\Program Files\Norman\NVC\BIN\DelNVC5.exe
                      NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
                      NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1043 CDM7
                      Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
                      Picasa 2 --> "C:\Program Files\Picasa\Uninstall.exe"
                      PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
                      PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
                      QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1043
                      RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
                      Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
                      Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
                      Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
                      Sizer (remove only) --> C:\Program Files\Sizer\Uninstall.exe
                      SnagIt 8 --> MsiExec.exe /I{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}
                      Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D_CplEFL5k\HXFSETUP.EXE -U -ICplEFL5K.inf
                      SoftV90 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE -U -IVEN_8086&DEV_266D&SUBSYS_006A1025
                      Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
                      Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
                      Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
                      SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
                      Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
                      TCG eLearning-CMS 1.2.1434 --> MsiExec.exe /I{6D1918C9-97C3-43A9-9B41-32D7FDFD1AB0}
                      TCG ProcessPublisher 5.6.6683 --> MsiExec.exe /I{0D824E61-521D-4520-8995-027595F4C250}
                      Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
                      VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
                      Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
                      Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
                      Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
                      Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
                      Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
                      Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
                      WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
                      XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


                      -- Application Event Log -------------------------------------------------------

                      Event Record #/Type12624 / Error
                      Event Submitted/Written: 04/07/2008 09:48:11 AM
                      Event ID/Source: 8 / crypt32
                      Event Description:
                      Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode verlopen is.

                      Event Record #/Type12623 / Error
                      Event Submitted/Written: 04/07/2008 09:47:38 AM
                      Event ID/Source: 8 / crypt32
                      Event Description:
                      Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode verlopen is.

                      Event Record #/Type12616 / Warning
                      Event Submitted/Written: 04/07/2008 09:34:33 AM
                      Event ID/Source: 19011 / MSSQLServer
                      Event Description:
                      SuperSocket info: (SpnRegister) : Error 1355.

                      Event Record #/Type12604 / Warning
                      Event Submitted/Written: 04/04/2008 08:22:21 PM
                      Event ID/Source: 1524 / Userenv
                      Event Description:
                      Windows kan het klassenregisterbestand niet uit het geheugen verwijderen omdat het momenteel door een andere toepassing of service wordt gebruikt. Het bestand wordt uit het geheugen verwijderd als het niet meer wordt gebruikt.

                      Event Record #/Type12597 / Warning
                      Event Submitted/Written: 04/04/2008 05:49:55 PM
                      Event ID/Source: 19011 / MSSQLServer
                      Event Description:
                      SuperSocket info: (SpnRegister) : Error 1355.



                      -- Security Event Log ----------------------------------------------------------

                      No Errors/Warnings found.


                      -- System Event Log ------------------------------------------------------------

                      Event Record #/Type46852 / Warning
                      Event Submitted/Written: 04/02/2008 03:24:20 PM
                      Event ID/Source: 2504 / Server
                      Event Description:
                      De server kan geen verbinding maken met transport \Device\NetBT_Tcpip_{EC62E5D5-9C6F-482D-9903-EB9A03055A12}.

                      Event Record #/Type46848 / Error
                      Event Submitted/Written: 04/02/2008 03:15:39 PM
                      Event ID/Source: 10005 / DCOM
                      Event Description:
                      DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                      om de server
                      {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

                      Event Record #/Type46847 / Error
                      Event Submitted/Written: 04/02/2008 03:15:39 PM
                      Event ID/Source: 10005 / DCOM
                      Event Description:
                      DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                      om de server
                      {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

                      Event Record #/Type46846 / Error
                      Event Submitted/Written: 04/02/2008 03:14:56 PM
                      Event ID/Source: 10005 / DCOM
                      Event Description:
                      DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
                      om de server
                      {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

                      Event Record #/Type46845 / Error
                      Event Submitted/Written: 04/02/2008 03:14:48 PM
                      Event ID/Source: 7026 / Service Control Manager
                      Event Description:
                      De volgende opstartstuurprogramma's zijn niet geladen:
                      AFD
                      Fips
                      intelppm
                      IPSec
                      MRxSmb
                      NetBIOS
                      NetBT
                      nod32drv
                      RasAcd
                      Rdbss
                      Tcpip



                      -- End of Deckard's System Scanner: finished at 2008-04-07 09:49:08 ------------

                      Bedankt!

                      Comment


                      • #12
                        Het is toch wel in orde. Alleen staat er nog een regel bij de Firewall dat een programma toegang zou hebben tot internet, maar dat programma is niet meer op jou computer aanwezig.


                        Kopieer onderstaande code in kladblok (notepad):

                        REGEDIT4

                        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
                        "C:\\WINDOWS\\system32\\^^^^^.exe"="-


                        Klik op Bestand -> Opslaan als...
                        Opslaan als type: Alle bestanden
                        Sla het bestand op het bureaublad als fix.reg
                        (zorg dat REGEDIT4 op de eerste regel staat.

                        Dubbelklik op fix.reg en klik JA om de wijziging in het register uit te voeren.

                        Dan is alles weer zoals het hoort te zijn.

                        Comment


                        • #13
                          Het is gelukt! Hartelijk dank, ben erg blij dat 'ie weer normaal loopt!

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X