Mededeling

Collapse
No announcement yet.

Is mijn pc nog clean?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Is mijn pc nog clean?

    Is mijn pc nog clean?

    Gewoon om zeker te zijn...

    logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:46:51, on 28/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\SGFucyBNb3J0ZWxtYW5z\command.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\CNYHKey.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
    C:\WINDOWS\tppaldr.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Documents and Settings\Hans Mortelmans\lsass.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
    C:\Program Files\interMute\AdSubtract\AdSub.exe
    C:\WINDOWS\system32\ext\begmgr11.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\WINDOWS\system32\locator.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\InterActual\InterActual Player\iPlayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\limewire\limewire.exe
    C:\Documents and Settings\Hans Mortelmans\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1057
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [{C6-6B-BC-CD-DW}] C:\WINDOWS\system32\ext\begmgr11.exe DWram
    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Hans Mortelmans\lsass.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
    O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
    O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
    O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?cf5f501069f548fdbbc540c37a674f8c
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?cf5f501069f548fdbbc540c37a674f8c
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SGFucyBNb3J0ZWxtYW5z\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

  • #2
    Ik denk dat je mijn antwoord al wel weet

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

    Comment


    • #3
      ...

      RVAXO log:

      ---RVAXO.exe Updated: 2008-03-29---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\XaHNVvut.ini2
      C:\WINDOWS\system32\WinUpdating.exe
      C:\WINDOWS\system32\WinSpooler.exe
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\vbzip10.dll
      C:\WINDOWS\smdat32m.sys
      C:\WINDOWS\smdat32a.sys
      C:\Documents and Settings\Hans Mortelmans\lsass.exe
      C:\WINDOWS\Fonts\svchost.exe
      C:\WINDOWS\Fonts\a.zip
      C:\WINDOWS\system32\pac.txt

      Folders Found:
      C:\Program Files\Network Monitor
      C:\Temp\1cb

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      anti-malware log:

      Malwarebytes' Anti-Malware 1.09
      Database versie: 563

      Scan type: Volledige Scan (C:\|D:\|E:\|F:\|G:\|)
      Objecten gescand: 160299
      Verstreken tijd: 45 minute(s), 10 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 1
      Registersleutels geïnfecteerd: 16
      Registerwaarden geïnfecteerd: 2
      Registerdata bestanden geïnfecteerd: 1
      Mappen geïnfecteerd: 3
      Bestanden geïnfecteerd: 22

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\tuvVNHaX.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e1c4993-d4a0-4488-b424-31f4238724a9} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{2e1c4993-d4a0-4488-b424-31f4238724a9} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{C6-6B-BC-CD-DW} (Adware.ZenoSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\POSTSETUPCHECK (Adware.Agent) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvnhax -> Quarantined and deleted successfully.

      Mappen geïnfecteerd:
      C:\WINDOWS\SGFucyBNb3J0ZWxtYW5z (AdWare.CommAd) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\mxncsrkn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nkrscnxm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tuvVNHaX.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\XaHNVvut.ini (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\XaHNVvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ext\begmgr11.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Hans Mortelmans\Local Settings\Temporary Internet Files\Content.IE5\UW03HX0L\installer[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{4252F9A0-FD2C-4B9A-8ABF-648726791F43}\RP280\A0065828.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
      C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\SGFucyBNb3J0ZWxtYW5z\asappsrv.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
      C:\WINDOWS\SGFucyBNb3J0ZWxtYW5z\command.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
      C:\WINDOWS\SGFucyBNb3J0ZWxtYW5z\m3IRwV1hvaLXtqUQsqcW.vbs (AdWare.CommAd) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\imd4\v55api.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\atgban.dll (Adware.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\rundll32.exe (Adware.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.

      ... toen de anti-malware scan volledig was uitgevoerd en ik (na ontiegelijk grondig te controleren of alles aangevinkt was) de malware wou verwijderen lukte dat maar gedeeltelijk en gaf hij aan dat er bepaalde bestanden die je dan ook in de lijst ziet, pas na een reboot konden worden verwijderd.

      De pc startte dan automatisch opnieuw op. Alleen heropende anti-malware zich niet meer en kreeg ik geen nieuw logje om te kijken of alles effectief verwijderd was.

      Er staat ook nog vanalles (trojan, adware, malware, etc.)
      in mijn quarantaine lijst.
      Laten staan of verwijderen?

      dankoe hans

      Comment


      • #4
        Hijack

        log:

        Logfile of HijackThis v1.99.1
        Scan saved at 15:32:06, on 29/03/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\WINDOWS\ATKKBService.exe
        C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
        C:\WINDOWS\system32\CTsvcCDA.EXE
        C:\Program Files\ewido anti-malware\ewidoctrl.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\MsPMSPSv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\AGRSMMSG.exe
        C:\WINDOWS\Dit.exe
        C:\WINDOWS\mHotkey.exe
        C:\WINDOWS\CNYHKey.exe
        C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
        C:\WINDOWS\tppaldr.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Windows Media Player\WMPNSCFG.exe
        C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
        C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
        C:\Program Files\interMute\AdSubtract\AdSub.exe
        C:\Program Files\Xfire\Xfire.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Documents and Settings\Hans Mortelmans\Bureaublad\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1044
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
        O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [Dit] Dit.exe
        O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
        O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
        O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Hans Mortelmans\lsass.exe
        O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
        O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
        O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
        O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
        O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
        O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
        O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
        O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe
        O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
        O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
        O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
        O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
        O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?cf5f501069f548fdbbc540c37a674f8c
        O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?cf5f501069f548fdbbc540c37a674f8c
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
        O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
        O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
        O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
        O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
        O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
        O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
        O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

        Comment


        • #5
          Alles dat in Quarantaine staat mag je laten verwijderen.

          Je kan MalwareBytes' eventueel nog een keer laten scannen om te zien of alles effectief verwijderd werd

          Doe ook dit:
          Download Deckard's System Scanner naar je Bureaublad.
          • Sluit alle toepassingen en vensters.
          • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
          • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
          • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

          Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
          - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
          Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
          Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

          Comment


          • #6
            aub

            Deckard's System Scanner v20071014.68
            Run by Hans Mortelmans on 2008-03-29 15:46:09
            Computer is in Normal Mode.
            --------------------------------------------------------------------------------

            -- System Restore --------------------------------------------------------------

            Successfully created a Deckard's System Scanner Restore Point.


            -- Last 5 Restore Point(s) --
            127: 2008-03-29 14:46:16 UTC - RP282 - Deckard's System Scanner Restore Point
            126: 2008-03-29 14:24:06 UTC - RP281 - Last known good configuration
            125: 2008-03-29 14:23:59 UTC - RP280 - Software Distribution Service 3.0
            124: 2008-03-29 14:23:59 UTC - RP279 - Last known good configuration
            123: 2008-03-29 14:23:59 UTC - RP278 - Software Distribution Service 3.0


            -- First Restore Point --
            1: 2008-03-29 14:23:54 UTC - RP156 - Software Distribution Service 3.0


            Backed up registry hives.
            Performed disk cleanup.

            System Drive C: has 13.01 GiB (less than 15%) free.


            -- HijackThis (run as Hans Mortelmans.exe) -------------------------------------

            Unable to find log (file not found); running clone.
            -- HijackThis Clone ------------------------------------------------------------


            Emulating logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 2008-03-29 15:47:16
            Platform: Windows XP Service Pack 2 (5.01.2600)
            MSIE: Internet Explorer (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\system32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\WINDOWS\ATKKBService.exe
            C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
            C:\WINDOWS\system32\CTSVCCDA.EXE
            C:\Program Files\ewido anti-malware\ewidoctrl.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\WINDOWS\explorer.exe
            C:\WINDOWS\AGRSMMSG.exe
            C:\WINDOWS\Dit.exe
            C:\WINDOWS\mHotkey.exe
            C:\WINDOWS\CNYHKey.exe
            C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.exe
            C:\WINDOWS\TPPALDR.EXE
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\Program Files\Windows Media Player\wmpnscfg.exe
            C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
            C:\Program Files\Common Files\X10\Common\X10nets.exe
            C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
            C:\Program Files\interMute\AdSubtract\AdSub.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\Documents and Settings\Hans Mortelmans\Bureaublad\Mapje HULP\deckart's system scanner.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
            R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1044
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
            O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - C:\WINDOWS\system32\pmnkKbxx.dll
            O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll (file missing)
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O2 - BHO: {df65791f-e0d6-d8d8-40a4-208b90ab138c} - {c831ba09-b802-4a04-8d8d-6d0ef19756fd} - C:\WINDOWS\system32\kjgvxdgh.dll
            O2 - BHO: (no name) - {EE273E76-D769-4E60-A11D-4CA3454F24DF} - C:\WINDOWS\system32\mlJYsTlK.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
            O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
            O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
            O4 - HKLM\..\Run: [Dit] Dit.exe
            O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
            O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
            O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
            O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Hans Mortelmans\lsass.exe
            O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
            O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
            O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Startup: AdSubtract.lnk = ?
            O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
            O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
            O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
            O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
            O4 - Global Startup: Windows Desktop Search.lnk = ?
            O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
            O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
            O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
            O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
            O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?cf5f501069f548fdbbc540c37a674f8c
            O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?cf5f501069f548fdbbc540c37a674f8c
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
            O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
            O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O20 - Winlogon Notify: pmnkKbxx - C:\WINDOWS\system32\pmnkKbxx.dll
            O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
            O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
            O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
            O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
            O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
            O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
            O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
            O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
            O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
            O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe


            --
            End of file - 12817 bytes

            -- File Associations -----------------------------------------------------------

            .reg - regfile - shell\open\command - regedit.exe"%1" %*
            .scr - scrfile - shell\open\command - "%1" %*


            -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

            R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
            R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
            R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
            R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
            R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
            R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
            R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
            R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
            R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
            R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
            R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
            R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
            R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
            R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
            R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
            R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

            S2 SAVRTPEL - c:\windows\system32\drivers\savrtpel.sys (file missing)
            S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
            S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
            S3 Cap7134 (MEDION (7134) WDM Video Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
            S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
            S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\packet.sys
            S3 PhTVTune (MEDION TV-TUNER 7134 MK2/3) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>
            S3 SAVRT - c:\windows\system32\drivers\savrt.sys (file missing)
            S3 TPPFX (USB Storage Adapter FX (TPP)) - c:\windows\system32\drivers\tppfx.sys <Not Verified; Cypress Semiconductor; TPP Storage Adapter>
            S3 UKBFLT - c:\windows\system32\drivers\ukbflt.sys <Not Verified; Chicony; UKBFLT>
            S3 wbscr (Winbond Smartcard Reader for I/O) - c:\windows\system32\drivers\wbscr.sys <Not Verified; Winbond Electronics Corp.; Winbond Smartcard Driver>
            S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


            -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

            R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
            R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
            R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
            R2 LogWatch (Event Log Watch) - "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" <Not Verified; Computer Associates; Computer Associates LogWatNT>
            R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

            S2 navapsvc (Norton AntiVirus Auto-Protect) - c:\program files\norton systemworks\norton antivirus\navapsvc.exe (file missing)
            S2 SBService (ScriptBlocking Service) - c:\progra~1\common~1\symant~1\script~1\sbserv.exe (file missing)
            S3 CA_LIC_CLNT (CA License Client) - "c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe" <Not Verified; Computer Associates; Computer Associates lic98rmt>
            S3 CA_LIC_SRVR (CA License Server) - "c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe" <Not Verified; Computer Associates; Computer Associates lic98rmtd>


            -- Device Manager: Disabled ----------------------------------------------------

            Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
            Description: USB-apparaat voor massaopslag
            Device ID: USB\VID_0DB0&PID_4023\AAAA12345678
            Manufacturer: Oplagapparaat dat compatibel is met USB
            Name: USB-apparaat voor massaopslag
            PNP Device ID: USB\VID_0DB0&PID_4023\AAAA12345678
            Service: USBSTOR

            Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
            Description: MEDION (7134) WDM Video Capture
            Device ID: PCI\VEN_1131&DEV_7134&SUBSYS_000316BE&REV_01\4&10A6A55&0&08F0
            Manufacturer: Philips Semiconductors
            Name: MEDION (7134) WDM Video Capture
            PNP Device ID: PCI\VEN_1131&DEV_7134&SUBSYS_000316BE&REV_01\4&10A6A55&0&08F0
            Service:

            Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
            Description: VIA VT6105 Rhine III Fast Ethernet Adapter
            Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_091C1462&REV_8B\4&10A6A55&0&30F0
            Manufacturer: VIA Technologies, Inc.
            Name: VIA VT6105 Rhine III Fast Ethernet Adapter
            PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_091C1462&REV_8B\4&10A6A55&0&30F0
            Service: FETNDISB

            Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
            Description: Bluetooth Audio
            Device ID: ROOT\MEDIA\0000
            Manufacturer: IVT Corporation.
            Name: Bluetooth Audio
            PNP Device ID: ROOT\MEDIA\0000
            Service:


            -- Files created between 2008-02-29 and 2008-03-29 -----------------------------

            2008-03-29 15:23:44 8247 --ahs---- C:\WINDOWS\system32\KlTsYJlm.ini2
            2008-03-29 15:23:43 267776 --a------ C:\WINDOWS\system32\mlJYsTlK.dll
            2008-03-29 15:20:25 0 d-------- C:\WINDOWS\LastGood
            2008-03-29 14:26:28 0 d-------- C:\Documents and Settings\Hans Mortelmans\Application Data\Malwarebytes
            2008-03-29 14:26:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
            2008-03-29 14:26:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
            2008-03-29 14:26:00 0 d-------- C:\Program Files\Common Files\Download Manager
            2008-03-29 14:20:16 0 d-------- C:\RVAXO
            2008-03-29 14:09:33 768457 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-03-29 14:09:33 69632 --a------ C:\WINDOWS\system32\remove.exe
            2008-03-29 14:02:57 86592 --a------ C:\WINDOWS\system32\ewxkdclq.dll
            2008-03-29 13:55:27 90176 --a------ C:\WINDOWS\system32\kjgvxdgh.dll
            2008-03-29 13:50:22 86592 --a------ C:\WINDOWS\system32\sfxbhkyx.dll
            2008-03-29 13:50:20 39936 --a------ C:\WINDOWS\system32\hgGyvwwV.dll
            2008-03-28 20:39:51 39883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
            2008-03-28 20:39:46 0 d-------- C:\WINDOWS\system32\imd4
            2008-03-28 20:39:46 0 d-------- C:\WINDOWS\system32\ext
            2008-03-28 20:39:46 0 d-------- C:\WINDOWS\system32\DL
            2008-03-28 20:39:43 0 d-------- C:\WINDOWS\system32\aqVreo18
            2008-03-28 20:39:34 39936 --a------ C:\WINDOWS\system32\pmnkKbxx.dll
            2008-03-28 20:17:01 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
            2008-03-28 20:16:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
            2008-03-27 07:10:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
            2008-03-27 07:04:18 0 d-------- C:\Program Files\Sierra
            2008-03-27 05:02:06 0 d-------- C:\Program Files\Activision
            2008-03-27 04:57:07 0 d--hs---- C:\WINDOWS\ftpcache


            -- Find3M Report ---------------------------------------------------------------

            2008-03-29 15:37:11 0 d-------- C:\Documents and Settings\Hans Mortelmans\Application Data\Xfire
            2008-03-29 14:26:00 0 d-------- C:\Program Files\Common Files
            2008-03-29 13:57:51 0 d-------- C:\Program Files\Incomplete
            2008-03-29 13:55:20 0 d-------- C:\Program Files\LimeWire
            2008-03-28 23:39:11 0 d-------- C:\Documents and Settings\Hans Mortelmans\Application Data\Skype
            2008-03-28 02:12:42 42320 --a------ C:\Documents and Settings\Hans Mortelmans\Application Data\wklnhst.dat
            2008-03-28 00:02:23 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
            2008-03-27 15:01:55 0 d-------- C:\Program Files\Winamp
            2008-03-27 15:01:23 0 d-------- C:\Program Files\EA SPORTS
            2008-03-27 06:02:41 0 d-------- C:\Program Files\Bethesda Softworks
            2008-03-27 06:02:38 0 d--h----- C:\Program Files\InstallShield Installation Information
            2008-03-27 01:17:51 0 d-------- C:\Program Files\Guild Wars
            2008-03-26 23:53:31 462562 --a------ C:\WINDOWS\system32\perfh013.dat
            2008-03-26 23:53:31 80622 --a------ C:\WINDOWS\system32\perfc013.dat
            2008-03-26 19:56:45 0 d-------- C:\Program Files\Java
            2008-03-26 19:54:06 0 d-------- C:\Program Files\Common Files\Sony Shared
            2008-03-26 19:46:32 0 d---s---- C:\Program Files\Xfire
            2008-03-13 19:27:14 0 d-------- C:\Program Files\GameSpy Arcade
            2008-03-04 19:39:07 0 d-------- C:\Documents and Settings\Hans Mortelmans\Application Data\Adobe
            2008-02-10 23:37:43 0 d-------- C:\Program Files\FlashFXP
            2008-02-10 23:32:46 0 d-------- C:\Program Files\BPFTP Server
            2008-01-10 22:23:44 37027 --a------ C:\WINDOWS\atmoUn.exe


            -- Registry Dump ---------------------------------------------------------------

            *Note* empty entries & legit default entries are not shown


            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}]
            28/03/2008 20:39 39936 --a------ C:\WINDOWS\system32\pmnkKbxx.dll

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
            C:\WINDOWS\system32\atgban.dll

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c831ba09-b802-4a04-8d8d-6d0ef19756fd}]
            29/03/2008 13:55 90176 --a------ C:\WINDOWS\system32\kjgvxdgh.dll

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE273E76-D769-4E60-A11D-4CA3454F24DF}]
            29/03/2008 15:23 267776 --a------ C:\WINDOWS\system32\mlJYsTlK.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/07/2005 11:57]
            "nwiz"="nwiz.exe" [08/07/2005 11:57 C:\WINDOWS\system32\nwiz.exe]
            "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [17/03/2004 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
            "AGRSMMSG"="AGRSMMSG.exe" [04/03/2005 11:01 C:\WINDOWS\AGRSMMSG.exe]
            "Dit"="Dit.exe" [20/07/2004 17:18 C:\WINDOWS\Dit.exe]
            "CHotkey"="mHotkey.exe" [24/02/2004 13:05 C:\WINDOWS\mHotkey.exe]
            "ledpointer"="CNYHKey.exe" [03/02/2004 16:15 C:\WINDOWS\CNYHKey.exe]
            "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
            "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [29/10/2004 20:34]
            "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/10/2004 18:02]
            "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [14/11/2007 23:43]
            "PRISMSVR.EXE"="C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.exe" [02/07/2004 16:27]
            "TPP Auto Loader"="C:\WINDOWS\tppaldr.exe" [24/06/2002 11:20]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
            "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/07/2005 11:57]
            "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [14/05/2007 23:22]
            "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 13:11]
            "LSA Shellu"="C:\Documents and Settings\Hans Mortelmans\lsass.exe"

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [05/10/2004 08:52]
            "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [20/08/2004 10:47]
            "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [24/10/2005 19:37]
            "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [28/03/2008 19:51]
            "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/12/2006 13:40]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/07/2007 17:04]
            "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 21:53]

            C:\Documents and Settings\Hans Mortelmans\Menu Start\Programma's\Opstarten\
            AdSubtract.lnk - C:\Program Files\interMute\AdSubtract\AdSub.exe [12/11/2005 17:19:26]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "DisableCAD"=0 (0x0)

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
            "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [28/09/2006 11:22 77824]
            "{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\pmnkKbxx.dll [28/03/2008 20:39 39936]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
            C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/10/2006 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkKbxx]
            pmnkKbxx.dll 28/03/2008 20:39 39936 C:\WINDOWS\system32\pmnkKbxx.dll

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
            SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




            -- End of Deckard's System Scanner: finished at 2008-03-29 15:48:17 ------------

            Comment


            • #7
              extra.txt

              Deckard's System Scanner v20071014.68
              Extra logfile - please post this as an attachment with your post.
              --------------------------------------------------------------------------------

              -- System Information ----------------------------------------------------------

              Microsoft Windows XP Home Edition (build 2600) SP 2.0
              Architecture: X86; Language: Dutch

              CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
              CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
              Percentage of Memory in Use: 66%
              Physical Memory (total/avail): 511.48 MiB / 170.6 MiB
              Pagefile Memory (total/avail): 1250.02 MiB / 968.88 MiB
              Virtual Memory (total/avail): 2047.88 MiB / 1927.81 MiB

              C: is Fixed (NTFS) - 125.46 GiB total, 13.01 GiB free.
              D: is Fixed (NTFS) - 89.84 GiB total, 88.45 GiB free.
              E: is Fixed (FAT32) - 17.57 GiB total, 13.64 GiB free.
              F: is CDROM (No Media)
              G: is CDROM (No Media)

              \\.\PHYSICALDRIVE0 - WDC WD2500JD-00HBB0 - 232.88 GiB - 3 partitions
              \PARTITION0 (bootable) - Installable File System - 125.46 GiB - C:
              \PARTITION1 - Extended w/Extended Int 13 - 107.42 GiB - D: - E:



              -- Security Center -------------------------------------------------------------

              AUOptions is scheduled to auto-install.
              Windows Internal Firewall is enabled.

              FirstRunDisabled is set.
              AntivirusOverride is set.


              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
              "%ProgramFiles%\\Messenger\\msmsgs.exe"="%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
              "%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
              "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
              "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
              "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
              "%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil"
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
              "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
              "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
              "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
              "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
              "%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
              "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
              "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
              "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
              "%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:enabled:BlueSoleil"
              "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
              "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
              "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*isabled:ET"
              "C:\\WINDOWS\\system32\\winis.exe"="C:\\WINDOWS\\system32\\winis.exe:*isabled:winis"
              "C:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe:*:Enabled:Age of Empires"
              "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
              "C:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"="C:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe:*:Enabled:BookWorm"
              "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
              "C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*isabled:iMesh 5"
              "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
              "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
              "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
              "C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwint er Nights"
              "C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*isabled:Xfire"
              "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
              "C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="C:\\Program Files\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
              "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*isabled:Firefox"
              "C:\\NeverwinterNights\\NWN\\nwupdate.exe"="C:\\NeverwinterNights\\NWN\\nwupdate.exe:*:Enabled:N WN Update Program"
              "C:\\Program Files\\Valve\\Steam\\SteamApps\\tovenaartje\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\tovenaartje\\counter-strike source\\hl2.exe:*:Enabled:hl2"
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
              "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
              "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
              "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
              "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
              "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
              "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
              "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


              -- Environment Variables -------------------------------------------------------

              ALLUSERSPROFILE=C:\Documents and Settings\All Users
              APPDATA=C:\Documents and Settings\Hans Mortelmans\Application Data
              CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
              CLIENTNAME=Console
              CommonProgramFiles=C:\Program Files\Common Files
              COMPUTERNAME=HANS
              ComSpec=C:\WINDOWS\system32\cmd.exe
              FP_NO_HOST_CHECK=NO
              HOMEDRIVE=C:
              HOMEPATH=\Documents and Settings\Hans Mortelmans
              LOGONSERVER=\\HANS
              NUMBER_OF_PROCESSORS=2
              OS=Windows_NT
              Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
              PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
              PROCESSOR_ARCHITECTURE=x86
              PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
              PROCESSOR_LEVEL=15
              PROCESSOR_REVISION=0304
              ProgramFiles=C:\Program Files
              PROMPT=$P$G
              QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
              SESSIONNAME=Console
              SystemDrive=C:
              SystemRoot=C:\WINDOWS
              TEMP=C:\DOCUME~1\HANSMO~1\LOCALS~1\Temp
              TMP=C:\DOCUME~1\HANSMO~1\LOCALS~1\Temp
              USERDOMAIN=HANS
              USERNAME=Hans Mortelmans
              USERPROFILE=C:\Documents and Settings\Hans Mortelmans
              windir=C:\WINDOWS


              -- User Profiles ---------------------------------------------------------------

              Hans Mortelmans (admin)
              Administrator (new local, admin)


              -- Add/Remove Programs ---------------------------------------------------------

              --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
              --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
              --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
              --> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
              --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x13 /remove
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x13
              --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x13 /remove
              --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
              AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
              Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
              Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUN0413.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
              Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
              Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
              Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
              Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
              Adobe Reader 6.0.1 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A00000000001}
              AdSubtract PRO 3 --> C:\WINDOWS\system32\ASUninstall.exe -u
              Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
              Age of Mythology - The Titans Expansion --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
              Agere Systems PCI Soft Modem --> agrsmdel
              AntiVerminser 2.1 --> C:\Program Files\AntiVerminser\uninst.exe
              Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
              Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
              ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9
              AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
              BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x13
              BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
              BulletProof FTP Server (remove only) --> "C:\Program Files\BPFTP Server\Uninstall\unins000.exe"
              C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
              Call of Duty - United Offensive --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
              Call of Duty Game of the Year Edition --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
              Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
              CopyToDVD --> "C:\Program Files\vso\CopyToDVD\unins000.exe"
              Creative-systeeminformatie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x13 /remove
              Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
              Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x13 /remove
              Creatix V.92 Data Fax Modem --> agrsmdel
              DeviceControl --> MsiExec.exe /I{EABE2A27-9452-472E-9389-EFF410E956E1}
              DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
              DivX Pro --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
              DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
              EA.com Matchup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
              EA.com Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
              Encarta Encyclopedie Winkler Prins --> MsiExec.exe /I{054E0044-64A6-4248-A026-9745C1E9E159}
              Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\targetedbanner-uninst.exe
              eTrust Antivirus Registration --> MsiExec.exe /I{515E1B00-E2B4-4975-9900-95F66077C3AE}
              ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
              GameShadow --> MsiExec.exe /I{B77398BC-94A4-4B31-9757-421D4A2657A1}
              GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
              Generic USB CardReader 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
              Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
              GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.exe" -l0x9 -removeonly
              Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
              High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
              HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
              HijackThis 1.99.1 --> C:\DOCUMENTS AND SETTINGS\HANS MORTELMANS\BUREAUBLAD\HijackThis.exe /uninstall
              Informatie over uw PC --> MsiExec.exe /I{B8910DF6-1717-4554-AA96-93430B3F9481}
              InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
              IsoBuster 1.2 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
              iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
              Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
              Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
              Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
              Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
              KB898458: Beveiligingsupdate voor Step by Step Interactive Training --> C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
              KB923723: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
              LimeWire PRO 4.9.33 --> "C:\Program Files\LimeWire\uninstall.exe"
              LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
              LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
              Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
              Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
              MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
              Microsoft AutoRoute 2005 --> MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
              Microsoft Photo Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
              Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
              Microsoft Word 2002 --> MsiExec.exe /I{911B0413-6000-11D3-8CFE-0050048383C9}
              Microsoft Works --> MsiExec.exe /I{C745447C-4000-4339-9C64-60EF550E839A}
              Microsoft Works 2005 Setup starten --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP f:\
              Microsoft Works Suite-invoegtoepassing Microsoft Word --> MsiExec.exe /I{68FF1199-3946-4413-A69A-4C920A067C5C}
              Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
              MSN Search Toolbar --> MsiExec.exe /X{F6C64F77-A6D3-49D6-8874-F9C43F2DFB40}
              MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
              Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
              Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall ExtraUninstallID=""
              Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9
              NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
              Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
              Oni --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Oni\Uninst.isu"
              OpenMG Secure Module 4.3.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
              PDF Manual NW-A10003000 --> MsiExec.exe /X{BF2F7927-92AF-4F5D-8B93-658F63DF8727}
              Philips Digital Media Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED0CF8BD-D4C4-4E8E-8E96-15EAA0316975}\Setup.exe" -l0x13
              PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
              PolderbitS Sound Recorder and Editor --> "C:\Program Files\PolderbitS\Recorder\Recorder.exe" /uninstall
              PowerCinema 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
              PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
              PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
              PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
              QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
              RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
              RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x13 -removeonly
              Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
              Skype 1.4 --> "C:\Program Files\Skype\Phone\unins000.exe"
              Smart Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E02403C-C469-4937-9B94-7DF9F78888FA}\Setup.exe" -l0x9
              Sony VAIO village Wallpaper --> C:\WINDOWS\WEB\Wallpaper\Sony VAIO village dir\uninstall.exe
              SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
              Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
              Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
              SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
              SWAT 4 - Gold --> C:\PROGRA~1\Sierra\SWAT4-~1\UNWISE.EXE C:\PROGRA~1\Sierra\SWAT4-~1\INSTALL.LOG
              TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
              Thrustmaster Force Feedback Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}\setup.exe" -l0x13 -removeonly
              Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
              U.S. Robotics iBand --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E26544D-9092-4A37-983E-8B5C70E1DBA9}\Setup.exe" -l0x13
              U.S. Robotics Wireless USB Adapter --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{AB6243A2-CEC3-4BE2-B75B-45A7F18E6B94}
              USB Storage Adapter FX (TPP) --> tppun.exe TPPFX
              USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1955A3A-EA24-4682-8641-43B5B688B09A}\Setup.exe" -l0x13
              Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
              videon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x13
              Videora iPod Converter 3.05 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
              Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
              W83L518D --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe" -l0x13
              Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
              Windows Back-up --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
              Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
              Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
              Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
              Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
              Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
              WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
              WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
              Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
              X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
              Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
              Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


              -- Application Event Log -------------------------------------------------------

              Event Record #/Type965 / Warning
              Event Submitted/Written: 03/29/2008 03:18:25 PM
              Event ID/Source: 32068 / Microsoft Fax
              Event Description:
              De regel voor uitgaande routing is niet geldig omdat er geen geldig apparaat kan worden gevonden. De uitgaande faxberichten die van deze regel gebruikmaken, zullen niet worden omgeleid. Controleer of het doelapparaat (of de doelapparaten) op de juiste manier is aangesloten, geïnstalleerd en ingeschakeld.
              Landnummer: *
              Netnummer: *

              Event Record #/Type964 / Warning
              Event Submitted/Written: 03/29/2008 03:18:25 PM
              Event ID/Source: 32026 / Microsoft Fax
              Event Description:
              Er kunnen geen toegewezen faxapparaten (virtueel of TAPI) worden geïnitialiseerd.
              Er kunnen pas faxberichten worden verzonden nadat er een faxapparaat is geïnstalleerd.

              Event Record #/Type957 / Warning
              Event Submitted/Written: 03/29/2008 02:20:14 PM
              Event ID/Source: 32068 / Microsoft Fax
              Event Description:
              De regel voor uitgaande routing is niet geldig omdat er geen geldig apparaat kan worden gevonden. De uitgaande faxberichten die van deze regel gebruikmaken, zullen niet worden omgeleid. Controleer of het doelapparaat (of de doelapparaten) op de juiste manier is aangesloten, geïnstalleerd en ingeschakeld.
              Landnummer: *
              Netnummer: *

              Event Record #/Type956 / Warning
              Event Submitted/Written: 03/29/2008 02:20:14 PM
              Event ID/Source: 32026 / Microsoft Fax
              Event Description:
              Er kunnen geen toegewezen faxapparaten (virtueel of TAPI) worden geïnitialiseerd.
              Er kunnen pas faxberichten worden verzonden nadat er een faxapparaat is geïnstalleerd.

              Event Record #/Type949 / Warning
              Event Submitted/Written: 03/29/2008 02:01:04 PM
              Event ID/Source: 32068 / Microsoft Fax
              Event Description:
              De regel voor uitgaande routing is niet geldig omdat er geen geldig apparaat kan worden gevonden. De uitgaande faxberichten die van deze regel gebruikmaken, zullen niet worden omgeleid. Controleer of het doelapparaat (of de doelapparaten) op de juiste manier is aangesloten, geïnstalleerd en ingeschakeld.
              Landnummer: *
              Netnummer: *



              -- Security Event Log ----------------------------------------------------------

              No Errors/Warnings found.


              -- System Event Log ------------------------------------------------------------

              Event Record #/Type188055 / Error
              Event Submitted/Written: 03/29/2008 03:19:13 PM
              Event ID/Source: 14325 / WMPNetworkSvc
              Event Description:
              Service 'WMPNetworkSvc' is niet gestart omdat in QueryService fout '0x80004002' is opgetreden. Schakel in Windows Media Player het delen van de media uit en schakel het vervolgens weer in.

              Event Record #/Type188033 / Error
              Event Submitted/Written: 03/29/2008 03:18:27 PM
              Event ID/Source: 7000 / Service Control Manager
              Event Description:
              De ScriptBlocking Service-service kan vanwege de volgende fout niet worden gestart:
              %%3

              Event Record #/Type188032 / Error
              Event Submitted/Written: 03/29/2008 03:18:27 PM
              Event ID/Source: 7000 / Service Control Manager
              Event Description:
              De SAVRTPEL-service kan vanwege de volgende fout niet worden gestart:
              %%2

              Event Record #/Type188031 / Error
              Event Submitted/Written: 03/29/2008 03:18:27 PM
              Event ID/Source: 7000 / Service Control Manager
              Event Description:
              De Norton AntiVirus Auto-Protect-service kan vanwege de volgende fout niet worden gestart:
              %%2

              Event Record #/Type188029 / Error
              Event Submitted/Written: 03/29/2008 03:18:25 PM
              Event ID/Source: 14325 / WMPNetworkSvc
              Event Description:
              Service 'WMPNetworkSvc' is niet gestart omdat in QueryService fout '0x80004002' is opgetreden. Schakel in Windows Media Player het delen van de media uit en schakel het vervolgens weer in.



              -- End of Deckard's System Scanner: finished at 2008-03-29 15:48:17 ------------

              Comment


              • #8
                Download VirtumundoBegone (mirror)
                Sla dit op op je bureaublad.

                Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
                Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
                Als de fix klaar is, start je de pc opnieuw op.
                Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

                Comment


                • #9
                  voila

                  [03/29/2008, 19:14:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Hans Mortelmans\Bureaublad\Mapje HULP\VirtumundoBeGone.exe" )
                  [03/29/2008, 19:15:02] - Detected System Information:
                  [03/29/2008, 19:15:02] - Windows Version: 5.1.2600, Service Pack 2
                  [03/29/2008, 19:15:02] - Current Username: Hans Mortelmans (Admin)
                  [03/29/2008, 19:15:02] - Windows is in NORMAL mode.
                  [03/29/2008, 19:15:02] - Searching for Browser Helper Objects:
                  [03/29/2008, 19:15:02] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
                  [03/29/2008, 19:15:02] - BHO 2: {08A8068E-53D1-42B2-B197-6D568843721F} ()
                  [03/29/2008, 19:15:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
                  [03/29/2008, 19:15:02] - Checking for HKLM\...\Winlogon\Notify\pmnkKbxx
                  [03/29/2008, 19:15:02] - Found: HKLM\...\Winlogon\Notify\pmnkKbxx - This is probably Virtumundo.
                  [03/29/2008, 19:15:02] - Assigning {08A8068E-53D1-42B2-B197-6D568843721F} MSEvents Object
                  [03/29/2008, 19:15:02] - BHO list has been changed! Starting over...
                  [03/29/2008, 19:15:02] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
                  [03/29/2008, 19:15:02] - BHO 2: {08A8068E-53D1-42B2-B197-6D568843721F} (MSEvents Object)
                  [03/29/2008, 19:15:02] - ALERT: Found MSEvents Object!
                  [03/29/2008, 19:15:02] - BHO 3: {16B435F6-B6CE-4F24-A568-944B27ED919C} (targettedbanner.biz browser enhancer)
                  [03/29/2008, 19:15:02] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
                  [03/29/2008, 19:15:02] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
                  [03/29/2008, 19:15:02] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
                  [03/29/2008, 19:15:03] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
                  [03/29/2008, 19:15:03] - BHO 8: {c831ba09-b802-4a04-8d8d-6d0ef19756fd} ()
                  [03/29/2008, 19:15:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
                  [03/29/2008, 19:15:03] - Checking for HKLM\...\Winlogon\Notify\kjgvxdgh
                  [03/29/2008, 19:15:03] - Key not found: HKLM\...\Winlogon\Notify\kjgvxdgh, continuing.
                  [03/29/2008, 19:15:03] - BHO 9: {EE273E76-D769-4E60-A11D-4CA3454F24DF} ()
                  [03/29/2008, 19:15:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
                  [03/29/2008, 19:15:03] - Checking for HKLM\...\Winlogon\Notify\mlJYsTlK
                  [03/29/2008, 19:15:03] - Key not found: HKLM\...\Winlogon\Notify\mlJYsTlK, continuing.
                  [03/29/2008, 19:15:03] - Finished Searching Browser Helper Objects
                  [03/29/2008, 19:15:03] - *** Detected MSEvents Object
                  [03/29/2008, 19:15:03] - Trying to remove MSEvents Object...
                  [03/29/2008, 19:15:04] - Terminating Process: IEXPLORE.EXE
                  [03/29/2008, 19:15:04] - Terminating Process: RUNDLL32.EXE
                  [03/29/2008, 19:15:04] - Disabling Automatic Shell Restart
                  [03/29/2008, 19:15:04] - Terminating Process: EXPLORER.EXE
                  [03/29/2008, 19:15:05] - Suspending the NT Session Manager System Service
                  [03/29/2008, 19:15:07] - Terminating Windows NT Logon/Logoff Manager
                  [03/29/2008, 19:15:07] - Re-enabling Automatic Shell Restart
                  [03/29/2008, 19:15:07] - File to disable: C:\WINDOWS\system32\pmnkKbxx.dll
                  [03/29/2008, 19:15:07] - Renaming C:\WINDOWS\system32\pmnkKbxx.dll -> C:\WINDOWS\system32\pmnkKbxx.dll.vir
                  [03/29/2008, 19:15:07] - File successfully renamed!
                  [03/29/2008, 19:15:07] - Removing HKLM\...\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}
                  [03/29/2008, 19:15:07] - Removing HKCR\CLSID\{08A8068E-53D1-42B2-B197-6D568843721F}
                  [03/29/2008, 19:15:07] - Adding Kill Bit for ActiveX for GUID: {08A8068E-53D1-42B2-B197-6D568843721F}
                  [03/29/2008, 19:15:07] - Deleting ATLEvents/MSEvents Registry entries
                  [03/29/2008, 19:15:07] - Removing HKLM\...\Winlogon\Notify\pmnkKbxx
                  [03/29/2008, 19:15:07] - Searching for Browser Helper Objects:
                  [03/29/2008, 19:15:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
                  [03/29/2008, 19:15:07] - BHO 2: {16B435F6-B6CE-4F24-A568-944B27ED919C} (targettedbanner.biz browser enhancer)
                  [03/29/2008, 19:15:07] - BHO 3: {26236B59-C568-4DA1-8FA0-F634A84F7F9D} ()
                  [03/29/2008, 19:15:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
                  [03/29/2008, 19:15:07] - Checking for HKLM\...\Winlogon\Notify\mlJYsTlK
                  [03/29/2008, 19:15:07] - Key not found: HKLM\...\Winlogon\Notify\mlJYsTlK, continuing.
                  [03/29/2008, 19:15:07] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
                  [03/29/2008, 19:15:07] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
                  [03/29/2008, 19:15:07] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
                  [03/29/2008, 19:15:07] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
                  [03/29/2008, 19:15:07] - BHO 8: {c831ba09-b802-4a04-8d8d-6d0ef19756fd} ()
                  [03/29/2008, 19:15:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
                  [03/29/2008, 19:15:07] - Checking for HKLM\...\Winlogon\Notify\kjgvxdgh
                  [03/29/2008, 19:15:07] - Key not found: HKLM\...\Winlogon\Notify\kjgvxdgh, continuing.
                  [03/29/2008, 19:15:07] - Finished Searching Browser Helper Objects
                  [03/29/2008, 19:15:07] - Finishing up...
                  [03/29/2008, 19:15:07] - A restart is needed.
                  [03/29/2008, 19:15:19] - Attempting to Restart via STOP error (Blue Screen!)

                  Comment


                  • #10
                    Post eens een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt

                    Comment


                    • #11
                      ...

                      nope geen problemos meer.
                      merci

                      log:

                      Logfile of HijackThis v1.99.1
                      Scan saved at 22:49:05, on 29/03/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\WINDOWS\ATKKBService.exe
                      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                      C:\WINDOWS\system32\CTsvcCDA.EXE
                      C:\Program Files\ewido anti-malware\ewidoctrl.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\PnkBstrA.exe
                      C:\WINDOWS\system32\MsPMSPSv.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\AGRSMMSG.exe
                      C:\WINDOWS\Dit.exe
                      C:\WINDOWS\mHotkey.exe
                      C:\WINDOWS\CNYHKey.exe
                      C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                      C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
                      C:\WINDOWS\tppaldr.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\Program Files\Winamp\winampa.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
                      C:\Program Files\Skype\Phone\Skype.exe
                      C:\Program Files\Valve\Steam\Steam.exe
                      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\Windows Media Player\WMPNSCFG.exe
                      C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                      C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
                      C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe
                      C:\Program Files\interMute\AdSubtract\AdSub.exe
                      C:\Program Files\Xfire\Xfire.exe
                      C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearchIndexer.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\Mozilla Firefox\firefox.exe
                      C:\Documents and Settings\Hans Mortelmans\Bureaublad\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1046
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                      O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
                      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                      O4 - HKLM\..\Run: [Dit] Dit.exe
                      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
                      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                      O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
                      O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                      O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Hans Mortelmans\lsass.exe
                      O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
                      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                      O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
                      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                      O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
                      O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
                      O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
                      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                      O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Program Files\U.S. Robotics\Wireless USB Manager\USR11G.exe
                      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe
                      O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
                      O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
                      O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
                      O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
                      O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?cf5f501069f548fdbbc540c37a674f8c
                      O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?cf5f501069f548fdbbc540c37a674f8c
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O11 - Options group: [INTERNATIONAL] International*
                      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
                      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
                      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                      O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
                      O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
                      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
                      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
                      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
                      O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
                      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                      O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
                      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
                      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

                      Comment


                      • #12
                        of toch

                        ik krijg wel nog updates van windows toegestuurd:
                        "de updates van windows zijn gereed voor installatie op uw pc,..."
                        maar als ik ze installeer krijg ik een bericht dat Microsoft Windows Installer 3.1 niet geupdated raakt, waarna het windows update icoontje opnieuw verschijnt.

                        Comment


                        • #13
                          Open een kladblokbestand.
                          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                          @ECHO OFF
                          IF EXIST log.txt DEL log.txt
                          ren C:\WINDOWS\system32\kjgvxdgh.dll kjgvxdgh.bak
                          ren C:\WINDOWS\system32\mlJYsTlK.dll mlJYsTlK.bak
                          ren C:\WINDOWS\system32\adsubtb.dll adsubtb.bak
                          rd /s /q C:\WINDOWS\system32\imd4
                          rd /s /q C:\WINDOWS\system32\ext
                          rd /s /q C:\WINDOWS\system32\DL
                          rd /s /q C:\WINDOWS\system32\aqVreo18
                          ECHO Deleting files>>log.txt
                          FOR %%g in (
                          C:\WINDOWS\system32\kjgvxdgh.bak
                          C:\WINDOWS\system32\mlJYsTlK.bak
                          C:\WINDOWS\system32\adsubtb.dll
                          C:\WINDOWS\system32\adsubtb.bak
                          C:\WINDOWS\system32\KlTsYJlm.ini2
                          C:\WINDOWS\system32\mlJYsTlK.dll
                          C:\WINDOWS\system32\ewxkdclq.dll
                          C:\WINDOWS\system32\kjgvxdgh.dll
                          C:\WINDOWS\system32\sfxbhkyx.dll
                          C:\WINDOWS\system32\hgGyvwwV.dll
                          C:\WINDOWS\system32\targetedbanner-uninst.exe
                          C:\WINDOWS\system32\imd4
                          C:\WINDOWS\system32\ext
                          C:\WINDOWS\system32\DL
                          C:\WINDOWS\system32\aqVreo18
                          C:\WINDOWS\system32\pmnkKbxx.dll.vir) DO (
                          IF EXIST %%g (
                          ATTRIB -r -s -h %%g
                          DEL %%g
                          IF EXIST %%g (
                          ECHO %%g not deleted>>log.txt
                          ) ELSE (
                          ECHO %%g deleted>>log.txt)
                          ) ELSE (
                          ECHO %%g not found>>log.txt))
                          START NOTEPAD.EXE log.txt

                          Ga naar Bestand - Opslaan als.
                          Bij "Opslaan in" kies je: Bureaublad
                          Bij "Bestandsnaam" zet je: del.bat
                          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                          Klik op de knop Opslaan.

                          Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                          Comment


                          • #14
                            ...

                            Deleting files
                            C:\WINDOWS\system32\kjgvxdgh.bak not deleted
                            C:\WINDOWS\system32\mlJYsTlK.bak not found
                            C:\WINDOWS\system32\adsubtb.dll not found
                            C:\WINDOWS\system32\adsubtb.bak not deleted
                            C:\WINDOWS\system32\KlTsYJlm.ini2 deleted
                            C:\WINDOWS\system32\mlJYsTlK.dll not deleted
                            C:\WINDOWS\system32\ewxkdclq.dll deleted
                            C:\WINDOWS\system32\kjgvxdgh.dll not found
                            C:\WINDOWS\system32\sfxbhkyx.dll deleted
                            C:\WINDOWS\system32\hgGyvwwV.dll deleted
                            C:\WINDOWS\system32\targetedbanner-uninst.exe deleted
                            C:\WINDOWS\system32\imd4 not found
                            C:\WINDOWS\system32\ext not found
                            C:\WINDOWS\system32\DL not found
                            C:\WINDOWS\system32\aqVreo18 not found
                            C:\WINDOWS\system32\pmnkKbxx.dll.vir deleted

                            aub

                            Comment


                            • #15
                              Gebruik del.bat nog een keer in veilige modus en post dan het logje opnieuw tesamen met een nieuw logje van Hijackthis

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X