Mededeling

Collapse
No announcement yet.

Adware en volgens mij ook nog een spyware infectie

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Adware en volgens mij ook nog een spyware infectie

    eey!

    ik heb sinds een paar dagen dat ik steeds ineens reclame schermen krijg (adware dus) maar ik kan nergens vinden waar het vandaan komt,
    en laatst zag ik ook nog is bij processen iets genaamd: 'perfect keylogger'
    staan, toen ik het googlede zag ik dus dat het zo'n remote keylogger is dus dat iemand gezellig aan het mee lezen is.

    ik zet het steeds snel uit via processen maar het is wel irritant en ik weet niet waar het vandaan komt.

    hier is de log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:11:28, on 20-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [BMe350e1bc] Rundll32.exe "C:\WINDOWS\system32\fdlahoht.dll",s
    O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1003422176-2839342723-3823813306-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Wilma')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 Startup: opware32.lnk = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (User 'Wilma')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 Startup: SpamFighter.lnk = C:\Program Files\SPAMfighter\SFAgent.exe (User 'Wilma')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 User Startup: opware32.lnk = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (User 'Wilma')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 User Startup: SpamFighter.lnk = C:\Program Files\SPAMfighter\SFAgent.exe (User 'Wilma')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 6967 bytes


    update:
    heb even een nieuw logje geplaatst, want sinds echt precies een paar minuten geleden krijg ik de hele tijd een foutenrapport van FIREFOX.EXE als ik firefox opstart.


    greetss
    Emile
    Last edited by Roxas; 20-04-08, 12:11.
    ****

    ****

  • #2
    Oorspronkelijk geplaatst door Roxas Bekijk Berichten
    eey!

    ik heb sinds een paar dagen dat ik steeds ineens reclame schermen krijg (adware dus) maar ik kan nergens vinden waar het vandaan komt,
    en laatst zag ik ook nog is bij processen iets genaamd: 'perfect keylogger'
    staan, toen ik het googlede zag ik dus dat het zo'n remote keylogger is dus dat iemand gezellig aan het mee lezen is.

    ik zet het steeds snel uit via processen maar het is wel irritant en ik weet niet waar het vandaan komt.

    hier is de log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:11:28, on 20-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [BMe350e1bc] Rundll32.exe "C:\WINDOWS\system32\fdlahoht.dll",s
    O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1003422176-2839342723-3823813306-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Wilma')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 Startup: opware32.lnk = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (User 'Wilma')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 Startup: SpamFighter.lnk = C:\Program Files\SPAMfighter\SFAgent.exe (User 'Wilma')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 User Startup: opware32.lnk = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (User 'Wilma')
    O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 User Startup: SpamFighter.lnk = C:\Program Files\SPAMfighter\SFAgent.exe (User 'Wilma')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 6967 bytes


    update:
    als ik bijv hyves bezoek en ik kijk wat foto's, dan veranderen die foto's in reclame, dus die adware zit er ook bij.

    Zelf denk ik dat de infectie zichzelf bij processen rundll92 heeft genoemd, omdat ik die normaal nooit zie als gebruikers bestand (meestal onder de naam system dus)


    greetss
    Emile
    excuses mag deze verwijderd worden, ik dacht dat het bewerken was want die stond er boven niet meer bij (ik wou er een update bijzetten)

    ik wil de tijd die ik normaal moest wachten gewoon blijven wachten,want ik bedoelde het echt niet op een manier om weer boven aan de lijst te komen.
    Ik wou het bericht aanpassen, maar de bewerk knop was er niet, en toen klikte ik op 'op meerdere berichten reageren' perongeluk omdat ik snel handelde en dacht dat dat wijzigen was.
    Last edited by Roxas; 22-04-08, 17:03.
    ****

    ****

    Comment


    • #3
      Download VirtumundoBegone (mirror)
      Sla dit op op je bureaublad.

      Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
      Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
      Als de fix klaar is, start je de pc opnieuw op.
      Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Start de computer in veilige modus.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.
      Post ook een nieuw logje van Hijackthis

      Comment


      • #4
        VirtumundoBeGone log:


        [04/22/2008, 18:20:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Eigenaar\Local Settings\Temp\wz283f\VirtumundoBeGone.exe" )
        [04/22/2008, 18:21:10] - Detected System Information:
        [04/22/2008, 18:21:10] - Windows Version: 5.1.2600, Service Pack 2
        [04/22/2008, 18:21:10] - Current Username: HP_Eigenaar (Admin)
        [04/22/2008, 18:21:10] - Windows is in NORMAL mode.
        [04/22/2008, 18:21:10] - Searching for Browser Helper Objects:
        [04/22/2008, 18:21:10] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
        [04/22/2008, 18:21:10] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [04/22/2008, 18:21:10] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
        [04/22/2008, 18:21:10] - Finished Searching Browser Helper Objects
        [04/22/2008, 18:21:10] - Finishing up...
        [04/22/2008, 18:21:10] - Nothing found! Exiting...
        RVAXO Log:

        ---RVAXO.exe Updated: 2008-04-22---first run---
        Uninstallers:

        Files found:
        C:\WINDOWS\BMe350e1bc.xml
        C:\WINDOWS\BMe350e1bc.txt
        C:\WINDOWS\wininit.ini
        C:\WINDOWS\hreg.dll
        C:\WINDOWS\system32\actskn45.ocx

        Folders Found:
        C:\WINDOWS\system32\CSpool

        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------
        Not deleted items:

        --------------RVAXO.exe finished----------------
        ****

        ****

        Comment


        • #5
          Download Deckard's System Scanner naar je Bureaublad.
          • Sluit alle toepassingen en vensters.
          • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
          • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
          • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

          Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
          - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
          Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
          Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)


          Download dit bestand: zoek.exe
          Dubbelklik het, na een tijdje opent er een logje.
          Post de inhoud van dit logje ook

          Comment


          • #6
            Main.txt

            Deckard's System Scanner v20071014.68
            Run by HP_Eigenaar on 2008-04-22 19:45:32
            Computer is in Normal Mode.
            --------------------------------------------------------------------------------

            -- System Restore --------------------------------------------------------------

            Successfully created a Deckard's System Scanner Restore Point.


