Mededeling

Collapse
No announcement yet.

Pop-up in IE 7

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Pop-up in IE 7

    Beste,

    zelf werk ik met Mozilla Firefox, maar mijn vriendin gebruikt nog steeds IE. Een tijdje geleden kreeg ze vaak de ene pop-up na de andere. Ik heb eens gescand met Ad-Aware en Spybot Search and Destroy. Ik heb ook gescand met NOD32 en de onlinescan van Kaspersky.

    Alles is al veel gebeterd, maar toch denk ik dat nog niet alles verdwenen is. Willen jullie eens snel een kijkje nemen?

    Heel erg bedankt!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:25:28, on 28/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bloggen.be/dekoorddanserklas1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S1CB.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7AC759-34E7-4352-8C63-1C1BA4675102}: NameServer = 195.130.130.11,195.130.131.11
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6451 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Hey,

      RVAXO

      ---RVAXO.exe Updated: 2008-01-27---first run---
      Files found:
      C:\Install

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\PlayMP3z
      C:\Program Files\BrowsingAdvisor

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Deckard's System Scanner

      Deckard's System Scanner v20071014.68
      Run by Fiona on 2008-01-30 14:11:08
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      45: 2008-01-30 13:11:13 UTC - RP45 - Deckard's System Scanner Restore Point
      44: 2008-01-28 19:29:17 UTC - RP44 - Software Distribution Service 3.0
      43: 2008-01-28 18:38:45 UTC - RP43 - Controlepunt van systeem
      42: 2008-01-24 20:20:30 UTC - RP42 - Installed ESET NOD32 Antivirus
      41: 2008-01-23 18:49:30 UTC - RP41 - Controlepunt van systeem


      -- First Restore Point --
      1: 2007-11-14 16:36:41 UTC - RP1 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.

      Total Physical Memory: 511 MiB (512 MiB recommended).


      -- HijackThis (run as Fiona.exe) -----------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:12:02, on 30/01/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Documents and Settings\Fiona\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Fiona.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bloggen.be/dekoorddanserklas1
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S1CB.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7AC759-34E7-4352-8C63-1C1BA4675102}: NameServer = 195.130.130.11,195.130.131.11
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 6321 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R3 atiusbf (USB Root Hub) - c:\windows\system32\drivers\atiusbf.sys <Not Verified; Windows (R) Server 2003 DDK provider; Windows (R) Server 2003 DDK driver>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
      Description: PCI-modem
      Device ID: PCI\VEN_1002&DEV_434D&SUBSYS_00521025&REV_01\3&13C0B0C5&0&A6
      Manufacturer:
      Name: PCI-modem
      PNP Device ID: PCI\VEN_1002&DEV_434D&SUBSYS_00521025&REV_01\3&13C0B0C5&0&A6
      Service:


      -- Files created between 2007-12-30 and 2008-01-30 -----------------------------

      2008-01-30 14:08:12 0 d-------- C:\RVAXO
      2008-01-30 14:06:16 638443 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-30 14:06:16 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-28 20:30:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
      2008-01-28 20:25:19 0 d-------- C:\Program Files\Trend Micro
      2008-01-25 23:38:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-24 21:22:02 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
      2008-01-24 21:20:34 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
      2008-01-24 20:00:06 0 d-------- C:\Documents and Settings\Fiona\Phone Browser
      2008-01-23 18:53:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-01-23 18:53:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-01-09 16:13:01 0 d-------- C:\WINDOWS\Sun
      2008-01-09 16:13:00 0 d-------- C:\Documents and Settings\Fiona\Application Data\Sun
      2008-01-09 13:39:48 0 d-------- C:\Program Files\Alwil Software


