Mededeling

Collapse
No announcement yet.

Probleem met bureaubladachtergrond en startpagina

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Probleem met bureaubladachtergrond en startpagina

    Hallo,
    Voor ik mijn probleem met jullie deel wil ik eerst even zeggen dat ik hier nieuw ben en het dus nog niet helemaal snap, ik hoop dat ik alles goed doe, maar het kan zijn dat ik iets doe wat niet hier hoort of mag.

    Mijn Probleem:
    Sinds ongeveer een maand heb ik een of ander soort spyware op mijn computer.(een Mac met intel-processor waarop ik windows heb geinstalleerd) Elke dag verandert mijn bureaubladachtergrond vanzelf in iets raars van awesomehomepage.com. Ik zie op mijn bureaubladachtergrond wat nieuwtjes, wat seksueel getinte plaatjes, en links naar rare onderwerpen. Eerst 'bestreed' ik dit door dagelijks mijn bureaublad achtergrond gewoon te veranderen in iets wat ik wil, maar opeens lukt ook dat niet meer. Ik ga naar de afbeelding van mijn keuze, klik op 'instellen als bureaubladachtergrond', maar vervolgens knippert de huidige bureaubladachtergrond alleen een beetje, en blijft daarna alles zoals het was. Ook mijn startpagina wordt dagelijks verandert in awesomehomepage.com. Ik heb mijn computer al op spyware gecheckt met hitmanpro, ad-aware en vele andere, maar geen van allen hielp. Nu heb ik dat gedaan met Hijackthis, maar van het resultaat begrijp ik niet veel en er is mij aangeraden om het resultaat op dit forum te zetten en aan bevoegde personen te vragen wat verder moet gebeuren, dit is het resultaat:


    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\AppleOSSMgr.exe
    C:\WINDOWS\system32\AppleTimeSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\STacSV.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\IRW.exe
    C:\Program Files\Boot Camp\KbdMgr.exe
    C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Dani\Application Data\Qlikworld\RSSReader\RSSReader.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
    C:\Program Files\Yandex\Online\online.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=21979
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Zango /fleok=1D8A83A5C4EC167E9DAF602A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
    O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O3 - Toolbar: ßíäåêñ.Áàð - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
    O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Dani\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Yupdate!] "C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe"
    O4 - HKCU\..\Run: [YandexOnline] "C:\Program Files\Yandex\Online\online.exe" -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5119D8C4-A216-45E4-AE33-4C5EF87AFB8A}: NameServer = 85.255.115.108,85.255.112.131
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5E95BCBD-D4CD-44EA-B95F-77A8FFC3414D}: NameServer = 85.255.115.108,85.255.112.131
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FCDA42C-41C2-40CB-9820-973DACB06A89}: NameServer = 85.255.115.108,85.255.112.131
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECA81BA-BF7F-4169-A723-F50C739BF4CB}: NameServer = 85.255.115.108,85.255.112.131
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D601B759-6BCF-404F-ADEA-6BE8342205BF}: NameServer = 85.255.115.108,85.255.112.131
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.108 85.255.112.131
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5119D8C4-A216-45E4-AE33-4C5EF87AFB8A}: NameServer = 85.255.115.108,85.255.112.131
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.108 85.255.112.131
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5119D8C4-A216-45E4-AE33-4C5EF87AFB8A}: NameServer = 85.255.115.108,85.255.112.131
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.108 85.255.112.131
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
    O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    Ik hoop dat alles goed komt.

    Alvast bedankt

    Daniel

  • #2
    Download FixWareout van:
    (http://downloads.subratam.org/Fixwareout.exe)

    Sla het op je bureaublad op en dubbelklik Fixwareout.exe. Klik eerst op Next en daarna op Install. Controleer daarna of Run fixit aangevinkt is en klik op Finish. Laat dan de fix zijn werk doen.
    Je zal gevraagd worden om de computer opnieuw op te starten, doe dat. Het kan zijn dat je computer langer doet over het opstarten dan gewoonlijk; dit is normaal.

    Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.

    Plaats, na het herstarten, de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.

    Comment


    • #3
      Heb gedaan zoals je zei, heb dit gekregen:
      Username "Dani" - 04/30/2008 19:39:10 [Fixwareout edited 9/01/2007]

      ~~~~~ Prerun check
      HKLM\SOFTWARE\~\Winlogon\ "System"="kdhdz.exe"

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
      "nameserver"="85.255.115.108 85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5119D8C4-A216-45E4-AE33-4C5EF87AFB8A}
      "nameserver"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5E95BCBD-D4CD-44EA-B95F-77A8FFC3414D}
      "nameserver"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8FCDA42C-41C2-40CB-9820-973DACB06A89}
      "nameserver"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9ECA81BA-BF7F-4169-A723-F50C739BF4CB}
      "nameserver"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D601B759-6BCF-404F-ADEA-6BE8342205BF}
      "nameserver"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5119D8C4-A216-45E4-AE33-4C5EF87AFB8A}
      "DhcpNameServer"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5637DFF5-EC47-4477-A1D5-421605C2E790}
      "DhcpNameServer"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8FCDA42C-41C2-40CB-9820-973DACB06A89}
      "DhcpNameServer"="85.255.115.108,85.255.112.131" <Value cleared.
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D601B759-6BCF-404F-ADEA-6BE8342205BF}
      "DhcpNameServer"="85.255.115.108,85.255.112.131" <Value cleared.

      Successfully flushed the DNS Resolver Cache.


      System was rebooted successfully.

      ~~~~~ Postrun check
      HKLM\SOFTWARE\~\Winlogon\ "system"=""
      ....
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A6AFE2BB2FEC-CBAA-9374-D1E0-66D3D40A{" Deleted
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}033680A746E3-44EA-38E4-2273-06BE7C64{" Deleted
      C:\WINDOWS\System32\xoddy.exe Deleted
      ....
      ~~~~~ Misc files.
      C:\WINDOWS\System32\kernel32.exe Deleted
      ....
      ~~~~~ Checking for older varients.
      ....

      ~~~~~ Current runs (hklm hkcu "run" Keys Only)
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SigmatelSysTrayApp"="sttray.exe"
      "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
      "IRW"="C:\\WINDOWS\\system32\\IRW.exe"
      "Apple_KbdMgr"="C:\\Program Files\\Boot Camp\\KbdMgr.exe"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_12\\bin\\jusched.exe\""
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
      "Microsoft Updates"="svehost.exe"
      "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
      "Hitman Pro Expiration Helper"="\"C:\\Program Files\\Hitman Pro\\xphelper.exe\""
      "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
      "RssReader"="\"C:\\Documents and Settings\\Dani\\Application Data\\Qlikworld\\RSSReader\\RSSReader.exe\" /Autostart"
      "AlcoholAutomount"="\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount"
      "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
      "WinUpdater"="\"C:\\Program Files\\winvi\\update.exe\" /background"
      "WebSUpdater"="\"C:\\Program Files\\winvi\\wupda.exe\" /background"
      "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
      "Yupdate!"="\"C:\\Program Files\\Common Files\\Yandex\\Yupdate\\yupdate.exe\""
      "YandexOnline"="\"C:\\Program Files\\Yandex\\Online\\online.exe\" -AutoStart"
      ....
      Hosts file was reset, If you use a custom hosts file please replace it...
      ~~~~~ End report ~~~~~

      en bij Hijack this dit:
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\AppleOSSMgr.exe
      C:\WINDOWS\system32\AppleTimeSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\system32\STacSV.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\IRW.exe
      C:\Program Files\Boot Camp\KbdMgr.exe
      C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Documents and Settings\Dani\Application Data\Qlikworld\RSSReader\RSSReader.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
      C:\Program Files\Yandex\Online\online.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\LimeWire\LimeWire.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=21979
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: Zango /fleok=1D8A83A5C4EC167E9DAF602A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
      O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll (file missing)
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
      O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
      O3 - Toolbar: ßíäåêñ.Áàð - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
      O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
      O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
      O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Dani\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
      O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      O4 - HKCU\..\Run: [Yupdate!] "C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe"
      O4 - HKCU\..\Run: [YandexOnline] "C:\Program Files\Yandex\Online\online.exe" -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
      O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
      O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
      O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
      O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
      O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 10405 bytes

      Moet er verder nog wat gebeuren?