            -- Last 1 Restore Point(s) --
            1: 2008-04-22 17:46:13 UTC - RP1 - Deckard's System Scanner Restore Point


            Backed up registry hives.
            Performed disk cleanup.

            Total Physical Memory: 384 MiB (512 MiB recommended).


            -- HijackThis (run as HP_Eigenaar.exe) -----------------------------------------

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 19:49:20, on 22-4-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v8.00 (8.00.6001.17184)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Windows Defender\MsMpEng.exe
            C:\WINDOWS\System32\svchost.exe
            C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
            C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            C:\Program Files\SPAMfighter\sfus.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Windows Defender\MSASCui.exe
            C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
            C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
            C:\Program Files\Windows Live\Messenger\usnsvc.exe
            C:\Documents and Settings\HP_Eigenaar\Bureaublad\dss.exe
            C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Eigenaar.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=pavilion&pf=desktop
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
            O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
            O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
            O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
            O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
            O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
            O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
            O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
            O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
            O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
            O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
            O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
            O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
            O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
            O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

            --
            End of file - 5997 bytes

            -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

            backup-20080422-171144-240 O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\nnnkIYoL.dll (file missing)
            backup-20080422-171144-260 O2 - BHO: (no name) - {2C3CA6CE-9542-4545-A31D-F998DF1B2C6B} - C:\WINDOWS\system32\fcccdBuv.dll (file missing)
            backup-20080422-171144-415 O2 - BHO: {e393a6d8-15c3-b80a-7bf4-5ef02a01ea5a} - {a5ae10a2-0fe5-4fb7-a08b-3c518d6a393e} - C:\WINDOWS\system32\lrsseahc.dll
            backup-20080422-171144-790 O20 - Winlogon Notify: nnnkIYoL - nnnkIYoL.dll (file missing)
            backup-20080422-171144-968 O4 - HKLM\..\Run: [BMe350e1bc] Rundll32.exe "C:\WINDOWS\system32\afmrngbl.dll",s

            -- File Associations -----------------------------------------------------------

            All associations okay.


            -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

            R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
            R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
            R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

            S1 intelppm (Intel GV3-processorstuurprogramma) - c:\windows\system32\drivers\intelppm.sys (file missing)
            S2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\x86\rainfo.sys (file missing)
            S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
            S3 TMPassthruMP - c:\windows\system32\drivers\tmpassthru.sys (file missing)


            -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

            S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
            S4 gupdate1c8740097825142 (Google Update Service (gupdate1c8740097825142)) - "c:\program files\google\update\1.0.103.3\googleupdate.exe" /svc (file missing)
            S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
            S4 Planner voor Automatische LiveUpdate - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


            -- Device Manager: Disabled ----------------------------------------------------

            No disabled devices found.


            -- Scheduled Tasks -------------------------------------------------------------

            2008-04-22 19:00:56 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
            2008-04-20 12:55:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
            2008-04-12 12:00:44 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
            2008-02-09 15:54:37 252 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


