Mededeling

**Roxas** · 22-04-08, 16:47

Oorspronkelijk geplaatst door Roxas Bekijk Berichten

eey!

ik heb sinds een paar dagen dat ik steeds ineens reclame schermen krijg (adware dus) maar ik kan nergens vinden waar het vandaan komt,
en laatst zag ik ook nog is bij processen iets genaamd: 'perfect keylogger'
staan, toen ik het googlede zag ik dus dat het zo'n remote keylogger is dus dat iemand gezellig aan het mee lezen is.

ik zet het steeds snel uit via processen maar het is wel irritant en ik weet niet waar het vandaan komt.

hier is de log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:28, on 20-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [BMe350e1bc] Rundll32.exe "C:\WINDOWS\system32\fdlahoht.dll",s
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\eMail ID\OEAddOn\OEdmn_3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-1003422176-2839342723-3823813306-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Wilma')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 Startup: opware32.lnk = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (User 'Wilma')
O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 Startup: SpamFighter.lnk = C:\Program Files\SPAMfighter\SFAgent.exe (User 'Wilma')
O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 User Startup: opware32.lnk = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (User 'Wilma')
O4 - S-1-5-21-1003422176-2839342723-3823813306-1009 User Startup: SpamFighter.lnk = C:\Program Files\SPAMfighter\SFAgent.exe (User 'Wilma')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\eMail ID\IEAddOn\IconixBHO_31.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6967 bytes

update:
als ik bijv hyves bezoek en ik kijk wat foto's, dan veranderen die foto's in reclame, dus die adware zit er ook bij.

Zelf denk ik dat de infectie zichzelf bij processen rundll92 heeft genoemd, omdat ik die normaal nooit zie als gebruikers bestand (meestal onder de naam system dus)

greetss
Emile

excuses mag deze verwijderd worden, ik dacht dat het bewerken was want die stond er boven niet meer bij (ik wou er een update bijzetten)

ik wil de tijd die ik normaal moest wachten gewoon blijven wachten,want ik bedoelde het echt niet op een manier om weer boven aan de lijst te komen.
Ik wou het bericht aanpassen, maar de bewerk knop was er niet, en toen klikte ik op 'op meerdere berichten reageren' perongeluk omdat ik snel handelde en dacht dat dat wijzigen was.

**smeenk** · 22-04-08, 18:19

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook een nieuw logje van Hijackthis

**Roxas** · 22-04-08, 19:33

VirtumundoBeGone log:

[04/22/2008, 18:20:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Eigenaar\Local Settings\Temp\wz283f\VirtumundoBeGone.exe" )
[04/22/2008, 18:21:10] - Detected System Information:
[04/22/2008, 18:21:10] - Windows Version: 5.1.2600, Service Pack 2
[04/22/2008, 18:21:10] - Current Username: HP_Eigenaar (Admin)
[04/22/2008, 18:21:10] - Windows is in NORMAL mode.
[04/22/2008, 18:21:10] - Searching for Browser Helper Objects:
[04/22/2008, 18:21:10] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/22/2008, 18:21:10] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/22/2008, 18:21:10] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/22/2008, 18:21:10] - Finished Searching Browser Helper Objects
[04/22/2008, 18:21:10] - Finishing up...
[04/22/2008, 18:21:10] - Nothing found! Exiting...

RVAXO Log:

---RVAXO.exe Updated: 2008-04-22---first run---
Uninstallers:

Files found:
C:\WINDOWS\BMe350e1bc.xml
C:\WINDOWS\BMe350e1bc.txt
C:\WINDOWS\wininit.ini
C:\WINDOWS\hreg.dll
C:\WINDOWS\system32\actskn45.ocx

Folders Found:
C:\WINDOWS\system32\CSpool

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

**smeenk** · 22-04-08, 19:36

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje ook

**Roxas** · 22-04-08, 19:57

Main.txt

Deckard's System Scanner v20071014.68
Run by HP_Eigenaar on 2008-04-22 19:45:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 1 Restore Point(s) --
1: 2008-04-22 17:46:13 UTC - RP1 - Deckard's System Scanner Restore Point

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).