      Comment


      • #4
        Start Hijackthis en vink alleen de volgende regels aan:
        O2 - BHO: Zango /fleok=1D8A83A5C4EC167E9DAF602A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
        O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll (file missing)
        O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
        O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
        O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
        O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
        O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
        O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.


        Download Deckard's System Scanner naar je Bureaublad.
        • Sluit alle toepassingen en vensters.
        • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
        • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
        • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

        Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
        - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
        Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
        Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
        Last edited by smeenk; 30-04-08, 22:45.

        Comment


        • #5
          Oke, dit is van de eerste:---RVAXO.exe Updated: 2008-05-01---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\packet.dll
          C:\WINDOWS\system32\wpcap.dll
          C:\Program Files\Mozilla Firefox\regxpcom.exe

          Folders Found:
          C:\Program Files\ShoppingReport
          C:\Documents and Settings\Dani\Application Data\ShoppingReport
          C:\Program Files\FBrowsingAdvisor
          C:\Program Files\dbar
          C:\Program Files\FBrowserAdvisor
          C:\Program Files\BrowsingAdvisor
          C:\Program Files\winvi

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          en dit van de 2e
          Deckard's System Scanner v20071014.68
          Run by Dani on 2008-05-01 17:27:23
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------

          -- System Restore --------------------------------------------------------------

          Successfully created a Deckard's System Scanner Restore Point.


          -- Last 5 Restore Point(s) --
          7: 2008-05-01 15:27:31 UTC - RP143 - Deckard's System Scanner Restore Point
          6: 2008-04-30 20:33:22 UTC - RP142 - Software Distribution Service 3.0
          5: 2008-04-29 17:33:16 UTC - RP141 - Installed Windows XP KB912919.
          4: 2008-04-29 09:42:20 UTC - RP140 - Installed Ad-Aware 2007
          3: 2008-04-26 17:12:17 UTC - RP139 - System Checkpoint


          -- First Restore Point --
          1: 2008-04-23 18:59:41 UTC - RP137 - System Checkpoint


          Backed up registry hives.
          Performed disk cleanup.

          Percentage of Memory in Use: 81% (more than 75%).
          Total Physical Memory: 497 MiB (512 MiB recommended).


          -- HijackThis (run as Dani.exe) ------------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 17:28:14, on 5/1/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.5730.0013)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\AppleOSSMgr.exe
          C:\WINDOWS\system32\AppleTimeSrv.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\Program Files\Spyware Doctor\sdhelp.exe
          C:\WINDOWS\system32\STacSV.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\WINDOWS\system32\IRW.exe
          C:\Program Files\Boot Camp\KbdMgr.exe
          C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Eset\nod32kui.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Documents and Settings\Dani\Application Data\Qlikworld\RSSReader\RSSReader.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Spyware Doctor\swdoctor.exe
          C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
          C:\Program Files\Yandex\Online\online.exe
          C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          C:\Program Files\LimeWire\LimeWire.exe
          C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
          C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
          C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
          C:\Documents and Settings\Dani\Desktop\dss(2).exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\PROGRA~1\TRENDM~1\HIJACK~1\Dani.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=21979
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
          O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
          O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
          O3 - Toolbar: ßíäåêñ.Áàð - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll
          O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
          O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
          O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [RssReader] "C:\Documents and Settings\Dani\Application Data\Qlikworld\RSSReader\RSSReader.exe" /Autostart
          O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
          O4 - HKCU\..\Run: [Yupdate!] "C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe"
          O4 - HKCU\..\Run: [YandexOnline] "C:\Program Files\Yandex\Online\online.exe" -AutoStart
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
          O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
          O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
          O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
          O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
          O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
          O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
          O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
          O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
          O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
          O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
          O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
          O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