            -- Files created between 2008-03-22 and 2008-04-22 -----------------------------

            2008-04-29 15:02:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
            2008-04-29 14:55:17 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\AVG7
            2008-04-29 14:54:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
            2008-04-29 14:40:26 0 d-------- C:\Program Files\Windows Defender
            2008-04-29 14:30:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
            2008-04-29 01:28:15 0 d-------- C:\MSNCleaner
            2008-04-22 18:57:57 0 d-------- C:\RVAXO
            2008-04-22 18:53:46 800405 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-04-22 18:53:46 69632 --a------ C:\WINDOWS\system32\remove.exe
            2008-04-22 18:51:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
            2008-04-22 17:55:08 0 dr-h----- C:\Documents and Settings\HP_Eigenaar\Onlangs geopend
            2008-04-22 16:41:25 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Help
            2008-04-21 17:01:55 0 d-------- C:\Program Files\BearShare
            2008-04-21 16:26:08 0 d-------- C:\Program Files\MediaCoder
            2008-04-20 13:56:17 60200 --ah----- C:\WINDOWS\system32\mlfcache.dat
            2008-04-20 12:57:09 0 d-------- C:\Program Files\Safari
            2008-04-20 12:54:52 0 d-------- C:\Program Files\Apple Software Update
            2008-04-20 10:15:00 0 d-------- C:\Documents and Settings\Wilma\Application Data\Webroot
            2008-04-19 17:56:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
            2008-04-19 17:55:31 0 d-------- C:\Program Files\Webroot
            2008-04-19 17:55:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
            2008-04-19 17:42:38 0 d-------- C:\BackUpMSNCleaner
            2008-04-12 22:20:33 0 d-------- C:\Program Files\Acoustica Mixcraft 4
            2008-04-12 21:53:22 675328 --a------ C:\WINDOWS\is-LO5JN.exe <Not Verified; ; Inno Setup>
            2008-04-12 21:52:39 680960 --a------ C:\WINDOWS\is-AKREP.exe
            2008-04-10 22:51:25 0 d-------- C:\Documents and Settings\Gast\Application Data\Macromedia
            2008-04-10 22:51:25 0 d-------- C:\Documents and Settings\Gast\Application Data\Adobe
            2008-04-10 22:50:07 0 d-------- C:\Documents and Settings\Gast\Application Data\Mozilla
            2008-04-10 22:48:14 0 d-------- C:\Documents and Settings\Gast\Application Data\AVG7
            2008-04-10 21:33:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Protexis
            2008-04-10 21:05:29 80 -r-hs---- C:\WINDOWS\system32\E62AA7FFCD.dll
            2008-04-10 20:12:22 0 d-------- C:\Program Files\HTV
            2008-04-09 14:24:57 0 d-------- C:\Documents and Settings\Wilma\.jordan
            2008-04-06 18:06:17 0 d-------- C:\Program Files\FC
            2008-04-05 13:55:55 12615263 -----n--- C:\avg7qt.dat
            2008-04-03 21:24:17 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Google
            2008-04-03 15:41:10 0 d-------- C:\Program Files\Hyves Kwekker
            2008-04-03 13:56:53 0 d-------- C:\Documents and Settings\Wilma\Application Data\Acoustica
            2008-04-03 13:54:00 0 dr-h----- C:\Documents and Settings\Wilma\Onlangs geopend
            2008-03-30 12:38:19 0 d-------- C:\Documents and Settings\Wilma\Application Data\AVG7
            2008-03-29 18:41:10 0 dr-h----- C:\$VAULT$.AVG
            2008-03-26 18:50:03 0 d-------- C:\Program Files\IrfanView
            2008-03-25 20:37:45 556544 --a------ C:\WINDOWS\system32\NexPlayerX.dll <Not Verified; NEXTREAMING; NexPlayerX Module>
            2008-03-25 20:37:16 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
            2008-03-25 20:37:16 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
            2008-03-25 20:37:16 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
            2008-03-25 20:37:15 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
            2008-03-25 20:37:15 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
            2008-03-25 20:37:14 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
            2008-03-25 20:37:14 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
            2008-03-25 20:37:14 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
            2008-03-24 18:43:57 0 d-------- C:\Program Files\SourceTec
            2008-03-24 17:01:19 0 d-------- C:\Program Files\TrendyFlash Intro Builder
            2008-03-24 14:02:13 0 d-------- C:\Documents and Settings\Wilma\Application Data\ArcSoft
            2008-03-24 13:53:22 212480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
            2008-03-24 13:53:21 230400 --a------ C:\WINDOWS\system32\DC265.DLL <Not Verified; Eastman Kodak Company; DC265 SDK Win32 Ver.1.0.0600>
            2008-03-24 13:53:21 434176 --a------ C:\WINDOWS\system32\DC120V15_32.DLL <Not Verified; Eastman Kodak Japan; DC120 SDK Library Win32 Ver.1.5>
            2008-03-24 13:53:16 0 d-------- C:\Program Files\Nikon
            2008-03-24 13:52:56 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
            2008-03-24 13:52:39 0 d-------- C:\WINDOWS\system32\QuickTime
            2008-03-24 13:52:10 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
            2008-03-24 13:52:10 0 d-------- C:\Program Files\ArcSoft
            2008-03-22 19:44:32 0 d-------- C:\Program Files\BDS Protec
            2008-03-22 17:36:40 0 d-------- C:\Program Files\Smart Install Maker