-- HijackThis (run as HP_Eigenaar.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:20, on 22-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\HP_Eigenaar\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Eigenaar.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5997 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080422-171144-240 O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\nnnkIYoL.dll (file missing)
backup-20080422-171144-260 O2 - BHO: (no name) - {2C3CA6CE-9542-4545-A31D-F998DF1B2C6B} - C:\WINDOWS\system32\fcccdBuv.dll (file missing)
backup-20080422-171144-415 O2 - BHO: {e393a6d8-15c3-b80a-7bf4-5ef02a01ea5a} - {a5ae10a2-0fe5-4fb7-a08b-3c518d6a393e} - C:\WINDOWS\system32\lrsseahc.dll
backup-20080422-171144-790 O20 - Winlogon Notify: nnnkIYoL - nnnkIYoL.dll (file missing)
backup-20080422-171144-968 O4 - HKLM\..\Run: [BMe350e1bc] Rundll32.exe "C:\WINDOWS\system32\afmrngbl.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 intelppm (Intel GV3-processorstuurprogramma) - c:\windows\system32\drivers\intelppm.sys (file missing)
S2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\x86\rainfo.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 TMPassthruMP - c:\windows\system32\drivers\tmpassthru.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 gupdate1c8740097825142 (Google Update Service (gupdate1c8740097825142)) - "c:\program files\google\update\1.0.103.3\googleupdate.exe" /svc (file missing)
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
S4 Planner voor Automatische LiveUpdate - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 19:00:56 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-20 12:55:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-12 12:00:44 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-02-09 15:54:37 252 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job