          --
          End of file - 8820 bytes

          -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

          backup-20080501-101738-517 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          backup-20080501-101738-695 O2 - BHO: Zango /fleok=1D8A83A5C4EC167E9DAF602A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
          backup-20080501-101738-737 O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
          backup-20080501-101739-382 O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
          backup-20080501-101739-511 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
          backup-20080501-101739-517 O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
          backup-20080501-101739-560 O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
          backup-20080501-101739-649 O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
          backup-20080501-101739-695 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
          backup-20080501-101739-746 O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll (file missing)
          backup-20080501-101739-828 O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
          backup-20080501-101739-848 O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
          backup-20080501-101739-993 O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

          -- File Associations -----------------------------------------------------------

          All associations okay.


          -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

          R2 KeyAgent - c:\windows\system32\drivers\keyagent.sys <Not Verified; Apple Inc.; Boot Camp>
          R2 MacHALDriver (Mac HAL) - c:\windows\system32\drivers\machaldriver.sys <Not Verified; Apple Inc.; >


          -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

          R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
          R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


          -- Device Manager: Disabled ----------------------------------------------------

          No disabled devices found.


          -- Scheduled Tasks -------------------------------------------------------------

          2008-04-15 09:01:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


          -- Files created between 2008-04-01 and 2008-05-01 -----------------------------

          2008-05-01 17:17:17 0 d-------- C:\RVAXO
          2008-05-01 17:13:57 812705 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-05-01 17:13:57 69632 --a------ C:\WINDOWS\system32\remove.exe
          2008-05-01 11:10:56 0 d-------- C:\Documents and Settings\De Rest\Application Data\Webroot
          2008-04-30 22:33:30 0 d-------- C:\WINDOWS\system32\PreInstall
          2008-04-30 21:43:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
          2008-04-30 18:12:40 0 d-------- C:\Program Files\Trend Micro
          2008-04-30 17:42:58 0 d-------- C:\Documents and Settings\De Rest\Application Data\Lavasoft
          2008-04-30 17:38:27 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
          2008-04-30 17:26:48 0 d-------- C:\Documents and Settings\Dani\Application Data\Yandex
          2008-04-30 17:26:39 0 d-------- C:\Program Files\Common Files\Yandex
          2008-04-30 17:26:38 0 d-------- C:\Program Files\Yandex
          2008-04-29 19:58:14 0 d-------- C:\Documents and Settings\Dani\Application Data\Lavasoft
          2008-04-29 19:28:53 0 d-------- C:\Program Files\Spyware Doctor
          2008-04-29 19:28:53 0 d-------- C:\Documents and Settings\Dani\Application Data\PC Tools
          2008-04-29 19:28:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
          2008-04-29 19:28:16 0 d-------- C:\Program Files\Webroot
          2008-04-29 19:28:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
          2008-04-29 19:27:54 164 --a------ C:\install.dat
          2008-04-29 19:27:42 0 d-------- C:\Documents and Settings\Dani\Application Data\Webroot
          2008-04-29 19:25:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-04-29 19:23:57 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
          2008-04-29 19:22:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
          2008-04-29 19:22:48 0 d-------- C:\Temp
          2008-04-29 19:17:07 0 d-------- C:\WINDOWS\system32\GroupPolicy
          2008-04-29 19:16:59 0 d-------- C:\Program Files\Hitman Pro
          2008-04-29 11:42:22 0 d-------- C:\Program Files\Lavasoft
          2008-04-29 11:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-04-29 11:41:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-04-28 12:02:32 0 d-------- C:\Program Files\HyCam2
          2008-04-16 17:16:05 0 d-------- C:\Documents and Settings\Dani\Application Data\Sports Interactive
          2008-04-16 16:48:07 0 dr-h----- C:\Documents and Settings\Dani\Application Data\SecuROM
          2008-04-16 16:44:13 0 d--h----- C:\Program Files\Zero G Registry
          2008-04-16 16:44:13 0 d-------- C:\Program Files\Sports Interactive
          2008-04-16 16:43:15 0 d--h----- C:\Documents and Settings\Dani\InstallAnywhere