      -- Find3M Report ---------------------------------------------------------------

      2008-01-16 20:59:32 0 d-------- C:\Documents and Settings\Fiona\Application Data\LimeWire
      2008-01-02 20:41:27 0 d-------- C:\Documents and Settings\Fiona\Application Data\FileZilla
      2007-12-27 23:51:19 0 d-------- C:\Documents and Settings\Fiona\Application Data\uTorrent
      2007-12-26 09:40:39 0 d-------- C:\Documents and Settings\Fiona\Application Data\Apple Computer
      2007-12-25 13:30:09 0 d-------- C:\Program Files\Microsoft Silverlight
      2007-12-25 12:56:50 0 d-------- C:\Program Files\QuickTime
      2007-12-25 12:55:44 0 d-------- C:\Program Files\Apple Software Update
      2007-12-24 16:05:13 0 d-------- C:\Program Files\Google
      2007-12-17 17:15:57 0 d-------- C:\Program Files\Lavasoft
      2007-12-17 17:15:34 0 d-------- C:\Program Files\Common Files
      2007-12-17 17:15:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-11 18:22:48 0 d-------- C:\Program Files\uTorrent
      2007-12-08 08:49:55 0 d-------- C:\Program Files\Java
      2007-12-06 20:05:21 0 d-------- C:\Program Files\Burn4Free Toolbar
      2007-12-06 19:56:35 0 d-------- C:\Program Files\Burn4Free
      2007-12-06 17:21:25 0 d-------- C:\Program Files\LimeWire
      2007-12-06 17:20:21 0 d-------- C:\Program Files\Common Files\Java
      2007-12-05 20:29:56 0 d-------- C:\Documents and Settings\Fiona\Application Data\Adobe
      2007-12-05 20:20:17 0 d-------- C:\Program Files\Common Files\Adobe
      2007-11-16 20:07:49 1156 --a------ C:\WINDOWS\mozver.dat
      2007-11-16 20:04:30 364568 --a------ C:\WINDOWS\system32\perfh013.dat
      2007-11-16 20:04:30 53616 --a------ C:\WINDOWS\system32\perfc013.dat
      2007-11-14 18:27:20 0 --a------ C:\WINDOWS\nsreg.dat
      2007-11-14 18:07:47 62 --ahs---- C:\Documents and Settings\Fiona\Application Data\desktop.ini
      2007-11-14 17:29:08 0 -rahs---- C:\MSDOS.SYS
      2007-11-14 17:29:08 0 -rahs---- C:\IO.SYS
      2007-11-14 17:29:08 0 --a------ C:\CONFIG.SYS
      2007-11-14 17:29:08 0 --a------ C:\AUTOEXEC.BAT
      2007-11-14 17:24:26 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 10:24 C:\WINDOWS\system32\Ati2mdxx.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10/02/2004 21:10]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [20/11/2003 10:19]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/11/2003 10:18]
      "SoundMan"="SOUNDMAN.EXE" [26/02/2004 10:53 C:\WINDOWS\SOUNDMAN.EXE]
      "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
      "EPSON Stylus DX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.exe" [13/02/2006 05:00]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/12/2007 12:54]
      "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [21/12/2007 08:21]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
      "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3570537e-944d-11dc-8b7f-000ae4596aab}]
      AutoRun\command- E:\LaunchU3.exe -a




      -- End of Deckard's System Scanner: finished at 2008-01-30 14:12:31 ------------


      Bedankt!

      Comment


      • #4
        Ondervind je nog problemen?

        Je mag het 2e logje van Deckard's System Scanner(exta.txt) ook wel even posten

        Comment


        • #5
          Ondertussen geen problemen meer ondervonden hoor. Hier toch nog het extra logje.

          Deckard's System Scanner v20071014.68
          Extra logfile - please post this as an attachment with your post.
          --------------------------------------------------------------------------------

          -- System Information ----------------------------------------------------------

          Microsoft Windows XP Professional (build 2600) SP 2.0
          Architecture: X86; Language: Dutch

          CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
          Percentage of Memory in Use: 53%
          Physical Memory (total/avail): 510.98 MiB / 236.52 MiB
          Pagefile Memory (total/avail): 1249.38 MiB / 1013.87 MiB
          Virtual Memory (total/avail): 2047.88 MiB / 1918.19 MiB

          C: is Fixed (NTFS) - 37.25 GiB total, 26.48 GiB free.
          D: is CDROM (No Media)

          \\.\PHYSICALDRIVE0 - IC25N040ATMR04-0 - 37.26 GiB - 1 partition
          \PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



          -- Security Center -------------------------------------------------------------

          AUOptions is scheduled to auto-install.
          Windows Internal Firewall is enabled.

          FirstRunDisabled is set.

          AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

          [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
          "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

          [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
          "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
          "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
          "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
          "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


          -- Environment Variables -------------------------------------------------------

          ALLUSERSPROFILE=C:\Documents and Settings\All Users
          APPDATA=C:\Documents and Settings\Fiona\Application Data
          CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
          CLIENTNAME=Console
          CommonProgramFiles=C:\Program Files\Common Files
          COMPUTERNAME=ACER
          ComSpec=C:\WINDOWS\system32\cmd.exe
          FP_NO_HOST_CHECK=NO
          HOMEDRIVE=C:
          HOMEPATH=\Documents and Settings\Fiona
          LOGONSERVER=\\ACER
          NUMBER_OF_PROCESSORS=1
          OS=Windows_NT
          Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
          PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
          PROCESSOR_ARCHITECTURE=x86
          PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
          PROCESSOR_LEVEL=15
          PROCESSOR_REVISION=0209
          ProgramFiles=C:\Program Files
          PROMPT=$P$G
          QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
          SESSIONNAME=Console
          SystemDrive=C:
          SystemRoot=C:\WINDOWS
          TEMP=C:\DOCUME~1\Fiona\LOCALS~1\Temp
          TMP=C:\DOCUME~1\Fiona\LOCALS~1\Temp
          USERDOMAIN=ACER
          USERNAME=Fiona
          USERPROFILE=C:\Documents and Settings\Fiona
          windir=C:\WINDOWS


          -- User Profiles ---------------------------------------------------------------

          Fiona (admin)


          -- Add/Remove Programs ---------------------------------------------------------

          --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
          ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
          Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
          Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
          Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
          Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
          ATI-stuurprogramma's --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A3B9-08C3-4A2F-B2CB-8EAC3F17F440}\setup.exe"
          ATI - Software-verwijderprogramma --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
          ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
          ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
          µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
          Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
          Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
          Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
          Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
          BrowsingAdvisor --> C:\Program Files\BrowsingAdvisor\uninstall.exe
          Burn4Free CD and DVD --> "C:\Program Files\Burn4Free\uninstall.exe"
          EPSON-printersoftware --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
          EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
          ESDX6000_CX5900 Gebruik.handl. --> C:\Program Files\EPSON\TPMANUAL\ESDX6000_CX5900\USE_G\DOCUNINS.EXE
          ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
          FileZilla Client 3.0.4.1 --> C:\Program Files\FileZilla Client\uninstall.exe
          HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
          Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
          IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
          Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
          Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
          Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
          LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"
          Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
          Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
          Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
          NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
          Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
          Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_dut_web.exe /LANG="1043"
          Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
          PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
          PlayMP3z --> C:\Program Files\PlayMP3z\uninstall.exe
          QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
          Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
          REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x13 REMOVE
          Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
          Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
          Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
          Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
          Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
          Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
          Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
          Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
          Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
          Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
          Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
          Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
          Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
          Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
          Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
          Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
          Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
          Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
          USBFltr --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1A749DA2-42E5-4751-B3F4-E1DC383FFE92}
          Windows-stuurprogrammapakket - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
          Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
          Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
          WinRAR --> C:\Program Files\WinRAR\uninstall.exe


          -- Application Event Log -------------------------------------------------------

          No Errors/Warnings found.


          -- Security Event Log ----------------------------------------------------------

          No Errors/Warnings found.


          -- System Event Log ------------------------------------------------------------

          Event Record #/Type2824 / Warning
          Event Submitted/Written: 01/23/2008 02:22:47 PM
          Event ID/Source: 240 / Win32k
          Event Description:
          Een aanvraag om energietoevoer te onderbreken, is geweigerd door winlogon.exe.

          Event Record #/Type2740 / Warning
          Event Submitted/Written: 01/18/2008 07:32:14 PM
          Event ID/Source: 240 / Win32k
          Event Description:
          Een aanvraag om energietoevoer te onderbreken, is geweigerd door winlogon.exe.

          Event Record #/Type2711 / Warning
          Event Submitted/Written: 01/17/2008 07:25:30 PM
          Event ID/Source: 4226 / Tcpip
          Event Description:
          TCP/IP heeft de beveiligingslimiet bereikt van het aantal gelijktijdige verbindingspogingen via TCP.

          Event Record #/Type2437 / Warning
          Event Submitted/Written: 01/08/2008 08:56:31 PM
          Event ID/Source: 240 / Win32k
          Event Description:
          Een aanvraag om energietoevoer te onderbreken, is geweigerd door winlogon.exe.

          Event Record #/Type2433 / Warning
          Event Submitted/Written: 01/08/2008 05:29:34 PM
          Event ID/Source: 4226 / Tcpip
          Event Description:
          TCP/IP heeft de beveiligingslimiet bereikt van het aantal gelijktijdige verbindingspogingen via TCP.



          -- End of Deckard's System Scanner: finished at 2008-01-30 14:12:31 ------------

          Comment


          • #6
            Download de Registry Search Tool hier. Unzip het script.

            Start RegSrch.vbs.
            In het Zoekveld geef je het volgende in(kopieeren en plakken)
            BrowsingAdvisor
            Als er wat gevonden wordt, krijg je een logje. Sla dit logje op.

            Meldt het resultaat van regsearch.

            Doe hetzelfde voor de volgende:
            PlayMP3z

            Post de resultaten in je volgende post.

            Comment


            • #7
              Inderdaad, ik was die PlayMP3z vergeten. Bij het afspelen van sommige MP3's, wordt dit automatisch aangeboden om te downloaden.

              Log 1:
              REGEDIT4
              ; RegSrch.vbs © Bill James

              ; Registry search results for string "BrowsingAdvisor" 2/02/2008 18:09:00

              ; NOTE: This file will be deleted when you close WordPad.
              ; You must manually save this file to a new location if you want to refer to it again later.
              ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BrowsingAdvisor.DLL]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C0AE27A2-FB16-65D9-7535-9DEDD84B7FF4}]
              @="BrowsingAdvisor"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher\CLSID]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher\CurVer]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher\CurVer]
              @="BrowsingAdvisor.BrowserWatcher.1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher.1]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher.1\CLSID]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO]
              @="BrowsingAdvisor"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO\CLSID]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO\CurVer]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO\CurVer]
              @="BrowsingAdvisor.PornPro_BHO.1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO.1]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO.1]
              @="BrowsingAdvisor"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO.1\CLSID]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost\CLSID]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost\CurVer]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost\CurVer]
              @="BrowsingAdvisor.PrecacheBrowserHost.1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost.1]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost.1\CLSID]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06075F5D-EF05-16D5-5687-249A7C80EB26}\InprocServer32]
              @="C:\\Program Files\\BrowsingAdvisor\\BrowsingAdvisor-2.dll"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06075F5D-EF05-16D5-5687-249A7C80EB26}\ProgID]
              @="BrowsingAdvisor.BrowserWatcher.1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06075F5D-EF05-16D5-5687-249A7C80EB26}\VersionIndependentProgID]
              @="BrowsingAdvisor.BrowserWatcher"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B225ECB-2ED9-991D-713C-461009A60F29}\InprocServer32]
              @="C:\\Program Files\\BrowsingAdvisor\\BrowsingAdvisor-2.dll"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B225ECB-2ED9-991D-713C-461009A60F29}\ProgID]
              @="BrowsingAdvisor.PrecacheBrowserHost.1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B225ECB-2ED9-991D-713C-461009A60F29}\VersionIndependentProgID]
              @="BrowsingAdvisor.PrecacheBrowserHost"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}\1.0]
              @="BrowsingAdvisor 1.0 Type Library"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}\1.0\0\win32]
              @="C:\\Program Files\\BrowsingAdvisor\\BrowsingAdvisor-2.dll"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowsingAdvisor]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowsingAdvisor]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowsingAdvisor]
              "DisplayName"="BrowsingAdvisor"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowsingAdvisor]
              "UninstallString"="C:\\Program Files\\BrowsingAdvisor\\uninstall.exe"

              [HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\BrowsingAdvisor]

              [HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\BrowsingAdvisor]
              "InstallDir"="C:\\Program Files\\BrowsingAdvisor"

              [HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\BrowsingAdvisor]
              "install_dir"="C:\\Program Files\\BrowsingAdvisor"

              Log 2:
              REGEDIT4
              ; RegSrch.vbs © Bill James

              ; Registry search results for string "PlayMP3z" 2/02/2008 18:10:38

              ; NOTE: This file will be deleted when you close WordPad.
              ; You must manually save this file to a new location if you want to refer to it again later.
              ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3]
              "DisplayName"="PlayMP3z"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3]
              "UninstallString"="C:\\Program Files\\PlayMP3z\\uninstall.exe"

              [HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PlayMP3z]

              [HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\PlayMP3]
              "InstallDir"="C:\\Program Files\\PlayMP3z"

              [HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\PlayMP3]
              "install_dir"="C:\\Program Files\\PlayMP3z"

              Bedankt!

              Comment


              • #8
                1) Open een kladblokbestand.
                2) Kopieer onderstaande code volledig in dit kladblokbestand.
                3) Ga naar Bestand - Opslaan als.
                -Bij "Opslaan in" kies je: Bureaublad
                -Bij "Bestandsnaam" zet je: fix.reg
                -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                -Klik op de knop Opslaan.
                Code:
                REGEDIT4
                
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PrecacheBrowserHost.1]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06075F5D-EF05-16D5-5687-249A7C80EB26}]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B225ECB-2ED9-991D-713C-461009A60F29}]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowsingAdvisor]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowsingAdvisor]
                [-HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\BrowsingAdvisor]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C0AE27A2-FB16-65D9-7535-9DEDD84B7FF4}]
                [-HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PlayMP3z]
                [-HKEY_USERS\S-1-5-21-1715567821-1757981266-725345543-1003\Software\PlayMP3]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO.1]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.BrowserWatcher.1]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowsingAdvisor.PornPro_BHO]
                [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BrowsingAdvisor.DLL]
                4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

                Daarna kan je met de registry Search Tool controleren of alles weg is.

                Vertel ook of er nog problemen zijn

                Comment


                • #9
                  Heb gecontroleerd met de RegSearch Tool en er wordt niets meer gevonden. Van de pop-ups in internet explorer ben ik ook al een tijdje verlost. Wel nog bij het openen van bepaalde mp3's wordt er mij aangeboden om iets van www.fastmp3player.com te downloaden. Misschien zijn deze bestanden gewoon corrupt, want deze werden gedownload wanneer ik nog niets schoongemaakt had. Deze bestanden heb ik nu gewoon verwijderd.

                  Bedankt!

                  Comment


                  • #10
                    Graag gedaan hoor

                    Doe dit nog:
                    Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                    Dit zal alles van RVAXO doen verwijderen.

                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Dan denk ik dat alles weer OK is

                    Comment


                    • #11
                      Ok, alles uitgevoerd! Heel erg bedankt. Veel respect voor het werk dat jullie leveren... PRACHTWERK!

                      Comment


                      • #12
                        Graag gedaan hoor, fijn dat het allemaal gelukt is

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X