            -- Find3M Report ---------------------------------------------------------------

            2008-04-28 09:34:56 514242 --a------ C:\WINDOWS\system32\perfh013.dat
            2008-04-28 09:34:56 93218 --a------ C:\WINDOWS\system32\perfc013.dat
            2008-04-22 18:58:34 0 d-------- C:\Program Files\SPAMfighter
            2008-04-22 16:41:26 0 d-------- C:\Program Files\Security Task Manager
            2008-04-21 21:57:49 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Skype
            2008-04-21 18:01:51 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
            2008-04-20 17:18:18 0 d-------- C:\Program Files\Common Files
            2008-04-20 13:47:03 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Apple Computer
            2008-04-20 12:07:17 0 d-------- C:\Program Files\Trend Micro
            2008-04-20 12:04:37 0 d-------- C:\Program Files\SpywareBlaster
            2008-04-19 17:54:59 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\uTorrent
            2008-04-13 21:31:33 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Canon
            2008-04-12 22:32:10 0 d-------- C:\Program Files\Acoustica Shared Effects
            2008-04-12 18:43:06 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Adobe
            2008-04-12 16:14:35 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\FreeCall
            2008-04-12 13:12:34 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Macromedia
            2008-04-12 12:05:59 0 d-------- C:\Program Files\Opera
            2008-04-04 21:26:51 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\TeamViewer
            2008-04-03 20:40:11 0 d-------- C:\Program Files\Google
            2008-03-29 18:43:39 0 d-------- C:\Program Files\Messenger Plus! Live
            2008-03-25 20:41:14 0 d-------- C:\Program Files\SAMSUNG
            2008-03-25 20:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
            2008-03-24 13:53:12 0 d-------- C:\Program Files\QuickTime
            2008-03-22 23:18:30 0 d-------- C:\Program Files\Omerta Script
            2008-03-21 17:59:58 0 d-------- C:\Program Files\Smallvideosoft
            2008-03-21 17:57:31 0 d-------- C:\Program Files\UnH Solutions
            2008-03-21 16:47:45 0 d-------- C:\Program Files\Hitman Pro
            2008-03-21 15:08:01 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\PC Tools
            2008-03-21 15:07:05 164 --a------ C:\install.dat
            2008-03-21 15:06:48 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Webroot
            2008-03-21 15:06:39 0 d-------- C:\Program Files\Lavasoft
            2008-03-17 21:19:18 0 d-------- C:\Program Files\Windows Media Components
            2008-03-17 17:29:13 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\gtk-2.0
            2008-03-16 13:22:27 0 d-------- C:\Program Files\TuneUp Utilities 2008
            2008-03-12 19:24:05 0 d-------- C:\Program Files\TVAnts
            2008-03-11 18:51:50 0 d-------- C:\Program Files\Shareaza
            2008-03-11 18:51:21 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\LimeWire
            2008-03-10 20:24:53 0 d-------- C:\Program Files\LimeWire
            2008-03-10 12:39:32 0 d-------- C:\Program Files\SopCast
            2008-03-09 17:09:34 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\mIRC
            2008-03-09 16:59:38 0 d-------- C:\Program Files\mIRC
            2008-03-09 14:02:10 0 d-------- C:\Program Files\Common Files\Adobe
            2008-03-09 01:52:10 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
            2008-03-06 14:30:47 0 d-------- C:\Program Files\Belastingdienst
            2008-03-01 19:42:14 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Orbit
            2008-03-01 17:24:22 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\TVU networks
            2008-03-01 17:24:10 0 d-------- C:\Program Files\TVUPlayer
            2008-02-29 00:44:03 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\VoipBuster
            2008-02-29 00:42:37 0 d-------- C:\Program Files\VoipBuster.com
            2008-02-29 00:30:44 0 d-------- C:\Program Files\FreeCall.com
            2008-02-23 00:25:54 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic per Windows>
            2008-02-22 21:44:45 0 d-------- C:\Program Files\TeamViewer3
            2008-02-22 16:57:06 0 d-------- C:\Program Files\SpywareGuard
            2008-02-22 16:49:44 0 d-------- C:\Program Files\Windows Live
            2008-02-19 20:34:12 75883 --a------ C:\WINDOWS\system32\Fix.bat
            2008-02-17 17:59:59 335 --a------ C:\WINDOWS\mozregistry.dat
            2008-02-17 15:07:49 2324352 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
            2008-02-10 21:40:59 681 --a------ C:\WINDOWS\mozver.dat
            2008-02-10 00:42:27 53760 --a------ C:\WINDOWS\system32\Squeeze.dll <Not Verified; ; ZLib.DLL>
            2008-02-10 00:00:42 28 --a------ C:\WINDOWS\system32\slootniw01.dll
            2008-02-08 16:27:55 3461 --a------ C:\WINDOWS\unins000.dat
            2008-02-08 16:24:30 691545 --a------ C:\WINDOWS\unins000.exe
            2008-02-07 15:47:53 10795 --a------ C:\WINDOWS\system32\whitelist
            2008-01-28 19:22:01 34 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.log
            2008-01-28 19:21:43 47360 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
            2008-01-28 19:21:43 1144 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.inf
            2008-01-28 19:21:43 7887 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.cat


            -- Registry Dump ---------------------------------------------------------------

            *Note* empty entries & legit default entries are not shown


            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14-04-2004 22:43]
            "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2006 19:20]
            "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15-04-2008 10:03]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]
            "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [25-05-2005 13:12]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "HideLegacyLogonScripts"=0 (0x0)
            "HideLogoffScripts"=0 (0x0)
            "RunLogonScriptSync"=1 (0x1)
            "RunStartupScriptSync"=1 (0x1)
            "HideStartupScripts"=0 (0x0)

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
            "NoSecCpl"=0 (0x0)
            "DisableChangePassword"=0 (0x0)
            "DisableLockWorkstation"=0 (0x0)
            "HideLegacyLogonScripts"=0 (0x0)
            "HideLogoffScripts"=0 (0x0)
            "RunLogonScriptSync"=1 (0x1)
            "RunStartupScriptSync"=1 (0x1)
            "HideStartupScripts"=0 (0x0)

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
            "NoManageMyComputerVerb"=0 (0x0)

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
            avgwlntf.dll 29-04-2008 14:55 9216 C:\WINDOWS\system32\avgwlntf.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
            LMIinit.dll 15-11-2007 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
            @="Service"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
            backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
            "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
            "gupdate1c8740097825142"=2 (0x2)
            "FirebirdServerDefaultInstance"=3 (0x3)
            "FirebirdGuardianDefaultInstance"=2 (0x2)

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
            "Eraser"=C:\Program Files\Eraser\eraser.exe -hide
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
            "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

            HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
            UxTuneUp




            -- End of Deckard's System Scanner: finished at 2008-04-22 19:50:26 ------------

            Log van 'extra.txt' op volgende bericht ivm met teveel tekens voor 1 bericht.
            ****

            ****

            Comment


            • #7
              Extra.txt

              Deckard's System Scanner v20071014.68
              Extra logfile - please post this as an attachment with your post.
              --------------------------------------------------------------------------------