-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-29 15:02:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-29 14:55:17 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\AVG7
2008-04-29 14:54:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-29 14:40:26 0 d-------- C:\Program Files\Windows Defender
2008-04-29 14:30:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-29 01:28:15 0 d-------- C:\MSNCleaner
2008-04-22 18:57:57 0 d-------- C:\RVAXO
2008-04-22 18:53:46 800405 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-22 18:53:46 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-22 18:51:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-22 17:55:08 0 dr-h----- C:\Documents and Settings\HP_Eigenaar\Onlangs geopend
2008-04-22 16:41:25 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Help
2008-04-21 17:01:55 0 d-------- C:\Program Files\BearShare
2008-04-21 16:26:08 0 d-------- C:\Program Files\MediaCoder
2008-04-20 13:56:17 60200 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-20 12:57:09 0 d-------- C:\Program Files\Safari
2008-04-20 12:54:52 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 10:15:00 0 d-------- C:\Documents and Settings\Wilma\Application Data\Webroot
2008-04-19 17:56:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-19 17:55:31 0 d-------- C:\Program Files\Webroot
2008-04-19 17:55:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-19 17:42:38 0 d-------- C:\BackUpMSNCleaner
2008-04-12 22:20:33 0 d-------- C:\Program Files\Acoustica Mixcraft 4
2008-04-12 21:53:22 675328 --a------ C:\WINDOWS\is-LO5JN.exe <Not Verified; ; Inno Setup>
2008-04-12 21:52:39 680960 --a------ C:\WINDOWS\is-AKREP.exe
2008-04-10 22:51:25 0 d-------- C:\Documents and Settings\Gast\Application Data\Macromedia
2008-04-10 22:51:25 0 d-------- C:\Documents and Settings\Gast\Application Data\Adobe
2008-04-10 22:50:07 0 d-------- C:\Documents and Settings\Gast\Application Data\Mozilla
2008-04-10 22:48:14 0 d-------- C:\Documents and Settings\Gast\Application Data\AVG7
2008-04-10 21:33:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2008-04-10 21:05:29 80 -r-hs---- C:\WINDOWS\system32\E62AA7FFCD.dll
2008-04-10 20:12:22 0 d-------- C:\Program Files\HTV
2008-04-09 14:24:57 0 d-------- C:\Documents and Settings\Wilma\.jordan
2008-04-06 18:06:17 0 d-------- C:\Program Files\FC
2008-04-05 13:55:55 12615263 -----n--- C:\avg7qt.dat
2008-04-03 21:24:17 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Google
2008-04-03 15:41:10 0 d-------- C:\Program Files\Hyves Kwekker
2008-04-03 13:56:53 0 d-------- C:\Documents and Settings\Wilma\Application Data\Acoustica
2008-04-03 13:54:00 0 dr-h----- C:\Documents and Settings\Wilma\Onlangs geopend
2008-03-30 12:38:19 0 d-------- C:\Documents and Settings\Wilma\Application Data\AVG7
2008-03-29 18:41:10 0 dr-h----- C:\$VAULT$.AVG
2008-03-26 18:50:03 0 d-------- C:\Program Files\IrfanView
2008-03-25 20:37:45 556544 --a------ C:\WINDOWS\system32\NexPlayerX.dll <Not Verified; NEXTREAMING; NexPlayerX Module>
2008-03-25 20:37:16 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-25 20:37:16 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-25 20:37:16 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-25 20:37:15 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-25 20:37:15 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-25 20:37:14 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-25 20:37:14 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-25 20:37:14 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-03-24 18:43:57 0 d-------- C:\Program Files\SourceTec
2008-03-24 17:01:19 0 d-------- C:\Program Files\TrendyFlash Intro Builder
2008-03-24 14:02:13 0 d-------- C:\Documents and Settings\Wilma\Application Data\ArcSoft
2008-03-24 13:53:22 212480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-03-24 13:53:21 230400 --a------ C:\WINDOWS\system32\DC265.DLL <Not Verified; Eastman Kodak Company; DC265 SDK Win32 Ver.1.0.0600>
2008-03-24 13:53:21 434176 --a------ C:\WINDOWS\system32\DC120V15_32.DLL <Not Verified; Eastman Kodak Japan; DC120 SDK Library Win32 Ver.1.5>
2008-03-24 13:53:16 0 d-------- C:\Program Files\Nikon
2008-03-24 13:52:56 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-03-24 13:52:39 0 d-------- C:\WINDOWS\system32\QuickTime
2008-03-24 13:52:10 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-03-24 13:52:10 0 d-------- C:\Program Files\ArcSoft
2008-03-22 19:44:32 0 d-------- C:\Program Files\BDS Protec
2008-03-22 17:36:40 0 d-------- C:\Program Files\Smart Install Maker

