Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ren C:\Windows\drnpfdxqvm.dll drnpfdxqvm.bak
ren C:\Windows\etlrlws.dll etlrlws.bak
ren C:\Windows\bokpkov.dll bokpkov.bak
ren C:\Windows\altvxvm.dll altvxvm.bak
ren C:\WINDOWS\fmsxwqs.exe fmsxwqs.bak
ECHO Deleting files>>log.txt
FOR %%g in (
C:\Windows\drnpfdxqvm.bak
C:\Windows\etlrlws.bak
C:\Windows\bokpkov.bak
C:\Windows\altvxvm.bak
C:\WINDOWS\fmsxwqs.bak
C:\WINDOWS\fmsxwqs.exe
C:\Windows\drnpfdxqvm.dll
C:\Windows\etlrlws.dll
C:\Windows\bokpkov.dll
C:\Windows\altvxvm.dll) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
>>log.txt (
ECHO.
ECHO Deleting folders)
FOR %%I in (
C:\WINDOWS\privacy_danger
"C:\Program Files\AntiVirusScherm") DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat

Herstart de computer.

Dubbelklik nogmaals op del.bat en post de inhoud van de logfile die opent.

Deleting files
C:\Windows\drnpfdxqvm.bak not found
C:\Windows\etlrlws.bak not found
C:\Windows\bokpkov.bak not found
C:\Windows\altvxvm.bak not found
C:\WINDOWS\fmsxwqs.bak not found
C:\WINDOWS\fmsxwqs.exe not found
C:\Windows\drnpfdxqvm.dll not found
C:\Windows\etlrlws.dll not found
C:\Windows\bokpkov.dll not found
C:\Windows\altvxvm.dll not found

Deleting folders
C:\WINDOWS\privacy_danger not found
"C:\Program Files\AntiVirusScherm" not found

Download Deckard's System Scanner naar je Bureaublad.

• Sluit alle toepassingen en vensters.
• Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
• Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
• Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2028.96 MiB / 1342.7 MiB
Pagefile Memory (total/avail): 4276.43 MiB / 3444.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.79 MiB

C: is Fixed (NTFS) - 37.27 GiB total, 7.7 GiB free.
D: is Fixed (NTFS) - 189.92 GiB total, 56.54 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MAXTOR 6L040J2 ATA Device - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

\\.\PHYSICALDRIVE0 - Maxtor 6V200E0 - 189.92 GiB - 1 partition
\PARTITION0 - Installable File System - 189.92 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
AntivirusOverride is set.

AS: Spyware Doctor v5.5.0.204 (PC Tools) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Ours\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OURS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Ours
LOCALAPPDATA=C:\Users\Ours\AppData\Local
LOGONSERVER=\\OURS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Ours\AppData\Local\Temp
TMP=C:\Users\Ours\AppData\Local\Temp
USERDOMAIN=Ours-PC
USERNAME=Ours
USERPROFILE=C:\Users\Ours
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Ours
IUSR_NMPR
natascha (new local, admin, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
BitTorrent DNA --> "C:\Users\Ours\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
Context Free --> "C:\Program Files\OzoneSoft\ContextFree\uninst-contextfree.exe"
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dolby Control Center Link --> MsiExec.exe /I{DCAF959E-BE84-4E56-91B1-3E962AED5BF4}
EVE-ONLINE (remove only) --> D:\Games\CCP\EVE\Uninstall.exe
EVEMon --> C:\Program Files\games\EVEMon\uninstall.exe
Free Registry Cleaner for Vista 1.0 --> "C:\Program Files\Free Registry Cleaner for Vista\unins000.exe"
Guild Wars --> "C:\Program Files\Games\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2 --> "C:\Users\Ours\AppData\Local\Temp\Temp1_HiJackThis[1].zip\HijackThis.exe" /uninstall
Intel(R) IPP Run-Time Installer 5.3 Update 1 for Windows* on IA-32 --> MsiExec.exe /X{C21C30F2-521C-4F86-882E-60CDCE615FBD}
Intel(R) Management Engine Interface --> C:\Windows\system32\heciudlg.exe -uninstall
Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel(R) PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel(R) PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® Viiv™ software --> MsiExec.exe /X{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820} /qb!
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x13 -remove -removeonly
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TopStyle Lite (Version 3.0) --> C:\Windows\unlite3.exe "C:\Program Files\Bradbury\TopStyle3\"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
WiLife Command Center 2.5 --> C:\Program Files\InstallShield Installation Information\{49143692-9C1E-4D35-8A82-9BE0378846CB}\setup.exe -runfromtemp -l0x0009 -removeonly
WiLifeUSBDriver --> MsiExec.exe /X{B625C98E-8813-46F6-8855-2070126D5CF3}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winbond Desktop SI/O with Consumer IR support --> MsiExec.exe /I{0D070C11-C7D6-4031-BC3D-D68650D63283}
Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type25282 / Success
Event Submitted/Written: 03/19/2008 06:43:18 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type25279 / Error
Event Submitted/Written: 03/19/2008 06:41:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application msnmsgr.exe, version 8.5.1302.1018, time stamp 0x4717a53b, faulting module smumhook.dll_unloaded, version 0.0.0.0, time stamp 0x2a425e19, exception code 0xc0000005, fault offset 0x636f2572,
process id 0xa80, application start time 0xmsnmsgr.exe0.

Event Record #/Type25277 / Error
Event Submitted/Written: 03/19/2008 06:41:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application AlertService.exe, version 1.7.261.0, time stamp 0x4611d1c3, faulting module kernel32.dll, version 6.0.6000.16386, time stamp 0x4549bd80, exception code 0xc0000005, fault offset 0x0004737d,
process id 0xb58, application start time 0xAlertService.exe0.

Event Record #/Type25274 / Error
Event Submitted/Written: 03/19/2008 06:41:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application msnmsgr.exe, version 8.5.1302.1018, time stamp 0x4717a53b, faulting module smumhook.dll_unloaded, version 0.0.0.0, time stamp 0x2a425e19, exception code 0xc0000005, fault offset 0x636f257e,
process id 0xa80, application start time 0xmsnmsgr.exe0.

Event Record #/Type25272 / Error
Event Submitted/Written: 03/19/2008 06:41:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application AlertService.exe, version 1.7.261.0, time stamp 0x4611d1c3, faulting module kernel32.dll, version 6.0.6000.16386, time stamp 0x4549bd80, exception code 0xc0000005, fault offset 0x0004737d,
process id 0x238, application start time 0xAlertService.exe0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type45074 / Error
Event Submitted/Written: 03/19/2008 06:41:41 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Intel(R) Alert Service2

Event Record #/Type45065 / Error
Event Submitted/Written: 03/19/2008 06:41:41 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Intel(R) Alert Service1

Event Record #/Type44986 / Warning
Event Submitted/Written: 03/19/2008 06:41:13 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share - The Zodiac (2007) because the directory D:\LAN\- The Zodiac (2007) no longer exists. Please run "net share - The Zodiac (2007) /delete" to delete the share, or recreate the directory D:\LAN\- The Zodiac (2007).

Event Record #/Type44943 / Error
Event Submitted/Written: 03/19/2008 06:28:40 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 0019D1B1B2AA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type44942 / Warning
Event Submitted/Written: 03/19/2008 06:28:40 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D1B1B2AA. The following error occurred:
%%2163146757. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-03-19 18:48:55 ------------

Post ook even main.txt(dat is het logje van Deckard's System Scanner

*kuch* logje ?

Volgens mij was dat main.txt. Ik heb het opnieuw gescanned en dit is nu van main.txt:

Deckard's System Scanner v20071014.68
Run by Ours on 2008-03-19 19:47:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ours.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:46, on 19-3-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ours\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ours\Desktop\Ours.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: etlrlws - {8853C284-DF46-469C-837F-6C9FDC2A3029} - C:\Windows\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AntiVirusScherm\bm.exe" dm=http://antivirusscherm.com ad=http://antivirusscherm.com sd=http://arettich.antivirusscherm.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiVirusScherm\ptask.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1058003888-2058908936-2565841550-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O21 - SSODL: bokpkov - {262D2BB1-4E42-4640-8F24-ACFAA8C34203} - C:\Windows\bokpkov.dll (file missing)
O21 - SSODL: altvxvm - {034698CB-BC11-4810-B475-7C1321208877} - C:\Windows\altvxvm.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7497 bytes

-- Files created between 2008-02-19 and 2008-03-19 -----------------------------

2008-03-19 18:29:38 0 dr------- C:\Users\natascha\Searches
2008-03-19 18:29:22 0 dr------- C:\Users\natascha\Contacts
2008-03-19 18:29:15 0 d--hs---- C:\Users\natascha\Sjablonen
2008-03-19 18:29:15 0 d--hs---- C:\Users\natascha\Menu Start
2008-03-19 18:29:15 0 d--hs---- C:\Users\natascha\Local Settings
2008-03-19 18:29:14 0 d--hs---- C:\Users\natascha\SendTo
2008-03-19 18:29:14 0 d--hs---- C:\Users\natascha\Recent
2008-03-19 18:29:14 0 d--hs---- C:\Users\natascha\Netwerkprinteromgeving
2008-03-19 18:29:14 0 d--hs---- C:\Users\natascha\NetHood
2008-03-19 18:29:14 0 d--hs---- C:\Users\natascha\Mijn documenten
2008-03-19 18:29:14 0 d--hs---- C:\Users\natascha\Cookies
2008-03-19 18:29:14 0 d--hs---- C:\Users\natascha\Application Data
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Videos
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Saved Games
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Pictures
2008-03-19 18:29:13 786432 --ahs---- C:\Users\natascha\NTUSER.DAT
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Music
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Links
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Favorites
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Downloads
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Documents
2008-03-19 18:29:13 0 dr------- C:\Users\natascha\Desktop
2008-03-19 18:29:13 0 d--h----- C:\Users\natascha\AppData
2008-03-18 22:21:52 0 d-------- C:\Program Files\Enigma Software Group
2008-03-18 18:23:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-18 18:22:59 0 d-------- C:\Program Files\Windows Live
2008-03-18 18:22:41 0 d-------- C:\Users\All Users\WLInstaller
2008-03-18 16:14:08 0 d-------- C:\Program Files\Spyware Doctor
2008-03-18 14:46:07 0 d-a------ C:\Users\All Users\TEMP
2008-03-18 08:52:34 0 d-------- C:\Users\All Users\Lavasoft
2008-03-18 08:52:34 0 d-------- C:\Program Files\Lavasoft
2008-03-18 02:19:41 0 d-------- C:\Users\Ours\.housecall6.6
2008-03-18 02:11:10 0 dr------- C:\Users\Public\Application Data
2008-03-18 02:11:10 0 dr------- C:\Users\Public\Application Data\SalesMon
2008-03-18 02:11:06 0 d-------- C:\Program Files\Common Files\AntiVirusScherm
2008-03-17 18:51:35 0 d-------- C:\Windows\RegisteredPackages
2008-03-17 18:51:33 0 d--h----- C:\Windows\msdownld.tmp
2008-03-17 18:51:26 0 d-------- C:\Program Files\Windows Media Components
2008-03-17 18:49:59 0 d-------- C:\Program Files\WiLife Command Center
2008-03-17 18:49:27 0 d-------- C:\Users\All Users\WiLife
2008-03-02 19:38:29 0 d-------- C:\Program Files\Belastingdienst


-- Find3M Report ---------------------------------------------------------------

2008-03-18 22:36:50 0 d-------- C:\Program Files\Google
2008-03-18 18:23:09 0 d-------- C:\Program Files\Common Files
2008-03-18 16:14:08 0 d-------- C:\Users\Ours\AppData\Roaming\PC Tools
2008-03-18 16:09:38 0 d-------- C:\Users\Ours\AppData\Roaming\BitTorrent
2008-03-18 14:59:40 0 d-------- C:\Users\Ours\AppData\Roaming\Google
2008-03-18 14:49:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-18 14:47:34 15222 --a------ C:\Windows\system32\perfh013.dat
2008-03-18 14:47:34 5028 --a------ C:\Windows\system32\perfc013.dat
2008-03-18 08:36:18 249360 --a------ C:\Users\Ours\AppData\Roaming\install_nl[1].exe <Not Verified; Magic Gloves Lab; Magic Installer>
2008-03-17 18:52:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 10:58:47 0 d-------- C:\Program Files\Java
2008-03-07 15:17:27 0 d-------- C:\Users\Ours\AppData\Roaming\Beyond
2008-03-06 21:58:46 0 d-------- C:\Users\Ours\AppData\Roaming\EVEMon
2008-02-21 11:33:06 0 d-------- C:\Program Files\AruaROSE
2008-02-18 21:41:46 0 d-------- C:\Users\Ours\AppData\Roaming\Ventrilo
2008-02-18 21:34:59 0 d-------- C:\Program Files\Ventrilo
2008-02-14 00:53:17 0 d-------- C:\Program Files\Creative
2008-02-14 00:51:49 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-02-14 00:51:49 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-02-09 00:18:30 0 d-------- C:\Users\Ours\AppData\Roaming\Adobe
2008-02-06 09:20:19 0 d-------- C:\Users\Ours\AppData\Roaming\Winamp
2008-02-05 22:21:09 0 d-------- C:\Program Files\Winamp
2008-02-05 22:16:37 0 d-------- C:\Program Files\DFX
2008-02-04 19:03:42 174 --a------ C:\nvidia.bat
2008-02-04 18:32:44 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-24 00:12:09 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-20 19:17:08 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [24-10-2007 15:44]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [06-04-2007 13:07]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [06-04-2007 13:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
"SigmatelSysTrayApp"="sttray.exe" [08-06-2007 03:56 C:\Windows\sttray.exe]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [29-04-2006 14:21]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11-12-2007 17:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11-12-2007 17:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11-12-2007 17:06]
"P17RunE"="P17RunE.dll" [09-04-2007 09:40 C:\Windows\System32\P17RunE.dll]
"bm"="C:\Program Files\Common Files\AntiVirusScherm\bm.exe"
"ptask"="C:\Program Files\AntiVirusScherm\ptask.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02-11-2006 13:33]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02-11-2006 13:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 13:33]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]

C:\Users\Ours\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bokpkov"= {262D2BB1-4E42-4640-8F24-ACFAA8C34203} - C:\Windows\bokpkov.dll [ ]
"altvxvm"= {034698CB-BC11-4810-B475-7C1321208877} - C:\Windows\altvxvm.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
"C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fc397c4-8223-11dc-8fca-806e6f6e6963}]
AutoRun\command- E:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-19 19:48:15 ------------

Verwijder dit bestand:
C:\Users\Ours\AppData\Roaming\install_nl[1].exe

Maak dan je prullenbak leeg.

Rechtsklik Hijackthis.exe en kies voor "Run as Administrator"
Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: etlrlws - {8853C284-DF46-469C-837F-6C9FDC2A3029} - C:\Windows\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AntiVirusScherm\bm.exe" dm=http://antivirusscherm.com ad=http://antivirusscherm.com sd=http://arettich.antivirusscherm.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiVirusScherm\ptask.exe
O21 - SSODL: bokpkov - {262D2BB1-4E42-4640-8F24-ACFAA8C34203} - C:\Windows\bokpkov.dll (file missing)
O21 - SSODL: altvxvm - {034698CB-BC11-4810-B475-7C1321208877} - C:\Windows\altvxvm.dll (file missing)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Herstart je computer.

Post na de herstart een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:20, on 20-3-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Ours\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6529 bytes


ziet er goed uit
geen sporen van spyware of malware.
Ik krijg nog wel een melding van alert @ service maar ik vermoed dat het een andere oorzaak heeft

Logje ziet er schoon uit

Wat voor melding krijg je precies?

effe kijken of image verschijnt .. zo ja dan is dit de melding die ik blijf terugkrijgen wat ik ook doe

Misschien dat dit werkt:

Open een klablokbestand.
Kopieer onderstaande code in dit kladblokbestand.
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik daarna op del.bat

Herstart je computer.

Post een nieuw logje ter controle

Het blijft nog steeds terug komen

Probleem is niet malwaregerelateerd.
Stel je vraag in de volgende sectie:


Misschien dat daar iemand de oplossing weet

Dank!