          -- Find3M Report ---------------------------------------------------------------

          2008-05-01 17:27:21 0 d-------- C:\Documents and Settings\Dani\Application Data\LimeWire
          2008-04-30 17:26:39 0 d-------- C:\Program Files\Common Files
          2008-04-29 18:26:01 0 d-------- C:\Documents and Settings\Dani\Application Data\uTorrent
          2008-04-28 11:00:10 0 d-------- C:\Program Files\PokerStars
          2008-04-19 12:45:25 0 d-------- C:\Program Files\LimeWire
          2008-03-29 21:54:46 0 d-------- C:\Documents and Settings\Dani\Application Data\SopCast
          2008-03-23 19:42:05 0 d-------- C:\Documents and Settings\Dani\Application Data\vlc
          2008-03-23 19:41:12 0 d-------- C:\Program Files\VideoLAN
          2008-03-23 11:39:36 0 d-------- C:\Program Files\Movie Maker
          2008-03-23 11:37:21 71474 --a------ C:\WINDOWS\BricoPackUninst.cmd
          2008-03-23 11:37:21 5368 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
          2008-03-21 15:13:39 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
          2008-03-21 14:40:18 0 d-------- C:\Program Files\IrfanView
          2008-03-21 14:20:23 0 d--h----- C:\Program Files\InstallShield Installation Information
          2008-03-21 14:17:19 0 d-------- C:\Program Files\Zylom Games
          2008-03-21 14:15:58 0 d-------- C:\Program Files\Google
          2008-03-21 14:15:26 0 d-------- C:\Program Files\DNA
          2008-03-21 14:15:21 0 d-------- C:\Program Files\DivX
          2008-03-21 14:14:44 0 d-------- C:\Program Files\DIKO
          2008-03-14 20:38:16 0 d-------- C:\Program Files\BitTorrent_DNA
          2008-03-14 20:38:13 0 d-------- C:\Documents and Settings\Dani\Application Data\BitTorrent DNA
          2008-03-03 20:26:46 0 d-------- C:\Program Files\Firefly Studios


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SigmatelSysTrayApp"="sttray.exe"
          "BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 14:00 C:\WINDOWS\system32\bthprops.cpl]
          "IRW"="C:\WINDOWS\system32\IRW.exe" [07/31/2007 13:57]
          "Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [07/31/2007 14:04]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/2007 04:15]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 21:16]
          "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [04/29/2008 19:23]
          "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [01/30/2007 14:41]
          "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [03/01/2007 20:24]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 14:00]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54]
          "RssReader"="C:\Documents and Settings\Dani\Application Data\Qlikworld\RSSReader\RSSReader.exe" [09/21/2007 17:34]
          "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 12:27]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06]
          "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [12/11/2006 15:35]
          "Yupdate!"="C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe" [02/19/2008 19:33]
          "YandexOnline"="C:\Program Files\Yandex\Online\online.exe" [04/14/2008 19:34]

          [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
          "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

          C:\Documents and Settings\Dani\Start Menu\Programs\Startup\
          LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2/8/2008 23:32:57]
          RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/19/2007 0:05:02]
          TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [6/1/2005 21:41:18]
          UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [5/21/2006 9:43:08]
          Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [5/21/2006 9:43:14]

          C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
          Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/14/2007 14:34:31]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
          @="Service"

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          bthsvcs BthServ




          -- End of Deckard's System Scanner: finished at 2008-05-01 17:28:59 ------------

          en daarbij kreeg ik dit:

          Deckard's System Scanner v20071014.68
          Extra logfile - please post this as an attachment with your post.
          --------------------------------------------------------------------------------

          -- System Information ----------------------------------------------------------

          Microsoft Windows XP Home Edition (build 2600) SP 2.0
          Architecture: X86; Language: English