-- Find3M Report ---------------------------------------------------------------

2008-04-28 09:34:56 514242 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-28 09:34:56 93218 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-22 18:58:34 0 d-------- C:\Program Files\SPAMfighter
2008-04-22 16:41:26 0 d-------- C:\Program Files\Security Task Manager
2008-04-21 21:57:49 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Skype
2008-04-21 18:01:51 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-04-20 17:18:18 0 d-------- C:\Program Files\Common Files
2008-04-20 13:47:03 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Apple Computer
2008-04-20 12:07:17 0 d-------- C:\Program Files\Trend Micro
2008-04-20 12:04:37 0 d-------- C:\Program Files\SpywareBlaster
2008-04-19 17:54:59 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\uTorrent
2008-04-13 21:31:33 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Canon
2008-04-12 22:32:10 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-04-12 18:43:06 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Adobe
2008-04-12 16:14:35 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\FreeCall
2008-04-12 13:12:34 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Macromedia
2008-04-12 12:05:59 0 d-------- C:\Program Files\Opera
2008-04-04 21:26:51 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\TeamViewer
2008-04-03 20:40:11 0 d-------- C:\Program Files\Google
2008-03-29 18:43:39 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-25 20:41:14 0 d-------- C:\Program Files\SAMSUNG
2008-03-25 20:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 13:53:12 0 d-------- C:\Program Files\QuickTime
2008-03-22 23:18:30 0 d-------- C:\Program Files\Omerta Script
2008-03-21 17:59:58 0 d-------- C:\Program Files\Smallvideosoft
2008-03-21 17:57:31 0 d-------- C:\Program Files\UnH Solutions
2008-03-21 16:47:45 0 d-------- C:\Program Files\Hitman Pro
2008-03-21 15:08:01 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\PC Tools
2008-03-21 15:07:05 164 --a------ C:\install.dat
2008-03-21 15:06:48 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Webroot
2008-03-21 15:06:39 0 d-------- C:\Program Files\Lavasoft
2008-03-17 21:19:18 0 d-------- C:\Program Files\Windows Media Components
2008-03-17 17:29:13 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\gtk-2.0
2008-03-16 13:22:27 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-12 19:24:05 0 d-------- C:\Program Files\TVAnts
2008-03-11 18:51:50 0 d-------- C:\Program Files\Shareaza
2008-03-11 18:51:21 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\LimeWire
2008-03-10 20:24:53 0 d-------- C:\Program Files\LimeWire
2008-03-10 12:39:32 0 d-------- C:\Program Files\SopCast
2008-03-09 17:09:34 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\mIRC
2008-03-09 16:59:38 0 d-------- C:\Program Files\mIRC
2008-03-09 14:02:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-09 01:52:10 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-03-06 14:30:47 0 d-------- C:\Program Files\Belastingdienst
2008-03-01 19:42:14 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Orbit
2008-03-01 17:24:22 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\TVU networks
2008-03-01 17:24:10 0 d-------- C:\Program Files\TVUPlayer
2008-02-29 00:44:03 0 d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\VoipBuster
2008-02-29 00:42:37 0 d-------- C:\Program Files\VoipBuster.com
2008-02-29 00:30:44 0 d-------- C:\Program Files\FreeCall.com
2008-02-23 00:25:54 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic per Windows>
2008-02-22 21:44:45 0 d-------- C:\Program Files\TeamViewer3
2008-02-22 16:57:06 0 d-------- C:\Program Files\SpywareGuard
2008-02-22 16:49:44 0 d-------- C:\Program Files\Windows Live
2008-02-19 20:34:12 75883 --a------ C:\WINDOWS\system32\Fix.bat
2008-02-17 17:59:59 335 --a------ C:\WINDOWS\mozregistry.dat
2008-02-17 15:07:49 2324352 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
2008-02-10 21:40:59 681 --a------ C:\WINDOWS\mozver.dat
2008-02-10 00:42:27 53760 --a------ C:\WINDOWS\system32\Squeeze.dll <Not Verified; ; ZLib.DLL>
2008-02-10 00:00:42 28 --a------ C:\WINDOWS\system32\slootniw01.dll
2008-02-08 16:27:55 3461 --a------ C:\WINDOWS\unins000.dat
2008-02-08 16:24:30 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-07 15:47:53 10795 --a------ C:\WINDOWS\system32\whitelist
2008-01-28 19:22:01 34 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.log
2008-01-28 19:21:43 47360 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-28 19:21:43 1144 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.inf
2008-01-28 19:21:43 7887 --a------ C:\Documents and Settings\HP_Eigenaar\Application Data\pcouffin.cat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14-04-2004 22:43]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2006 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15-04-2008 10:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [25-05-2005 13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoManageMyComputerVerb"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 29-04-2008 14:55 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15-11-2007 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c8740097825142"=2 (0x2)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Eraser"=C:\Program Files\Eraser\eraser.exe -hide
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

-- End of Deckard's System Scanner: finished at 2008-04-22 19:50:26 ------------

Log van 'extra.txt' op volgende bericht ivm met teveel tekens voor 1 bericht.

