Mededeling

Collapse
No announcement yet.

Explorer.exe crashes and Virus pop-ups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Explorer.exe crashes and Virus pop-ups

    Hallo,

    Sinds een paar dagen krijg ik op het scherm van mijn laptop irritante pop-ups waarin steeds wordt aanbevolen om allerlei virusscanners en dergelijke programma's te downloaden, over "critical errors in Windows registry and file system" van een zogenaamde "Windows Integrity Scan Wizard"), en krijg ik fake windowsmeldingen onder de vorm van pop-ups uit de taakbalk waarin gezegd wordt dat ik "hier" moet klikken om het probleem op te lossen).

    Andere symptomen zijn het taakbeheer dat niet kon geopend worden (is ondertussen opgelost) in "normale modus", maar wel in veilige modus en voortdurende crashes van explorer.exe in gewone modus. Deze crashes gebeuren elke keer ik een willekeurige map of bestemming (bv. Deze computer of configuratiescherm) probeer te openen, maar ook bij het openen van Internet Explorer (het vreemde is dat in dat laatste geval dan blijkbaar spontaan geprobeerd wordt de map "Mijn documenten" te openen, hetgeen de crash m.i. veroorzaakt).

    Ik heb al een aantal scans uitgevoerd (Bullguard, Spyware Doctor, Spybot S&D, Ad-aware en de standaard Windows Defender), en een vrij groot aantal virussen, malware, spyware en andere rotzooi zijn al verwijderd. Helaas blijven de hierboven beschreven symptomen steeds terugkomen, en weet ik op dit moment niet goed meer wat nog te proberen. Vandaar dus deze post en onderstaand Hijackthis logje.

    Alvast heel veel dank bij voorbaat voor jullie hulp bij dit probleem!

    Groeten,

    J

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:27:06, on 18/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\ProgramData\gdklyhgj\wncbevsj.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\ilinqhmt.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Launch Manager\WisLMSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\Explorer.exe
    C:\Users\Johan en Natalie\Desktop\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Explorer - {7348D74C-731B-DECE-9F8A-A37D8214708E} - C:\Windows\system32\wlcstp32.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [crxkydzu] C:\Windows\system32\ilinqhmt.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [jzeotpqs] C:\Windows\system32\bmzipalm.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [6Q2flvObG3] C:\ProgramData\gdklyhgj\wncbevsj.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-be.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c86eb0e9caf0070e.spaces.live.com/PhotoUpload/VistaMsnPUpldnl-be.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O21 - SSODL: pmsoarbf - {AF0046B2-C220-427D-BB08-9AC99578899D} - C:\Windows\pmsoarbf.dll
    O21 - SSODL: omlbpkaw - {B9B0D4C2-4072-4F3C-BB96-E001BD5E9CFB} - C:\Windows\omlbpkaw.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

    --
    End of file - 11965 bytes

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    O3 - Toolbar: (no name) - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - (no file)
    O4 - HKCU\..\Run: [crxkydzu] C:\Windows\system32\ilinqhmt.exe
    O4 - HKCU\..\Run: [jzeotpqs] C:\Windows\system32\bmzipalm.exe
    O4 - HKLM\..\Policies\Explorer\Run: [6Q2flvObG3] C:\ProgramData\gdklyhgj\wncbevsj.exe
    O21 - SSODL: pmsoarbf - {AF0046B2-C220-427D-BB08-9AC99578899D} - C:\Windows\pmsoarbf.dll
    O21 - SSODL: omlbpkaw - {B9B0D4C2-4072-4F3C-BB96-E001BD5E9CFB} - C:\Windows\omlbpkaw.dll

    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hallo Smeenk,

      Bedankt voor de snelle reactie ; mijn laptop doet alweer wat normaler! Hieronder de RVAXO en DSS logs.

      Thanks!