          CPU 0: Genuine Intel(R) CPU T2400 @ 1.83GHz
          CPU 1: Genuine Intel(R) CPU T2400 @ 1.83GHz
          Percentage of Memory in Use: 81%
          Physical Memory (total/avail): 496.29 MiB / 89.62 MiB
          Pagefile Memory (total/avail): 1208.87 MiB / 575.35 MiB
          Virtual Memory (total/avail): 2047.88 MiB / 1911.63 MiB

          C: is Fixed (NTFS) - 17.73 GiB total, 5.68 GiB free.
          D: is CDROM (UDF)
          E: is CDROM (No Media)

          \\.\PHYSICALDRIVE0 - WDC WD1600JS-40NGB2 - 149.05 GiB - 3 partitions
          \PARTITION0 - Unknown - 200.02 MiB
          \PARTITION1 - Unknown - 131 GiB
          \PARTITION2 (bootable) - Installable File System - 17.73 GiB - C:



          -- Security Center -------------------------------------------------------------

          AUOptions is scheduled to auto-install.
          Windows Internal Firewall is enabled.

          FirstRunDisabled is set.

          AV: Spy Sweeper with AntiVirus v5.3.2.2361 (Webroot Software, Inc.) Disabled Outdated
          AV: ESET NOD32 antivirus systeem 2.70 v2.70 (ESET, spol. s r.o.)

          [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
          "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
          "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
          "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

          [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
          "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
          "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
          "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
          "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
          "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
          "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
          "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
          "C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
          "C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
          "C:\\Documents and Settings\\Dani\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Dani\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
          "C:\\Program Files\\Wyzo\\wyzo.exe"="C:\\Program Files\\Wyzo\\wyzo.exe:*:Enabled:Wyzo"
          "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
          "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
          "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
          "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
          "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"


          -- Environment Variables -------------------------------------------------------

          ALLUSERSPROFILE=C:\Documents and Settings\All Users
          APPDATA=C:\Documents and Settings\Dani\Application Data
          CLASSPATH=.;C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip
          CLIENTNAME=Console
          CommonProgramFiles=C:\Program Files\Common Files
          COMPUTERNAME=DANIEL
          ComSpec=C:\WINDOWS\system32\cmd.exe
          FP_NO_HOST_CHECK=NO
          HOMEDRIVE=C:
          HOMEPATH=\Documents and Settings\Dani
          LOGONSERVER=\\DANIEL
          NUMBER_OF_PROCESSORS=2
          OS=Windows_NT
          Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
          PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
          PROCESSOR_ARCHITECTURE=x86
          PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
          PROCESSOR_LEVEL=6
          PROCESSOR_REVISION=0e08
          ProgramFiles=C:\Program Files
          PROMPT=$P$G
          QTJAVA=C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip
          SESSIONNAME=Console
          SystemDrive=C:
          SystemRoot=C:\WINDOWS
          TEMP=C:\DOCUME~1\Dani\LOCALS~1\Temp
          TMP=C:\DOCUME~1\Dani\LOCALS~1\Temp
          USERDOMAIN=DANIEL
          USERNAME=Dani
          USERPROFILE=C:\Documents and Settings\Dani
          windir=C:\WINDOWS


          -- User Profiles ---------------------------------------------------------------

          Dani (admin)
          De Rest (admin)