**Roxas** · 22-04-08, 19:58

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 383.48 MiB / 139.14 MiB
Pagefile Memory (total/avail): 1125.38 MiB / 671.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.91 MiB

C: is Fixed (NTFS) - 142.07 GiB total, 111.67 GiB free.
D: is Fixed (FAT32) - 6.96 GiB total, 3.57 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
N: is CDROM (No Media)
O: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 6.97 GiB - D:
\PARTITION1 (bootable) - Installable File System - 142.07 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: AVG Firewall 7.5.500 v7.5.500 (@Company_Name)
AV: AVG 7.5.523 v7.5.523 (Grisoft) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*

isabled:SopCast Adver"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"="C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi Connector USB"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Eigenaar\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=UW-4B58D8528225
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Eigenaar
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\UW-4B58D8528225
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NewEnvironment1=C:\Program Files\PC-Doctor for Windows\
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp
USERDOMAIN=UW-4B58D8528225
USERNAME=HP_Eigenaar
USERPROFILE=C:\Documents and Settings\HP_Eigenaar
VS90COMNTOOLS=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Eigenaar (admin)
Wilma (admin)
Gast (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
--> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
--> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
--> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
--> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x13 -uninst
Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 3.1 --> C:\PROGRA~1\ACOUST~1\Mixcraft3.exe uninstall
Acoustica Mixcraft 4.1 --> C:\PROGRA~1\ACOUST~3\Unwise.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x13
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AV Voice Changer Software DIAMOND 6.0 --> C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Camtasia Studio 5 --> MsiExec.exe /I{83A936D4-2FE6-4953-95C6-223A7B88B7D8}
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conferencing --> rundll32.exe dfshim.dll,ShArpMaintain Conferencing.application, Culture=neutral, PublicKeyToken=2cc11dba48d2dce1, processorArchitecture=msil
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Dance eJay 6 - Deinstallation --> C:\eJay\Dance6\ejay\ejay\deinstal.exe
Disk Cleaner (remove only) --> "C:\Program Files\Disk Cleaner\uninstall.exe"
DLDIrc --> "C:\Program Files\DLDIrc\uninstall.exe"
Eraser 5.86 --> "C:\Program Files\Eraser\unins000.exe"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Fake Webcam 4.0.5 --> "C:\Program Files\FC\unins000.exe"
FreeCall --> "C:\Program Files\FreeCall.com\FreeCall\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth Pro --> MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Gears --> MsiExec.exe /I{723D42F0-F00F-3F9F-803C-2DD7E4C2B14B}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.5.3 --> C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart-camera's 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450 --> MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA}
Hyves Kwekker 1.1b --> C:\Program Files\Hyves Kwekker\uninst.exe
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LimeWire 4.17.4 --> "C:\Program Files\LimeWire\uninstall.exe"
MediaCoder 0.6.1 --> C:\Program Files\MediaCoder\uninst.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2008 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
mIRC --> "C:\Program Files\Omerta Script\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon FotoShare --> C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nintendo Wi-Fi USB Connector registratiesoftware --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
Omerta Script v2.2 --> "C:\Program Files\Omerta Script\unins000.exe"
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Paint.NET v3.20 --> MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
Pamela Basic 4.0 --> C:\Program Files\Pamela\Uninst.exe
PC-Doctor for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1043
PE Explorer 1.99 R2 FullVersion --> "C:\Program Files\PE Explorer\unins000.exe"
Photosmart 320,370,7400,8100,8400 Series (nld) --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
POV-Ray for Windows v3.6.1c --> C:\PROGRA~1\POV-RA~1.6\unwise.exe C:\PROGRA~1\POV-RA~1.6\install.log
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Safari --> MsiExec.exe /X{40589552-3892-409E-B92C-9F5032A4B2F0}
Samsung Mobie USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x13 -removeonly
Samsung Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_Mobile_USB_Drivers\SSM_Uninstall.exe
Samsung PC Studio II 2.0 Internet Access --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7754BD1A-71B0-46B5-9560-1BE856E71423}\Setup.exe" -l0x13
Samsung PC Studio II 2.0 PIMS & File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E01931-9B3F-49BD-B19B-511000A1E039}\Setup.exe" -l0x13
Security Task Manager 1.7d --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Menu Start\Programma's\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shareaza 2.3.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMAC 1.2 --> C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG
Smart Install Maker 5.01 --> C:\Program Files\Smart Install Maker\Uninstall.exe
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SWF Opener --> "C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
Trend Micro TrendProtect for Internet Explorer --> MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760}
Trendyflash Intro Builder --> MsiExec.exe /I{EA4E18F0-E334-41F8-9AB6-7C2E2D1F8CF2}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VoipBuster --> "C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 1 --> "C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall
Wizzl v0.147 Beta --> MsiExec.exe /I{277E5CA0-5112-4471-AE08-7BBBF829070F}
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type7461 / Success
Event Submitted/Written: 04/22/2008 07:34:24 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7460 / Error
Event Submitted/Written: 04/22/2008 07:04:33 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%UW-4B58D852822527 Real-Time Protection-controlepunt heeft een fout aangetroffen en kan niet worden gestart.