      J

      ---RVAXO.exe Updated: 2008-04-18---first run---
      Uninstallers:

      Files found:
      C:\Windows\omlbpkaw.dll
      C:\Windows\pmsoarbf.dll
      C:\Windows\npqtsrak.exe
      C:\Windows\system32\wlcstp32.dll

      Folders Found:


      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Deckard's System Scanner v20071014.68
      Run by J on 2008-04-19 00:17:48
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- Last 5 Restore Point(s) --
      11: 2008-04-18 17:50:47 UTC - RP214 - Installed Ad-Aware 2007
      10: 2008-04-17 20:31:33 UTC - RP213 - ComboFix created restore point
      9: 2008-04-17 19:14:42 UTC - RP212 - Gepland herstelpunt
      8: 2008-04-15 21:08:28 UTC - RP211 - Windows Defender Checkpoint
      7: 2008-04-12 14:25:48 UTC - RP209 - Gepland herstelpunt


      -- First Restore Point --
      1: 2008-03-29 18:57:47 UTC - RP201 - Gepland herstelpunt


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Johan en Natalie.exe) ------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 0:19:54, on 19/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Launch Manager\WButton.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Windows\RtHDVCpl.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Launch Manager\OSD.exe
      C:\Program Files\Launch Manager\LaunchAp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Windows\System32\igfxtray.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Windows\System32\hkcmd.exe
      C:\Program Files\Launch Manager\HotkeyApp.exe
      C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
      C:\Windows\System32\spoolsv.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Windows\System32\ranaduha.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      C:\Program Files\Launch Manager\WisLMSvc.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Users\Johan en Natalie\Desktop\dss.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\vssvc.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\wuauclt.exe
      \?\C:\Windows\system32\wbem\WMIADAP.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
      C:\Users\JOHANE~1\Desktop\Johan en Natalie.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
      O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
      O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
      O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
      O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
      O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [yaetxpva] C:\Windows\system32\ranaduha.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-be.cab
      O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c86eb0e9caf0070e.spaces.live.com/PhotoUpload/VistaMsnPUpldnl-be.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
      O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
      O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

      --
      End of file - 11458 bytes

      -- HijackThis Fixed Entries (C:\Users\JOHANE~1\Desktop\backups\) ---------------

      backup-20080417-221445-700 O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\Windows\lgmxvpatkmb.dll
      backup-20080419-000024-426 O4 - HKCU\..\Run: [jzeotpqs] C:\Windows\system32\bmzipalm.exe
      backup-20080419-000024-635 O21 - SSODL: pmsoarbf - {AF0046B2-C220-427D-BB08-9AC99578899D} - C:\Windows\pmsoarbf.dll
      backup-20080419-000024-646 O4 - HKCU\..\Run: [crxkydzu] C:\Windows\system32\ilinqhmt.exe
      backup-20080419-000024-729 O3 - Toolbar: (no name) - {C8F0EE32-3AF7-4730-9D8C-9EB9D0315290} - (no file)
      backup-20080419-000024-821 O4 - HKLM\..\Policies\Explorer\Run: [6Q2flvObG3] C:\ProgramData\gdklyhgj\wncbevsj.exe
      backup-20080419-000025-330 O21 - SSODL: omlbpkaw - {B9B0D4C2-4072-4F3C-BB96-E001BD5E9CFB} - C:\Windows\omlbpkaw.dll

      -- File Associations -----------------------------------------------------------

      .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 Hotkey - c:\windows\system32\drivers\hotkey.sys


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
      R2 BGLiveSvc (BullGuard LiveUpdate) - "c:\program files\bullguard software\bullguard\bullguardupdate.exe" <Not Verified; BullGuard Software; BullGuard>
      R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
      R3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >

      S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-03-19 and 2008-04-19 -----------------------------