          -- Add/Remove Programs ---------------------------------------------------------

          --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
          µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
          ß.Îíëàéí 1.0.0 --> "C:\Program Files\Yandex\Online\unins000.exe"
          ßíäåêñ.Áàð äëÿ Internet Explorer 3.5.0 --> "C:\Program Files\Yandex\YandexBarIE\unins000.exe"
          Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
          Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
          Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
          Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
          Alcohol Toolbar --> "C:\WINDOWS\Alcohol_Toolbar_Uninstaller_6734.exe" _?=C:\Program Files\Alcohol Toolbar
          Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
          ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
          ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
          Atlantis Quest 1.0 --> "C:\Program Files\Atlantis Quest\unins000.exe"
          AVI ReComp 1.3.0 --> C:\Program Files\AVI ReComp\Uninstall.exe
          AviSynth 2.5 --> "C:\Program Files\DIKO\AVISynth\Uninstall.exe"
          Boot Camp-services --> MsiExec.exe /I{E56CCF4E-16D3-499E-9911-CB9A380665F3}
          Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
          Canon MP600 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
          Canon MP600 User Registration --> C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE
          Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
          CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
          Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"
          dbar --> "C:\Program Files\dbar\dbaruninst.exe" /S _?=C:\Program Files\dbar
          DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
          EA SPORTS online 2005 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
          Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
          FIFA 2005 --> C:\Program Files\EA SPORTS\FIFA 2005\EAUninstall.exe
          Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
          Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
          Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
          Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
          High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
          HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
          Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
          HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
          J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
          K-Lite Codec Pack 3.6.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
          LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
          Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
          Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
          NOD32 antivirus systeem --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
          Oront Burning Kit 2 Basic --> "C:\Documents and Settings\All Users\Application Data\{7D6D89DF-C51F-40CE-B978-DDD54F0DD5BC}\burningkit2_basic.exe" REMOVE=TRUE MODIFY=FALSE
          Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
          PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
          Qlikworld NewsReader 2007 --> MsiExec.exe /X{071F3745-E389-4345-86DF-E80B55446FCE}
          QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
          Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
          ScreenShot Version 2000.2 --> "C:\Program Files\ScreenShot2000_2\unins000.exe"
          SeaWorld Adventure Park Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}\setup.exe"
          ShopperReports --> C:\Program Files\ShoppingReport\Uninst.exe
          SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
          SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
          Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
          Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
          Spyware Doctor 4.0 --> C:\Program Files\Spyware Doctor\unins000.exe
          Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe"
          SubSync --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SubSync\ST6UNST.LOG"
          Super Collapse Puzzle Gallery 2 Deluxe --> "C:\Program Files\Zylom Games\Super Collapse Puzzle Gallery 2 Deluxe\GameInstlr.exe" --uninstall UnInstall.log
          The Movies(TM) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1}
          Torrent Harvester --> C:\Program Files\Torrent Harvester\uninstall.exe
          VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
          VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
          Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applebt_5F5CDDBA8C90066BFACA98E240B0E384FD78D0E5\applebt.inf
          Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bthkicker_22481FFE232728F300C3EA4B9D04741F71A78A6F\bthkicker.inf
          Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\isight_457E352673E04E3628F3481F96106C5726855272\isight.inf
          Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\irfilter_6BAE4C4E6E43E4AF7524F089CA605ACCDD038710\irfilter.inf
          Windows Driver Package - Apple Inc. Apple Keyboard (07/18/2007 2.0.0.7) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\keymagic_4198E0DC68B0013AE225FE28D3A2C303E2BD6730\keymagic.inf
          Windows Driver Package - Apple Inc. Apple Trackpad (04/19/2007 1.3.0.2) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltp_D4EA33AD83DD067980746FC754D8415C3DD09ED8\aapltp.inf
          Windows Driver Package - Apple Inc. Apple Trackpad Enabler (04/19/2007 1.3.0.2) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltctp_FAEEFB7089113E7C065ABFE5EC463561863A251A\aapltctp.inf
          Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applenull_853A42E440968266FB61B6DCC69BD2406D991F68\applenull.inf
          Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5211_83E4E86F1350732D629D737DAECF97C35FD29B0F\net5211.inf
          Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5416_011416A5D099921307D4CC88E2E5BD075CE39446\net5416.inf
          Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bcmwl5_52A7865A91A2795EC5D7A8EC9B1E1622EA863FFF\bcmwl5.inf
          Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1000325_4D2F92D840FE9D1A0C33FEC20BFC7747BB0608EA\e1000325.inf
          Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1e5132_A95FC331A737294D9476DAB83E0F4371146BDFDE\e1e5132.inf
          Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\yk51x86_98FE2F08F37A78F4FF0C10AACFE1E827854D61AE\yk51x86.inf
          Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D}
          WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
          winvi (remove only) --> "C:\Program Files\winvi\uninst.exe"
          Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
          Zuma Deluxe --> "C:\Program Files\Zylom Games\Zuma Deluxe\GameInstlr.exe" --uninstall UnInstall.log
          Zylom Games Player Plugin --> "C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall


          -- Application Event Log -------------------------------------------------------

          Event Record #/Type5916 / Error
          Event Submitted/Written: 05/01/2008 05:28:18 PM
          Event ID/Source: 11 / crypt32
          Event Description:
          Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

          Event Record #/Type5909 / Success
          Event Submitted/Written: 05/01/2008 05:21:07 PM
          Event ID/Source: 12001 / usnjsvc
          Event Description:
          The Messenger Sharing USN Journal Reader service started successfully.

          Event Record #/Type5903 / Error
          Event Submitted/Written: 05/01/2008 11:27:46 AM
          Event ID/Source: 11 / crypt32
          Event Description:
          Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

          Event Record #/Type5889 / Success
          Event Submitted/Written: 05/01/2008 11:11:31 AM
          Event ID/Source: 12001 / usnjsvc
          Event Description:
          The Messenger Sharing USN Journal Reader service started successfully.

          Event Record #/Type5878 / Success
          Event Submitted/Written: 05/01/2008 09:57:28 AM
          Event ID/Source: 12001 / usnjsvc
          Event Description:
          The Messenger Sharing USN Journal Reader service started successfully.



          -- Security Event Log ----------------------------------------------------------

          No Errors/Warnings found.


          -- System Event Log ------------------------------------------------------------

          Event Record #/Type10729 / Warning
          Event Submitted/Written: 05/01/2008 05:22:34 PM
          Event ID/Source: 4226 / Tcpip
          Event Description:
          TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

          Event Record #/Type10708 / Warning
          Event Submitted/Written: 05/01/2008 05:17:03 PM / 05/01/2008 05:17:27 PM
          Event ID/Source: 18 / BTHUSB
          Event Description:
          Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

          Event Record #/Type10702 / Error
          Event Submitted/Written: 05/01/2008 05:15:45 PM
          Event ID/Source: 10005 / DCOM
          Event Description:
          DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
          in order to run the server:
          {1BE1F766-5536-11D1-B726-00C04FB926AF}

          Event Record #/Type10701 / Error
          Event Submitted/Written: 05/01/2008 05:14:41 PM
          Event ID/Source: 7026 / Service Control Manager
          Event Description:
          The following boot-start or system-start driver(s) failed to load:
          AFD
          Fips
          intelppm
          IPSec
          MRxSmb
          NetBIOS
          NetBT
          nod32drv
          RasAcd
          Rdbss
          Tcpip
          WS2IFSL

          Event Record #/Type10700 / Error
          Event Submitted/Written: 05/01/2008 05:14:41 PM
          Event ID/Source: 7001 / Service Control Manager
          Event Description:
          The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
          %%31



          -- End of Deckard's System Scanner: finished at 2008-05-01 17:28:59 ------------

          En nu?

          PS: De problemen met de bureaubladachtergrond en startpagina zijn al weg.

          Comment


          • #6
            Hoe zit het met dat Yandex, heb je dat bewust geïnstalleerd?

            Comment


            • #7
              Oorspronkelijk geplaatst door smeenk Bekijk Berichten
              Hoe zit het met dat Yandex, heb je dat bewust geïnstalleerd?
              Ja, dat zou een soort antivirus zijn, maar deed het niet, heb nog niet de moeite gedaan om het te verwijderen.

              Is verder alles klaar?

              Comment


              • #8
                Ik zou dat Yandex er ook maar afgooien:
                # May contain Spyware or Adware - {91397D20-1446-11D4-8AF4-0040CA1127B6}: YNDBAR.DLL - Russian Searchbar
                Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Dan denk ik dat het wel weer OK is

                Comment


                • #9
                  Oke, heb alles gedaan, volgens mij is alles weer goed.

                  Hartstikke Bedankt!

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X