              -- System Information ----------------------------------------------------------

              Microsoft Windows XP Home Edition (build 2600) SP 2.0
              Architecture: X86; Language: Dutch

              CPU 0: AMD Sempron(tm) Processor 3000+
              Percentage of Memory in Use: 63%
              Physical Memory (total/avail): 383.48 MiB / 139.14 MiB
              Pagefile Memory (total/avail): 1125.38 MiB / 671.71 MiB
              Virtual Memory (total/avail): 2047.88 MiB / 1925.91 MiB

              C: is Fixed (NTFS) - 142.07 GiB total, 111.67 GiB free.
              D: is Fixed (FAT32) - 6.96 GiB total, 3.57 GiB free.
              E: is CDROM (No Media)
              F: is CDROM (No Media)
              G: is Removable (No Media)
              H: is Removable (No Media)
              I: is Removable (No Media)
              J: is Removable (No Media)
              K: is CDROM (No Media)
              L: is CDROM (No Media)
              N: is CDROM (No Media)
              O: is CDROM (No Media)

              \\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 2 partitions
              \PARTITION0 - Unknown - 6.97 GiB - D:
              \PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

              \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

              \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

              \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

              \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



              -- Security Center -------------------------------------------------------------

              AUOptions is scheduled to auto-install.
              Windows Internal Firewall is disabled.

              FirstRunDisabled is set.
              AntivirusOverride is set.

              FW: AVG Firewall 7.5.500 v7.5.500 (@Company_Name)
              AV: AVG 7.5.523 v7.5.523 (Grisoft) Disabled

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
              "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
              "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
              "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
              "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
              "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
              "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*isabled:SopCast Adver"
              "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
              "C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"="C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall"
              "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi Connector USB"
              "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
              "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


              -- Environment Variables -------------------------------------------------------

              ALLUSERSPROFILE=C:\Documents and Settings\All Users
              APPDATA=C:\Documents and Settings\HP_Eigenaar\Application Data
              CLIENTNAME=Console
              CommonProgramFiles=C:\Program Files\Common Files
              COMPUTERNAME=UW-4B58D8528225
              ComSpec=C:\WINDOWS\system32\cmd.exe
              FP_NO_HOST_CHECK=NO
              HOMEDRIVE=C:
              HOMEPATH=\Documents and Settings\HP_Eigenaar
              include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
              lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
              LOGONSERVER=\\UW-4B58D8528225
              MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
              NewEnvironment1=C:\Program Files\PC-Doctor for Windows\
              NUMBER_OF_PROCESSORS=1
              OS=Windows_NT
              Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin
              PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
              PROCESSOR_ARCHITECTURE=x86
              PROCESSOR_IDENTIFIER=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
              PROCESSOR_LEVEL=15
              PROCESSOR_REVISION=1c00
              ProgramFiles=C:\Program Files
              PROMPT=$P$G
              SESSIONNAME=Console
              SystemDrive=C:
              SystemRoot=C:\WINDOWS
              TEMP=C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp
              TMP=C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp
              USERDOMAIN=UW-4B58D8528225
              USERNAME=HP_Eigenaar
              USERPROFILE=C:\Documents and Settings\HP_Eigenaar
              VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
              windir=C:\WINDOWS


              -- User Profiles ---------------------------------------------------------------

              HP_Eigenaar (admin)
              Wilma (admin)
              Gast (guest)


              -- Add/Remove Programs ---------------------------------------------------------

              --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
              --> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
              --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
              --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
              --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
              --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
              --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
              --> C:\WINDOWS\UNRecode.exe /UNINSTALL
              --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
              --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
              --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
              --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x13 -uninst
              Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
              Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
              Acoustica Mixcraft 3.1 --> C:\PROGRA~1\ACOUST~1\Mixcraft3.exe uninstall
              Acoustica Mixcraft 4.1 --> C:\PROGRA~1\ACOUST~3\Unwise.exe
              Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
              Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
              Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
              Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
              Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
              AIM 6 --> C:\Program Files\AIM6\uninst.exe
              Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
              Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
              ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x13
              µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
              AV Voice Changer Software DIAMOND 6.0 --> C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
              AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
              Camtasia Studio 5 --> MsiExec.exe /I{83A936D4-2FE6-4953-95C6-223A7B88B7D8}
              Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
              CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
              Conferencing --> rundll32.exe dfshim.dll,ShArpMaintain Conferencing.application, Culture=neutral, PublicKeyToken=2cc11dba48d2dce1, processorArchitecture=msil
              ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
              Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
              Dance eJay 6 - Deinstallation --> C:\eJay\Dance6\ejay\ejay\deinstal.exe
              Disk Cleaner (remove only) --> "C:\Program Files\Disk Cleaner\uninstall.exe"
              DLDIrc --> "C:\Program Files\DLDIrc\uninstall.exe"
              Eraser 5.86 --> "C:\Program Files\Eraser\unins000.exe"
              EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
              Fake Webcam 4.0.5 --> "C:\Program Files\FC\unins000.exe"
              FreeCall --> "C:\Program Files\FreeCall.com\FreeCall\unins000.exe"
              Freez FLV to MP3 Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
              GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
              Google Earth Pro --> MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
              Google Gears --> MsiExec.exe /I{723D42F0-F00F-3F9F-803C-2DD7E4C2B14B}
              Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
              Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
              Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
              HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
              Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
              HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
              HP Image Zone 4.5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
              HP Image Zone Plus 4.5.3 --> C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
              HP Photosmart-camera's 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
              HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
              HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
              HPIZplus450 --> MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA}
              Hyves Kwekker 1.1b --> C:\Program Files\Hyves Kwekker\uninst.exe
              InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
              InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
              InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
              IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
              iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
              Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
              Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
              KBD --> C:\HP\KBD\KBD.EXE uninstalled
              LimeWire 4.17.4 --> "C:\Program Files\LimeWire\uninstall.exe"
              MediaCoder 0.6.1 --> C:\Program Files\MediaCoder\uninst.exe
              Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
              Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
              Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
              Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
              Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
              Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
              Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
              Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
              Microsoft Office Groove MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
              Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
              Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
              Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
              Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
              Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
              Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
              Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
              Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
              Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
              Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
              Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
              Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
              Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
              Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
              Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
              Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
              Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
              Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
              Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
              Microsoft Visual Studio 2008 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
              Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
              Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
              Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
              Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
              Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
              Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
              Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
              mIRC --> "C:\Program Files\Omerta Script\mirc.exe" -uninstall
              Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
              neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
              Nikon FotoShare --> C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
              Nintendo Wi-Fi USB Connector registratiesoftware --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
              Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
              Omerta Script v2.2 --> "C:\Program Files\Omerta Script\unins000.exe"
              OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
              Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
              Paint.NET v3.20 --> MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
              Pamela Basic 4.0 --> C:\Program Files\Pamela\Uninst.exe
              PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1043
              PE Explorer 1.99 R2 FullVersion --> "C:\Program Files\PE Explorer\unins000.exe"
              Photosmart 320,370,7400,8100,8400 Series (nld) --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
              POV-Ray for Windows v3.6.1c --> C:\PROGRA~1\POV-RA~1.6\unwise.exe C:\PROGRA~1\POV-RA~1.6\install.log
              PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
              Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
              Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
              QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
              Safari --> MsiExec.exe /X{40589552-3892-409E-B92C-9F5032A4B2F0}
              Samsung Mobie USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
              Samsung Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_Mobile_USB_Drivers\SSM_Uninstall.exe
              Samsung PC Studio II 2.0 Internet Access --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7754BD1A-71B0-46B5-9560-1BE856E71423}\Setup.exe" -l0x13
              Samsung PC Studio II 2.0 PIMS & File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E01931-9B3F-49BD-B19B-511000A1E039}\Setup.exe" -l0x13
              Security Task Manager 1.7d --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Menu Start\Programma's\Security Task Manager"
              Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
              Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
              Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
              Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
              Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
              Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
              Shareaza 2.3.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
              Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
              SMAC 1.2 --> C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG
              Smart Install Maker 5.01 --> C:\Program Files\Smart Install Maker\Uninstall.exe
              SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
              Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
              Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
              SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
              Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
              Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
              Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
              SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
              SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
              SWF Opener --> "C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
              System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
              TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
              Trend Micro TrendProtect for Internet Explorer --> MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760}
              Trendyflash Intro Builder --> MsiExec.exe /I{EA4E18F0-E334-41F8-9AB6-7C2E2D1F8CF2}
              TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
              TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
              TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
              Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
              Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
              Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
              VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
              VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
              Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
              Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
              Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
              VoipBuster --> "C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
              Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
              Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
              Windows Internet Explorer 8 Beta 1 --> "C:\WINDOWS\ie8\spuninst\spuninst.exe"
              Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
              Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
              Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
              Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
              Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
              Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
              WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
              WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
              WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall
              Wizzl v0.147 Beta --> MsiExec.exe /I{277E5CA0-5112-4471-AE08-7BBBF829070F}
              Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"


              -- Application Event Log -------------------------------------------------------

              Event Record #/Type7461 / Success
              Event Submitted/Written: 04/22/2008 07:34:24 PM
              Event ID/Source: 12001 / usnjsvc
              Event Description:
              The Messenger Sharing USN Journal Reader service started successfully.

              Event Record #/Type7460 / Error
              Event Submitted/Written: 04/22/2008 07:04:33 PM
              Event ID/Source: 3003 / WinDefendRtp
              Event Description:
              %UW-4B58D852822527 Real-Time Protection-controlepunt heeft een fout aangetroffen en kan niet worden gestart.

              Gebruiker: UW-4B58D8528225\HP_Eigenaar

              Controlepunt-id: 23

              Foutcode: 0x80070005

              Foutbeschrijving: Toegang geweigerd.

              Event Record #/Type7456 / Error
              Event Submitted/Written: 04/22/2008 06:55:38 PM
              Event ID/Source: 100 / AVG7
              Event Description:
              2008-04-22 16:55:38,828 UW-4B58D8528225 [000644:000752] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

              Event Record #/Type7455 / Error
              Event Submitted/Written: 04/22/2008 06:55:38 PM
              Event ID/Source: 100 / AVG7
              Event Description:
              2008-04-22 16:55:38,296 UW-4B58D8528225 [000644:000752] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

              Event Record #/Type7454 / Error
              Event Submitted/Written: 04/22/2008 06:55:37 PM
              Event ID/Source: 100 / AVG7
              Event Description:
              2008-04-22 16:55:37,796 UW-4B58D8528225 [000644:000752] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2



              -- Security Event Log ----------------------------------------------------------

              No Errors/Warnings found.