Gebruiker: UW-4B58D8528225\HP_Eigenaar

Controlepunt-id: 23

Foutcode: 0x80070005

Foutbeschrijving: Toegang geweigerd.

Event Record #/Type7456 / Error
Event Submitted/Written: 04/22/2008 06:55:38 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-04-22 16:55:38,828 UW-4B58D8528225 [000644:000752] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

Event Record #/Type7455 / Error
Event Submitted/Written: 04/22/2008 06:55:38 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-04-22 16:55:38,296 UW-4B58D8528225 [000644:000752] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

Event Record #/Type7454 / Error
Event Submitted/Written: 04/22/2008 06:55:37 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-04-22 16:55:37,796 UW-4B58D8528225 [000644:000752] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type16053 / Error
Event Submitted/Written: 04/22/2008 06:58:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de upnphost-service met de argumenten ''
om de server
{204810B9-73B2-11D4-BF42-00B0D0118B56} te starten

Event Record #/Type16052 / Error
Event Submitted/Written: 04/22/2008 06:58:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1058' bij het starten van de upnphost-service met de argumenten ''
om de server
{204810B9-73B2-11D4-BF42-00B0D0118B56} te starten

Event Record #/Type16041 / Error
Event Submitted/Written: 04/22/2008 06:58:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De Webroot Spy Sweeper Engine-service kan vanwege de volgende fout niet worden gestart:
%%1053

Event Record #/Type16040 / Error
Event Submitted/Written: 04/22/2008 06:58:28 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Webroot Spy Sweeper Engine.

Event Record #/Type16039 / Error
Event Submitted/Written: 04/22/2008 06:58:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De LogMeIn Kernel Information Provider-service kan vanwege de volgende fout niet worden gestart:
%%3