      2008-04-19 00:09:07 0 d-------- C:\RVAXO
      2008-04-19 00:07:52 795717 --a------ C:\Windows\system32\RVAXO.bat
      2008-04-19 00:07:52 69632 --a------ C:\Windows\system32\remove.exe
      2008-04-18 23:56:54 94208 --a------ C:\Windows\system32\ranaduha.exe
      2008-04-18 19:51:17 0 d-------- C:\Program Files\Lavasoft
      2008-04-18 19:51:16 0 d-------- C:\Users\All Users\Lavasoft
      2008-04-18 19:50:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-18 19:33:02 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-04-17 22:39:14 90112 --a------ C:\Windows\system32\bmzipalm.exe
      2008-04-16 22:11:25 0 d-------- C:\Windows\pss
      2008-04-16 19:24:14 0 d-a------ C:\Users\All Users\TEMP
      2008-04-16 19:23:54 0 d-------- C:\Program Files\Spyware Doctor
      2008-04-15 23:07:38 98304 --a------ C:\Windows\system32\ilinqhmt.exe
      2008-04-15 23:07:38 0 d-------- C:\Users\All Users\gdklyhgj
      2008-03-31 23:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
      2008-03-31 23:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
      2008-03-31 23:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
      2008-03-31 23:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
      2008-03-31 23:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
      2008-03-21 22:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
      2008-03-21 22:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
      2008-03-21 22:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
      2008-03-21 22:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


      -- Find3M Report ---------------------------------------------------------------

      2008-04-19 00:05:11 677128 --a------ C:\Windows\system32\perfh013.dat
      2008-04-19 00:05:11 118548 --a------ C:\Windows\system32\perfc013.dat
      2008-04-18 19:50:21 0 d-------- C:\Program Files\Common Files
      2008-04-16 19:23:54 0 d-------- C:\Users\Johan en Natalie\AppData\Roaming\PC Tools
      2008-04-16 06:56:59 0 d-------- C:\Users\Johan en Natalie\AppData\Roaming\BullGuard
      2008-04-12 17:43:41 0 d-------- C:\Program Files\DivX
      2008-04-05 16:52:58 0 d-------- C:\Users\Johan en Natalie\AppData\Roaming\uTorrent
      2008-03-08 23:57:28 0 d-------- C:\Program Files\XnFoto
      2008-03-07 18:55:17 0 d-------- C:\Program Files\Common Files\Adobe
      2008-03-05 21:10:48 0 d-------- C:\Program Files\Windows Mail
      2008-02-22 20:24:13 0 d-------- C:\Program Files\iTunes
      2008-02-22 20:24:02 0 d-------- C:\Program Files\iPod
      2008-02-20 21:56:02 0 d-------- C:\Program Files\NCH Swift Sound
      2008-02-07 21:49:18 45514 --a------ C:\Users\Johan en Natalie\AppData\Roaming\mdbu.bin


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/07/2007 11:05]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe"
      "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 14:37]
      "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [10/08/2006 03:27]
      "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09/02/2007 16:54]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/02/2007 22:50]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
      "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [22/11/2006 18:31]
      "RtHDVCpl"="RtHDVCpl.exe" [15/02/2007 18:07 C:\Windows\RtHDVCpl.exe]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
      "Persistence"="C:\Windows\system32\igfxpers.exe" [02/01/2008 18:07]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
      "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [26/12/2006 11:23]
      "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 13:36]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 11:55]
      "IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/01/2008 18:07]
      "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 13:00]
      "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/01/2008 18:06]
      "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [14/12/2006 16:53]
      "ExtraFilmHemmaAgent"="C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe" [03/10/2006 10:40]
      "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"
      "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [12/04/2008 21:00]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [23/12/2006 18:05]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
      "yaetxpva"="C:\Windows\system32\ranaduha.exe" [18/04/2008 23:56]

      C:\Users\Johan en Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 20:24:54]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"=2 (0x2)
      "EnableLUA"=0 (0x0)
      "HideLegacyLogonScripts"=0 (0x0)
      "HideLogoffScripts"=0 (0x0)
      "RunLogonScriptSync"=1 (0x1)
      "RunStartupScriptSync"=1 (0x1)
      "HideStartupScripts"=0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "HideLegacyLogonScripts"=0 (0x0)
      "HideLogoffScripts"=0 (0x0)
      "RunLogonScriptSync"=1 (0x1)
      "RunStartupScriptSync"=1 (0x1)
      "HideStartupScripts"=0 (0x0)

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}"= C:\Windows\system32\cbXRLdab.dll [ ]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
      @="IEEE 1394 Bus host controllers"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
      @="SBP2 IEEE 1394 Devices"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
      @="SecurityDevices"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
      BullGuard BgMainSvc BsFileScan BsMailProxy


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      C:\Windows\system32\unregmp2.exe /ShowWMP

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
      %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



      -- End of Deckard's System Scanner: finished at 2008-04-19 00:22:06 ------------

      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft® Windows Vista™ Home Premium (build 6000)
      Architecture: X86; Language: Dutch

      CPU 0: Genuine Intel(R) CPU T2130 @ 1.86GHz
      Percentage of Memory in Use: 44%
      Physical Memory (total/avail): 2037.56 MiB / 1135.06 MiB
      Pagefile Memory (total/avail): 4294.34 MiB / 2983.54 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1907.25 MiB

      C: is Fixed (NTFS) - 118.95 GiB total, 32.88 GiB free.
      D: is Fixed (FAT32) - 30.08 GiB total, 23.21 GiB free.
      E: is CDROM (No Media)

      \\.\PHYSICALDRIVE0 - WDC WD1600BEVS-22RST0 - 149.05 GiB - 2 partitions
      \PARTITION0 - Extended w/Extended Int 13 - 30.1 GiB - D:
      \PARTITION1 (bootable) - Installable File System - 118.95 GiB - C:



      -- Security Center -------------------------------------------------------------

      AUOptions is set to notify before download.
      Windows Internal Firewall is enabled.

      AV: BullGuard Antivirus v (BullGuard Software)
      AS: Spyware Doctor v5.5.0.212 (PC Tools)
      AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
      AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\ProgramData
      APPDATA=C:\Users\Johan en Natalie\AppData\Roaming
      CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=PC_VAN_JOHANENN
      ComSpec=C:\Windows\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Users\Johan en Natalie
      LOCALAPPDATA=C:\Users\Johan en Natalie\AppData\Local
      LOGONSERVER=\\PC_VAN_JOHANENN
      NUMBER_OF_PROCESSORS=2
      OS=Windows_NT
      Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0e0c
      ProgramData=C:\ProgramData
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      PUBLIC=C:\Users\Public
      QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\Windows
      TEMP=C:\Users\JOHANE~1\AppData\Local\Temp
      TMP=C:\Users\JOHANE~1\AppData\Local\Temp
      USERDOMAIN=PC_van_JohanenN
      USERNAME=Johan en Natalie
      USERPROFILE=C:\Users\Johan en Natalie
      windir=C:\Windows


      -- User Profiles ---------------------------------------------------------------

      Johan en Natalie (admin)


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
      --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
      --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
      --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
      --> C:\Windows\UNNeroVision.exe /UNINSTALL
      --> C:\Windows\UNRecode.exe /UNINSTALL
      --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
      Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
      Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
      Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
      Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
      Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
      µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
      BullGuard 7.0 for Vista --> C:\Program Files\BullGuard Software\BullGuard\uninst.exe
      DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
      ExtraFilm PhotoAssistant --> C:\Program Files\ExtraFilm PhotoAssistant\Uninstall.exe
      Foto.com's Editor 2.3 --> "C:\Program Files\Foto.com\Foto.com Editor\unins000.exe"
      Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
      Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
      Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
      HijackThis 2.0.2 --> "C:\Users\Johan en Natalie\Desktop\HijackThis.exe" /uninstall
      Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
      Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
      InterVideo MediaOne Gallery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL
      InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0413
      IsoBuster 2.3 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
      iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
      Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
      Launch Manager V1.3.9 --> C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x0013 -removeonly
      Magix Audio Cleaning Lab --> C:\MAGIX\aclab\UNWISE.EXE C:\MAGIX\aclab\INSTALL.LOG
      Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
      Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
      Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
      Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
      Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
      Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
      Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
      Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
      Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
      Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
      Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
      Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
      Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
      Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
      Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
      Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
      Microsoft Works --> MsiExec.exe /I{A2A0A82F-025F-458D-A0CD-9BB2320804B5}
      mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
      Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
      MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
      MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
      MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
      Nero 7 Essentials --> MsiExec.exe /X{63B75E16-F290-4FCD-AF67-A9134CD01043}
      QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
      Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0013 -removeonly
      Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x13 -removeonly
      REALTEK RTL8187B Wireless LAN Driver --> C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\setup.exe -uninst -l0x13
      Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
      Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
      Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
      Sonic Foundry Sound Forge 6.0a --> MsiExec.exe /I{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}
      Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
      SubSync --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SubSync\ST6UNST.LOG"
      Suyin Live Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0013 -removeonly -u
      SUYIN webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
      Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
      Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
      Ulead PhotoImpact 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x9
      Ulead VideoStudio SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\setup.exe" -l0x13
      Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
      Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
      Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
      Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
      Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
      VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
      Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D}
      WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
      XnFoto www.foto.com --> "C:\Program Files\XnFoto\unins000.exe"


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type12149 / Error
      Event Submitted/Written: 04/19/2008 00:15:00 AM
      Event ID/Source: 5007 / WerSvc
      Event Description:
      Kan het doelbestand voor het Windows Feedback Platform (een dll-bestand dat de lijst met problemen op deze computer bevat waarvoor aanvullende gegevens moeten worden verzameld voor diagnose) niet parseren. Foutcode: 8014FFF9.

      Event Record #/Type12148 / Success
      Event Submitted/Written: 04/19/2008 00:14:58 AM
      Event ID/Source: 5617 / WinMgmt
      Event Description:


      Event Record #/Type12147 / Success
      Event Submitted/Written: 04/19/2008 00:14:57 AM
      Event ID/Source: 5615 / WinMgmt
      Event Description:


      Event Record #/Type12144 / Success
      Event Submitted/Written: 04/19/2008 00:14:09 AM
      Event ID/Source: 902 / Software Licensing Service
      Event Description:
      De Software Licensing-service is gestart.

      Event Record #/Type12133 / Success
      Event Submitted/Written: 04/19/2008 00:13:10 AM
      Event ID/Source: 903 / Software Licensing Service
      Event Description:
      De Software Licensing-service is gestopt.



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type48076 / Error
      Event Submitted/Written: 04/19/2008 00:15:18 AM
      Event ID/Source: 7026 / Service Control Manager
      Event Description:
      mailKmd

      Event Record #/Type47989 / Warning
      Event Submitted/Written: 04/19/2008 00:13:11 AM
      Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
      Event Description:


      Event Record #/Type47968 / Error
      Event Submitted/Written: 04/19/2008 00:10:56 AM
      Event ID/Source: 7026 / Service Control Manager
      Event Description:
      mailKmd

      Event Record #/Type47883 / Error
      Event Submitted/Written: 04/19/2008 00:09:00 AM
      Event ID/Source: 6008 / EventLog
      Event Description:
      De vorige afsluiting van het systeem om 0:08:11 op 19/04/2008 is onverwacht gebeurd.

      Event Record #/Type47880 / Error
      Event Submitted/Written: 04/19/2008 00:07:56 AM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      Network List-serviceNetwork Location Awareness%%1068



      -- End of Deckard's System Scanner: finished at 2008-04-19 00:22:06 ------------

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        RD /S /Q "C:\Users\All Users\gdklyhgj"
        FOR %%g in (
        C:\Windows\system32\ranaduha.exe
        C:\Windows\system32\bmzipalm.exe
        C:\Windows\system32\ilinqhmt.exe
        "C:\Users\All Users\gdklyhgj") DO (
        DEL /Q %%gNUCIA
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        REN %%g *NUCIA
        IF EXIST %%gNUCIA (
        ECHO renamed to %%gNUCIA>>log.txt)
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Comment


        • #5
          Hello again,

          Hieronder de nieuwe logfile.

          Groeten,

          J

          Deleting files
          renamed to C:\Windows\system32\ranaduha.exeNUCIA
          C:\Windows\system32\ranaduha.exe deleted
          C:\Windows\system32\bmzipalm.exe deleted
          C:\Windows\system32\ilinqhmt.exe deleted
          "C:\Users\All Users\gdklyhgj" not found

          Comment


          • #6
            Herstart de computer.

            Dubbelklik na de herstart nog een keer op del.bat

            Post daarna ook nog even een nieuw logje van Hijackthis

            Comment


            • #7
              Hieronder het nieuw Hijackthis log aub.

              Groeten,

              J

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 10:58:45, on 19/04/2008
              Platform: Windows Vista (WinNT 6.00.1904)
              MSIE: Internet Explorer v7.00 (7.00.6000.16609)
              Boot mode: Normal

              Running processes:
              C:\Windows\System32\smss.exe
              C:\Windows\system32\csrss.exe
              C:\Windows\system32\csrss.exe
              C:\Windows\system32\wininit.exe
              C:\Windows\system32\services.exe
              C:\Windows\system32\lsass.exe
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\winlogon.exe
              C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe
              C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe
              C:\Windows\system32\svchost.exe
              C:\Windows\system32\SLsvc.exe
              C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe
              C:\Windows\system32\Dwm.exe
              C:\Windows\Explorer.EXE
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\Program Files\Launch Manager\WButton.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
              C:\Windows\RtHDVCpl.exe
              C:\Windows\System32\igfxpers.exe
              C:\Program Files\Launch Manager\OSD.exe
              C:\Program Files\Launch Manager\LaunchAp.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Spyware Doctor\pctsTray.exe
              C:\Windows\system32\igfxsrvc.exe
              C:\Windows\System32\igfxtray.exe
              C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe
              C:\Windows\System32\hkcmd.exe
              C:\Program Files\Launch Manager\HotkeyApp.exe
              C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
              C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Windows\ehome\ehtray.exe
              C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
              C:\Windows\ehome\ehmsas.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
              C:\Windows\System32\svchost.exe
              C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
              C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Windows\system32\svchost.exe
              C:\Program Files\Spyware Doctor\pctsAuxs.exe
              C:\Program Files\Spyware Doctor\pctsSvc.exe
              C:\Windows\system32\svchost.exe
              C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
              C:\Windows\System32\svchost.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
              C:\Program Files\Launch Manager\WisLMSvc.exe
              C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Windows\system32\notepad.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\system32\wuauclt.exe
              C:\Users\Johan en Natalie\Desktop\HijackThis.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
              O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
              O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
              O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
              O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
              O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
              O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
              O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
              O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
              O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
              O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
              O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
              O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
              O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
              O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
              O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKCU\..\Run: [yaetxpva] C:\Windows\system32\ranaduha.exe
              O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
              O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
              O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
              O13 - Gopher Prefix:
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-be.cab
              O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
              O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c86eb0e9caf0070e.spaces.live.com/PhotoUpload/VistaMsnPUpldnl-be.cab
              O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
              O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab
              O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
              O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
              O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
              O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

              --
              End of file - 11417 bytes

              Comment


              • #8
                Verwijder met Hijackthis de volgende regel:
                O4 - HKCU\..\Run: [yaetxpva] C:\Windows\system32\ranaduha.exe

                Vertel of je nog problemen ondervindt

                Comment


                • #9
                  Smeenk,

                  Ik heb mijn laptop de hele namiddag laten draaien en heb geen enkele melding meer gekregen, en explorer is niet meer gecrashed!!

                  Heel erg bedankt voor de hulp!

                  Groeten,

                  J

                  Comment


                  • #10
                    Graag gedaan hoor

                    Doe dit nog:
                    Download Java Runtime Environment (JRE) 6u6.
                    • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 6".
                    • Klik op de "Download" knop aan de rechterkant.
                    • Vink aan: "Accept License Agreement", en klik op Continue.
                    • De pagina zal herladen.
                    • Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 6 en bewaar het op je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Dan denk ik dat we klaar zijn

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X