              -- System Event Log ------------------------------------------------------------

              Event Record #/Type16053 / Error
              Event Submitted/Written: 04/22/2008 06:58:33 PM
              Event ID/Source: 10005 / DCOM
              Event Description:
              DCOM kreeg foutmelding '%%1058' bij het starten van de upnphost-service met de argumenten ''
              om de server
              {204810B9-73B2-11D4-BF42-00B0D0118B56} te starten

              Event Record #/Type16052 / Error
              Event Submitted/Written: 04/22/2008 06:58:33 PM
              Event ID/Source: 10005 / DCOM
              Event Description:
              DCOM kreeg foutmelding '%%1058' bij het starten van de upnphost-service met de argumenten ''
              om de server
              {204810B9-73B2-11D4-BF42-00B0D0118B56} te starten

              Event Record #/Type16041 / Error
              Event Submitted/Written: 04/22/2008 06:58:28 PM
              Event ID/Source: 7000 / Service Control Manager
              Event Description:
              De Webroot Spy Sweeper Engine-service kan vanwege de volgende fout niet worden gestart:
              %%1053

              Event Record #/Type16040 / Error
              Event Submitted/Written: 04/22/2008 06:58:28 PM
              Event ID/Source: 7009 / Service Control Manager
              Event Description:
              Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Webroot Spy Sweeper Engine.

              Event Record #/Type16039 / Error
              Event Submitted/Written: 04/22/2008 06:58:28 PM
              Event ID/Source: 7000 / Service Control Manager
              Event Description:
              De LogMeIn Kernel Information Provider-service kan vanwege de volgende fout niet worden gestart:
              %%3



              -- End of Deckard's System Scanner: finished at 2008-04-22 19:50:26 ------------
              'Zoek' Log.txt
              ======C:\WINDOWS====
              ----a-w 0 2008-04-22 16:58:04 C:\WINDOWS\0.log
              --s-a-w 2,048 2008-04-22 16:56:31 C:\WINDOWS\bootstat.dat
              ----a-w 17 2008-03-17 19:17:12 C:\WINDOWS\d_eJay6.inf
              ----a-w 680,960 2008-04-12 19:52:39 C:\WINDOWS\is-AKREP.exe
              ----a-w 1,402 2008-04-12 19:52:39 C:\WINDOWS\is-AKREP.lst
              ----a-w 10,517 2008-04-12 19:52:39 C:\WINDOWS\is-AKREP.msg
              ----a-w 675,328 2008-04-12 19:53:22 C:\WINDOWS\is-LO5JN.exe
              ----a-w 752 2008-04-12 19:53:22 C:\WINDOWS\is-LO5JN.lst
              ----a-w 10,453 2008-04-12 19:53:22 C:\WINDOWS\is-LO5JN.msg
              ----a-w 185 2008-03-23 16:02:07 C:\WINDOWS\mdm.ini
              ----a-w 1,952 2008-04-13 12:52:21 C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
              ----a-w 69 2008-04-21 15:21:53 C:\WINDOWS\NeroDigital.ini
              ----a-w 137,614 2008-04-22 16:51:29 C:\WINDOWS\ntbtlog.txt
              ----a-w 1,409 2008-03-29 18:17:52 C:\WINDOWS\QTFont.for
              ---ha-w 54,156 2008-04-20 09:53:57 C:\WINDOWS\QTFont.qfn
              ----a-w 32,574 2008-04-22 16:48:08 C:\WINDOWS\SchedLgU.Txt
              ------w 0 2008-04-13 09:49:50 C:\WINDOWS\Sti_Trace.log
              ----a-w 256 2008-04-22 15:41:47 C:\WINDOWS\system.ini
              ----a-w 358 2008-04-06 14:41:52 C:\WINDOWS\system32PDAE.001
              ----a-w 376 2008-04-06 15:16:30 C:\WINDOWS\system32PXJA.001
              ----a-w 23,712 2008-04-06 16:35:27 C:\WINDOWS\system32PXJA.002
              ----a-w 30,568 2008-04-06 16:35:52 C:\WINDOWS\system32PXJA.005
              ----a-w 120,968 2008-04-06 16:10:10 C:\WINDOWS\system32PXJA.008
              ----a-w 986,114 2008-04-06 16:27:48 C:\WINDOWS\system32PXJA.009
              ----a-w 159 2008-04-22 16:57:27 C:\WINDOWS\wiadebug.log
              ----a-w 49 2008-04-22 16:57:17 C:\WINDOWS\wiaservc.log
              ----a-w 892 2008-04-13 09:49:44 C:\WINDOWS\win.ini
              ----a-w 961,141 2008-04-22 16:59:12 C:\WINDOWS\WindowsUpdate.log

              Entries: 28 (26)
              Directories: 0 Files: 28
              Bytes: 3,734,029 Blocks: 7,305
              ======C:\WINDOWS\system32=====
              --sh--w 414 2008-04-21 19:23:19 C:\WINDOWS\System32\amrvnswy.ini
              ----a-w 110,592 2008-04-29 12:55:09 C:\WINDOWS\System32\avgfwafu.dll
              ----a-w 9,216 2008-04-29 12:55:09 C:\WINDOWS\System32\avgwlntf.dll
              ----a-w 34,308 2008-04-03 19:23:17 C:\WINDOWS\System32\BASSMOD.dll
              --sh--r 80 2008-04-10 19:34:18 C:\WINDOWS\System32\E62AA7FFCD.dll
              ----a-w 294,072 2008-04-10 07:32:35 C:\WINDOWS\System32\FNTCACHE.DAT
              --sh--w 354 2008-04-20 09:39:24 C:\WINDOWS\System32\ghkgeoum.ini
              ---ha-w 60,200 2008-04-20 11:56:17 C:\WINDOWS\System32\mlfcache.dat
              ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
              --sh--w 1,540,797 2008-04-21 19:34:31 C:\WINDOWS\System32\nesyurph.ini
              ----a-w 72,960 2008-04-28 07:34:55 C:\WINDOWS\System32\perfc009.dat
              ----a-w 93,218 2008-04-28 07:34:56 C:\WINDOWS\System32\perfc013.dat
              ----a-w 446,006 2008-04-28 07:34:55 C:\WINDOWS\System32\perfh009.dat
              ----a-w 514,242 2008-04-28 07:34:56 C:\WINDOWS\System32\perfh013.dat
              ----a-w 1,140,722 2008-04-28 07:34:53 C:\WINDOWS\System32\PerfStringBackup.INI
              ----a-w 3,938 2008-03-24 11:52:53 C:\WINDOWS\System32\qtplugin.log
              ----a-w 10,045 2008-04-19 15:59:18 C:\WINDOWS\System32\QuickTime.qtp
              ----a-w 800,405 2008-04-21 22:01:46 C:\WINDOWS\System32\RVAXO.bat
              ----a-w 6 2008-03-24 15:18:53 C:\WINDOWS\System32\securedll.inf
              ----a-w 306,432 2008-03-16 11:22:06 C:\WINDOWS\System32\TuneUpDefragService.exe
              ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
              ----a-w 1,158 2008-04-17 12:46:52 C:\WINDOWS\System32\wpa.dbl

              Entries: 22 (17)
              Directories: 0 Files: 22
              Bytes: 27,120,565 Blocks: 52,982
              ======C:\WINDOWS\system32\drivers=====
              ----a-w 821,856 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avg7core.sys
              ----a-w 4,224 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avg7rsw.sys
              ----a-w 27,776 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avg7rsxp.sys
              ----a-w 10,760 2008-04-29 12:55:07 C:\WINDOWS\System32\drivers\avgclean.sys
              ----a-w 26,952 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avgmfx86.sys
              ----a-w 4,960 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avgtdi.sys

              Entries: 6 (6)
              Directories: 0 Files: 6
              Bytes: 896,528 Blocks: 1,755
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              ----a-w 2,811 2008-04-13 22:03:28 C:\APIHook.log
              ------w 12,615,263 2008-04-05 11:55:56 C:\avg7qt.dat
              --sh--r 461 2008-03-29 15:57:29 C:\boot.ini
              ----a-w 4,145 2008-04-22 15:54:21 C:\Bug.txt
              ----a-w 20,941 2008-04-22 15:52:37 C:\ComboFix.txt
              ----a-w 669 2008-04-22 15:18:48 C:\DAMLog.log
              ----a-w 376 2008-04-22 16:54:20 C:\firstrun5.log
              --sha-w 402,182,144 2008-04-22 16:56:24 C:\hiberfil.sys
              ----a-w 164 2008-03-21 13:07:05 C:\install.dat
              ----a-w 4,495 2008-04-28 23:09:16 C:\MSNFix.txt
              --sha-w 817,889,280 2008-04-22 16:56:08 C:\pagefile.sys
              ----a-w 511 2008-04-22 16:58:58 C:\RVAXO-results.log
              ----a-w 33,442 2008-04-22 17:04:00 C:\RVAXO-Vfind.log

              Entries: 13 (10)
              Directories: 0 Files: 13
              Bytes: 1,232,754,702 Blocks: 2,407,729
              ======C:\Documents and Settings\HP_Eigenaar\Application Data======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Temp======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Documents and Settings\HP_Eigenaar======
              ----a-w 1,569 2008-03-17 15:29:12 C:\Documents and Settings\HP_Eigenaar\.recently-used.xbel
              ----a-w 5,767,168 2008-04-22 16:54:30 C:\Documents and Settings\HP_Eigenaar\NTUSER.DAT
              ---ha-w 53,248 2008-04-22 17:50:43 C:\Documents and Settings\HP_Eigenaar\ntuser.dat.LOG
              --sh--w 188 2008-04-22 16:45:07 C:\Documents and Settings\HP_Eigenaar\ntuser.ini

              Entries: 4 (2)
              Directories: 0 Files: 4
              Bytes: 5,822,173 Blocks: 11,373
              ======C:\WINDOWS\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============
              ****

              ****

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                sc delete xseaqwt
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\System32\amrvnswy.ini
                C:\WINDOWS\System32\ghkgeoum.ini
                C:\WINDOWS\System32\nesyurph.ini
                C:\WINDOWS\System32\securedll.inf) DO (
                del /q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post het logje van del.bat

                Comment


                • #9
                  Deleting files
                  C:\WINDOWS\System32\amrvnswy.ini deleted
                  C:\WINDOWS\System32\ghkgeoum.ini deleted
                  C:\WINDOWS\System32\nesyurph.ini deleted
                  C:\WINDOWS\System32\securedll.inf deleted
                  ****

                  ****

                  Comment


                  • #10
                    Dat was snel

                    Je Java software is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                    • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Dan denk ik dat we klaar zijn

                    Comment


                    • #11
                      ha ja ik kwam net online toen je het postte :P

                      bedankt!! ik zie idd geen reclame meer en ik ben nu java aant instaleren, die aanvallen in mn windows map zijn ook weg, krijg geen berichten meer van adwatch met: naam.dll probeert in de map windows te komen etc


                      Super bedankt!
                      ****

                      ****

                      Comment


                      • #12
                        Graag gedaan hoor

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X