-- End of Deckard's System Scanner: finished at 2008-04-22 19:50:26 ------------

'Zoek' Log.txt

======C:\WINDOWS====
----a-w 0 2008-04-22 16:58:04 C:\WINDOWS\0.log
--s-a-w 2,048 2008-04-22 16:56:31 C:\WINDOWS\bootstat.dat
----a-w 17 2008-03-17 19:17:12 C:\WINDOWS\d_eJay6.inf
----a-w 680,960 2008-04-12 19:52:39 C:\WINDOWS\is-AKREP.exe
----a-w 1,402 2008-04-12 19:52:39 C:\WINDOWS\is-AKREP.lst
----a-w 10,517 2008-04-12 19:52:39 C:\WINDOWS\is-AKREP.msg
----a-w 675,328 2008-04-12 19:53:22 C:\WINDOWS\is-LO5JN.exe
----a-w 752 2008-04-12 19:53:22 C:\WINDOWS\is-LO5JN.lst
----a-w 10,453 2008-04-12 19:53:22 C:\WINDOWS\is-LO5JN.msg
----a-w 185 2008-03-23 16:02:07 C:\WINDOWS\mdm.ini
----a-w 1,952 2008-04-13 12:52:21 C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
----a-w 69 2008-04-21 15:21:53 C:\WINDOWS\NeroDigital.ini
----a-w 137,614 2008-04-22 16:51:29 C:\WINDOWS\ntbtlog.txt
----a-w 1,409 2008-03-29 18:17:52 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-04-20 09:53:57 C:\WINDOWS\QTFont.qfn
----a-w 32,574 2008-04-22 16:48:08 C:\WINDOWS\SchedLgU.Txt
------w 0 2008-04-13 09:49:50 C:\WINDOWS\Sti_Trace.log
----a-w 256 2008-04-22 15:41:47 C:\WINDOWS\system.ini
----a-w 358 2008-04-06 14:41:52 C:\WINDOWS\system32PDAE.001
----a-w 376 2008-04-06 15:16:30 C:\WINDOWS\system32PXJA.001
----a-w 23,712 2008-04-06 16:35:27 C:\WINDOWS\system32PXJA.002
----a-w 30,568 2008-04-06 16:35:52 C:\WINDOWS\system32PXJA.005
----a-w 120,968 2008-04-06 16:10:10 C:\WINDOWS\system32PXJA.008
----a-w 986,114 2008-04-06 16:27:48 C:\WINDOWS\system32PXJA.009
----a-w 159 2008-04-22 16:57:27 C:\WINDOWS\wiadebug.log
----a-w 49 2008-04-22 16:57:17 C:\WINDOWS\wiaservc.log
----a-w 892 2008-04-13 09:49:44 C:\WINDOWS\win.ini
----a-w 961,141 2008-04-22 16:59:12 C:\WINDOWS\WindowsUpdate.log

Entries: 28 (26)
Directories: 0 Files: 28
Bytes: 3,734,029 Blocks: 7,305
======C:\WINDOWS\system32=====
--sh--w 414 2008-04-21 19:23:19 C:\WINDOWS\System32\amrvnswy.ini
----a-w 110,592 2008-04-29 12:55:09 C:\WINDOWS\System32\avgfwafu.dll
----a-w 9,216 2008-04-29 12:55:09 C:\WINDOWS\System32\avgwlntf.dll
----a-w 34,308 2008-04-03 19:23:17 C:\WINDOWS\System32\BASSMOD.dll
--sh--r 80 2008-04-10 19:34:18 C:\WINDOWS\System32\E62AA7FFCD.dll
----a-w 294,072 2008-04-10 07:32:35 C:\WINDOWS\System32\FNTCACHE.DAT
--sh--w 354 2008-04-20 09:39:24 C:\WINDOWS\System32\ghkgeoum.ini
---ha-w 60,200 2008-04-20 11:56:17 C:\WINDOWS\System32\mlfcache.dat
----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
--sh--w 1,540,797 2008-04-21 19:34:31 C:\WINDOWS\System32\nesyurph.ini
----a-w 72,960 2008-04-28 07:34:55 C:\WINDOWS\System32\perfc009.dat
----a-w 93,218 2008-04-28 07:34:56 C:\WINDOWS\System32\perfc013.dat
----a-w 446,006 2008-04-28 07:34:55 C:\WINDOWS\System32\perfh009.dat
----a-w 514,242 2008-04-28 07:34:56 C:\WINDOWS\System32\perfh013.dat
----a-w 1,140,722 2008-04-28 07:34:53 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 3,938 2008-03-24 11:52:53 C:\WINDOWS\System32\qtplugin.log
----a-w 10,045 2008-04-19 15:59:18 C:\WINDOWS\System32\QuickTime.qtp
----a-w 800,405 2008-04-21 22:01:46 C:\WINDOWS\System32\RVAXO.bat
----a-w 6 2008-03-24 15:18:53 C:\WINDOWS\System32\securedll.inf
----a-w 306,432 2008-03-16 11:22:06 C:\WINDOWS\System32\TuneUpDefragService.exe
----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
----a-w 1,158 2008-04-17 12:46:52 C:\WINDOWS\System32\wpa.dbl

Entries: 22 (17)
Directories: 0 Files: 22
Bytes: 27,120,565 Blocks: 52,982
======C:\WINDOWS\system32\drivers=====
----a-w 821,856 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avg7core.sys
----a-w 4,224 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avg7rsw.sys
----a-w 27,776 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avg7rsxp.sys
----a-w 10,760 2008-04-29 12:55:07 C:\WINDOWS\System32\drivers\avgclean.sys
----a-w 26,952 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avgmfx86.sys
----a-w 4,960 2008-04-29 12:55:06 C:\WINDOWS\System32\drivers\avgtdi.sys

Entries: 6 (6)
Directories: 0 Files: 6
Bytes: 896,528 Blocks: 1,755
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 2,811 2008-04-13 22:03:28 C:\APIHook.log
------w 12,615,263 2008-04-05 11:55:56 C:\avg7qt.dat
--sh--r 461 2008-03-29 15:57:29 C:\boot.ini
----a-w 4,145 2008-04-22 15:54:21 C:\Bug.txt
----a-w 20,941 2008-04-22 15:52:37 C:\ComboFix.txt
----a-w 669 2008-04-22 15:18:48 C:\DAMLog.log
----a-w 376 2008-04-22 16:54:20 C:\firstrun5.log
--sha-w 402,182,144 2008-04-22 16:56:24 C:\hiberfil.sys
----a-w 164 2008-03-21 13:07:05 C:\install.dat
----a-w 4,495 2008-04-28 23:09:16 C:\MSNFix.txt
--sha-w 817,889,280 2008-04-22 16:56:08 C:\pagefile.sys
----a-w 511 2008-04-22 16:58:58 C:\RVAXO-results.log
----a-w 33,442 2008-04-22 17:04:00 C:\RVAXO-Vfind.log

Entries: 13 (10)
Directories: 0 Files: 13
Bytes: 1,232,754,702 Blocks: 2,407,729
======C:\Documents and Settings\HP_Eigenaar\Application Data======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Temp======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\HP_Eigenaar======
----a-w 1,569 2008-03-17 15:29:12 C:\Documents and Settings\HP_Eigenaar\.recently-used.xbel
----a-w 5,767,168 2008-04-22 16:54:30 C:\Documents and Settings\HP_Eigenaar\NTUSER.DAT
---ha-w 53,248 2008-04-22 17:50:43 C:\Documents and Settings\HP_Eigenaar\ntuser.dat.LOG
--sh--w 188 2008-04-22 16:45:07 C:\Documents and Settings\HP_Eigenaar\ntuser.ini

Entries: 4 (2)
Directories: 0 Files: 4
Bytes: 5,822,173 Blocks: 11,373
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

**smeenk** · 23-04-08, 18:05

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
sc delete xseaqwt
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\amrvnswy.ini
C:\WINDOWS\System32\ghkgeoum.ini
C:\WINDOWS\System32\nesyurph.ini
C:\WINDOWS\System32\securedll.inf) DO (
del /q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post het logje van del.bat

**Roxas** · 23-04-08, 18:07

Deleting files
C:\WINDOWS\System32\amrvnswy.ini deleted
C:\WINDOWS\System32\ghkgeoum.ini deleted
C:\WINDOWS\System32\nesyurph.ini deleted
C:\WINDOWS\System32\securedll.inf deleted

**smeenk** · 23-04-08, 18:09

Dat was snel

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Dan denk ik dat we klaar zijn

**Roxas** · 23-04-08, 18:18

ha ja ik kwam net online toen je het postte :P

bedankt!! ik zie idd geen reclame meer en ik ben nu java aant instaleren, die aanvallen in mn windows map zijn ook weg, krijg geen berichten meer van adwatch met: naam.dll probeert in de map windows te komen etc

Super bedankt!

**smeenk** · 24-04-08, 08:08

Graag gedaan hoor

Mededeling

Adware en volgens mij ook nog een spyware infectie

Adware en volgens mij ook nog een spyware infectie

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment