Mededeling

**smeenk** · 16-04-08, 19:03

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**bierkwartier** · 16-04-08, 20:16

Deckard's System Scanner v20071014.68
Run by Fam. Roelofs on 2008-04-16 20:10:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
94: 2008-04-16 18:10:54 UTC - RP141 - Deckard's System Scanner Restore Point
93: 2008-04-15 16:01:31 UTC - RP140 - Controlepunt van systeem
92: 2008-04-14 14:11:52 UTC - RP139 - Last known good configuration
91: 2008-04-14 14:11:41 UTC - RP138 - Software Distribution Service 3.0
90: 2008-04-14 14:11:41 UTC - RP137 - Installed Kleurenzoeker

-- First Restore Point --
1: 2008-04-14 14:11:15 UTC - RP48 - Configured Microsoft Office Enterprise 2007

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.39 GiB (less than 15%) free.

-- HijackThis (run as Fam. Roelofs.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:06, on 16-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\tlntsvr.exe
F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Fam. Roelofs\Bureaublad\dss.exe
C:\DOCUME~1\FAM~1.ROE\BUREAU~1\Fam. Roelofs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1085AA10-C4C8-4DC4-BD3A-6C0EDAFC0A4A} - C:\WINDOWS\system32\awtsrqon.dll
O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {6DC2D282-D414-435E-8A26-FF3C23AC36EF} - C:\WINDOWS\system32\awtttqpp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll
O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\SYSTEM32\TASKMON.EXE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: awtttqpp - C:\WINDOWS\SYSTEM32\awtttqpp.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MtRepair1 - Unknown owner - C:\WINDOWS\system32\MtRepair1.exe (file missing)
O23 - Service: MtRepair2 - Unknown owner - C:\WINDOWS\system32\MtRepair2.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 10232 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>

S2 DSCCAM (Multi-Mode Plus Camera Video Service) - c:\windows\system32\drivers\dsccam.sys <Not Verified; SAMPO Corporation; Multi-Mode Plus Camera>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S2 MtRepair1 - "c:\windows\system32\mtrepair1.exe" -serv (file missing)
S2 MtRepair2 - "c:\windows\system32\mtrepair2.exe" -serv (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Ethernet-controller
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_01061106&REV_8B\4&2E98101C&0&18F0
Manufacturer:
Name: Ethernet-controller
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_01061106&REV_8B\4&2E98101C&0&18F0
Service:

-- Files created between 2008-03-16 and 2008-04-16 -----------------------------

2008-04-16 20:08:37 183634 --ahs---- C:\WINDOWS\system32\noqrstwa.ini2
2008-04-16 20:05:41 0 d-------- C:\RVAXO
2008-04-16 20:00:32 792650 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-16 20:00:32 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-16 17:24:39 95808 --a------ C:\WINDOWS\system32\xrlgxlnh.dll
2008-04-16 17:21:38 105536 --a------ C:\WINDOWS\system32\drjrqowv.dll
2008-04-16 17:20:27 100928 --a------ C:\WINDOWS\system32\irmshidr.dll
2008-04-15 17:10:11 105536 --a------ C:\WINDOWS\system32\sdvwpyja.dll
2008-04-15 17:10:03 100416 --a------ C:\WINDOWS\system32\ppjbelgg.dll
2008-04-15 17:09:12 370688 --a------ C:\WINDOWS\system32\awtsrqon.dll
2008-04-15 13:35:17 100416 --a------ C:\WINDOWS\system32\tiautsxb.dll
2008-04-14 17:10:03 0 d-------- C:\Program Files\NavigationProgram
2008-04-14 16:06:10 0 d-------- C:\Temp
2008-04-14 16:05:59 30720 --a------ C:\WINDOWS\system32\awtttqpp.dll
2008-04-14 13:54:39 0 dr-h----- C:\Documents and Settings\Fam. Roelofs\Onlangs geopend
2008-04-12 16:39:56 0 d-------- C:\Program Files\Webhelpje.nl
2008-04-12 16:37:39 0 d-------- C:\Program Files\Webhelpjekleurenzoeker
2008-04-08 15:37:07 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Help
2008-04-08 14:44:50 131726 -rahs---- C:\WINDOWS\system32\TASKMON.EXE
2008-04-07 21:31:14 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-06 16:33:21 0 dr-h----- C:\$VAULT$.AVG
2008-03-28 23:09:07 0 d-------- C:\Program Files\deyoutubedownloader
2008-03-25 22:40:34 0 d-------- C:\Program Files\clue-by-4.org
2008-03-25 19:49:34 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\ImagesWords
2008-03-25 19:49:34 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\EasyPCGate
2008-03-22 16:12:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-19 21:59:24 0 d-------- C:\Program Files\Digital1Audio
2008-03-19 21:49:52 0 d-------- C:\Program Files\Ubisoft
2008-03-16 19:05:01 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\.clue-by-4.org
2008-03-16 17:32:38 0 d-------- C:\Program Files\[email protected]

-- Find3M Report ---------------------------------------------------------------

2008-04-16 20:05:50 0 d-------- C:\Program Files\SPAMfighter
2008-04-15 21:22:46 0 d-------- C:\Program Files\FlashFXP
2008-04-14 15:32:29 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\LimeWire
2008-04-13 14:38:04 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Adobe
2008-04-12 22:33:06 472146 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-12 22:33:06 83460 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-11 20:34:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 14:27:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 20:15:52 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-22 16:46:59 0 d-------- C:\Program Files\Common Files
2008-03-22 16:26:16 0 d-------- C:\Program Files\Website
2008-03-22 14:54:57 0 d-------- C:\Program Files\EPN
2008-03-22 14:48:49 0 d-------- C:\Program Files\Cyberlink
2008-03-18 13:58:27 0 d-------- C:\Program Files\webcamXP
2008-03-18 13:58:03 0 d-------- C:\Program Files\Common Files\Real
2008-03-18 13:58:02 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Real
2008-03-18 13:54:46 0 d-------- C:\Program Files\Java
2008-03-08 17:59:19 0 d-------- C:\Program Files\worms
2008-03-08 17:56:21 0 d-------- C:\Program Files\Common Files\BOONTY Shared
2008-03-05 20:59:25 0 d-------- C:\Program Files\YouTube Downloader
2008-03-04 23:13:23 0 d-------- C:\Program Files\Web Album Generator
2008-03-03 20:11:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-03 20:11:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-29 15:07:28 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\AVG7
2008-02-25 19:48:50 0 d-------- C:\Program Files\Common Files\Ankiro
2008-02-25 19:48:37 0 d-------- C:\Program Files\Common Files\Application
2008-02-23 17:35:53 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\SPAMfighter
2008-02-23 17:34:45 0 d-------- C:\Program Files\Spam Monitor
2008-02-23 17:34:45 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Spam Monitor
2008-02-18 20:52:35 0 d-------- C:\Program Files\LimeWire
2008-02-18 20:52:34 0 d-------- C:\Program Files\DivX
2008-02-18 20:52:34 0 d-------- C:\Program Files\Avanquest update
2008-02-18 20:52:24 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Ahead
2008-02-18 20:26:59 0 d-------- C:\Program Files\Sony Ericsson
2008-02-14 21:29:15 8 --a------ C:\WINDOWS\system32\nvModes.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1085AA10-C4C8-4DC4-BD3A-6C0EDAFC0A4A}]
15-04-2008 17:09 370688 --a------ C:\WINDOWS\system32\awtsrqon.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EC34846-3317-4399-8D82-CC0DCD2D86A1}]
C:\WINDOWS\system32\pmnnonop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DC2D282-D414-435E-8A26-FF3C23AC36EF}]
14-04-2008 16:05 30720 --a------ C:\WINDOWS\system32\awtttqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D93B3CA5-6552-0DAA-353B-FB9D4F20B168}]
30-12-2007 22:48 1019904 --a------ C:\Program Files\NavigationProgram\NavigationProgram-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8beb10b-8734-4455-b9c8-5fd55030fadf}]
16-04-2008 17:21 105536 --a------ C:\WINDOWS\system32\drjrqowv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl"

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15-04-2008 13:36]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27-10-2006 01:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20-12-2007 13:46]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12-01-2005 04:01]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01-03-2007 16:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08-08-2007 10:25]
"taskmon"="C:\WINDOWS\SYSTEM32\TASKMON.EXE" [08-04-2008 14:44]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [19-02-2008 10:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05-12-2007 02:41]
"nwiz"="nwiz.exe" [05-12-2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05-12-2007 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"78fd5a2b"="C:\WINDOWS\system32\xrlgxlnh.dll" [16-04-2008 17:24]
"BM7bce69b7"="C:\WINDOWS\system32\irmshidr.dll" [16-04-2008 17:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [19-12-2007 22:13]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [03-08-2007 13:51]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [20-11-2007 16:29]
"EVEREST AutoStart"="F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe" [04-09-2007 18:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\Fam. Roelofs\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26-10-2006 21:24:54]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29-8-2003 20:05:35]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [20-12-2007 13:55:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6DC2D282-D414-435E-8A26-FF3C23AC36EF}"= C:\WINDOWS\system32\awtttqpp.dll [14-04-2008 16:05 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqpp]
awtttqpp.dll 14-04-2008 16:05 30720 C:\WINDOWS\system32\awtttqpp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsrqon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVEREST AutoStart]
F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmon]
C:\WINDOWS\SYSTEM32\TASKMON.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6cbf1b8-bea9-11dc-8954-00138f9ea528}]
Auto\Command- G:\TASKMON.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TASKMON.EXE

-- End of Deckard's System Scanner: finished at 2008-04-16 20:13:52 ------------

------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1534.8 MiB / 966.3 MiB
Pagefile Memory (total/avail): 3433.7 MiB / 3056.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 68.32 GiB total, 6.39 GiB free.
D: is Fixed (FAT32) - 28.8 GiB total, 6.01 GiB free.
E: is Fixed (FAT32) - 14.65 GiB total, 8.91 GiB free.
F: is Fixed (NTFS) - 465.76 GiB total, 177.32 GiB free.
G: is Removable (FAT)
J: is CDROM (No Media)
K: is CDROM (No Media)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST3120023A - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 68.32 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 43.47 GiB - D: - E:

\\.\PHYSICALDRIVE0 - WDC WD5000AAKB-22UKA0 - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - F:

\\.\PHYSICALDRIVE2 - SanDisk Cruzer Mini USB Device - 117.66 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 122.33 MiB - G:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"="C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\\Games\\Mohaa\\moh_spearhead.exe"="C:\\Games\\Mohaa\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"G:\\PRIVE\\GAMES\\Age of Empires 2\\age2_x1.exe"="G:\\PRIVE\\GAMES\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Games\\COD UO\\COD UO\\CoDUOMP.exe"="C:\\Games\\COD UO\\COD UO\\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\\Games\\COD UO\\COD UO\\CoDMP.exe"="C:\\Games\\COD UO\\COD UO\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Games\\GP4\\GP4.exe"="C:\\Games\\GP4\\GP4.exe:*:Enabled:GP4"
"C:\\Games\\Age of Empires 2\\age2_x1.exe"="C:\\Games\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Games\\Call of duty 2\\CoD2MP_s.exe"="C:\\Games\\Call of duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"="C:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe:*:Enabled:GP4"
"C:\\Program Files\\webcamXP\\webcamXP.exe"="C:\\Program Files\\webcamXP\\webcamXP.exe:*:Enabled:webcamXP 2007"
"G:\\FILMS\\(Flatout-II) [0054] - FlatOut2.part.nzb yEnc (15)\\FlatOut2\\FlatOut2\\FlatOut2.exe"="G:\\FILMS\\(Flatout-II) [0054] - FlatOut2.part.nzb yEnc (15)\\FlatOut2\\FlatOut2\\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\\Games\\Mohaa\\moh_Breakthrough_server.exe"="C:\\Games\\Mohaa\\moh_Breakthrough_server.exe:*:Ena bled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\\Games\\Mohaa\\moh_Breakthrough.exe"="C:\\Games\\Mohaa\\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Games\\rFactor\\rFactor.exe"="C:\\Games\\rFactor\\rFactor.exe:*:Enabled:rFactor"
"C:\\Games\\rFactor\\rFactor Dedicated.exe"="C:\\Games\\rFactor\\rFactor Dedicated.exe:*:Enabled:rFactor"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow MultiPlayer Demo\\online\\System\\PandoraMultiPlayerDemo.exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow MultiPlayer Demo\\online\\System\\PandoraMultiPlayerDemo.exe:*:Enabled:PandoraMultiPlayerDemo"
"C:\\Games\\Splinter Cell DA\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Games\\Splinter Cell DA\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe"="C:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe:*:Enabled:Worms 4 Mayhem Demo"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
"C:\\Program Files\\[email protected]\\LookAtLan.exe"="C:\\Program Files\\[email protected]\\LookAtLan.exe:*:Enabled:[email protected]"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Fam. Roelofs\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VINCENT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Fam. Roelofs
LOGONSERVER=\\VINCENT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\FAM~1.ROE\LOCALS~1\Temp
TMP=C:\DOCUME~1\FAM~1.ROE\LOCALS~1\Temp
USERDOMAIN=VINCENT
USERNAME=Fam. Roelofs
USERPROFILE=C:\Documents and Settings\Fam. Roelofs
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Fam. Roelofs (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x13
Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agent Ransack Version 1.7.3 --> "C:\Program Files\Mythicsoft\Agent Ransack\unins000.exe"
Alligator Flash Designer 6 (6.0.0.7) --> C:\PROGRA~1\Selteco\ALLIGA~2\Setup.exe /remove
Alt.Binz 0.25.0 --> C:\Program Files\AltBinz\uninst.exe
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0013 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPN werkboek-i Getal en Ruimte/1 vmbo-B(K) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D52A675-1565-49DA-BA1B-807DF01A83BC}\setup.exe" -l0x13 UNINSTALL
FlashFXP v3.2.0 (Build 1080) Scene Edition --> C:\WINDOWS\unvise32.exe C:\Program Files\FlashFXP\uninstal.log
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Grand Prix 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Infogrames\Grand Prix 4\setup.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Fam. Roelofs\Local Settings\Temporary Internet Files\Content.IE5\IMM3XVIS\HijackThis.exe" /uninstall
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.7 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kleurenzoeker --> MsiExec.exe /I{71134987-BC08-415C-B42C-52E8021FED8D}
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
[email protected] 2.50 Build 35 --> C:\WINDOWS\iun6002.exe "C:\Program Files\[email protected]\irunin.ini"
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x13
Medal of Honor Allied Assault(tm) Breakthrough --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x13
Medal of Honor Allied Assault(tm) Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x13
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170413-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mirar --> "C:\Program Files\Internet Explorer\iexplore.exe" http://remove.getmirar.com/
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{988B6E93-EAE9-44C2-A226-A4631C57B2AF}
Multi-Mode Plus Camera V1.00 --> C:\WINDOWS\twain_32\mmdsc\UNWISE.EXE C:\WINDOWS\twain_32\mmdsc\install.log
NavigationProgram --> C:\Program Files\NavigationProgram\uninstall.exe
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1043}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PCDJ VJ --> C:\PROGRA~1\DIGITA~1\PCDJVJ~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\PCDJVJ~1\INSTALL.LOG
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1043
Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x9 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0013 -removeonly
rFactor (remove only) --> "C:\Games\rFactor\Uninstall.exe"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sony Ericsson PC Suite 3.108.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0013 -removeonly
SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Talent Editor 2.0.3.0 --> "C:\Program Files\clue-by-4.org\Talent Editor\unins000.exe"
Tom Clancy's Splinter Cell Double Agent 1.02 --> "C:\Games\Splinter Cell DA\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Web Album Generator 1.8.2 --> "C:\Program Files\Web Album Generator\unins000.exe"
Windows Imaging Component -->
Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
YouTube Downloader 2.41 --> "C:\Program Files\deyoutubedownloader\YouTube Downloader\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type457 / Error
Event Submitted/Written: 04/16/2008 07:50:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.20733, vastgelopen module: msctf.dll, versie: 5.1.2600.2180, vastgelopen op: 0x00039b5c.
Verwerken van mediaspecifieke gebeurtenis voor [iexplore.exe!ws!]

Event Record #/Type447 / Success
Event Submitted/Written: 04/16/2008 06:23:12 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type424 / Success
Event Submitted/Written: 04/16/2008 01:03:21 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type406 / Success
Event Submitted/Written: 04/15/2008 07:56:38 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type392 / Success
Event Submitted/Written: 04/15/2008 06:46:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3734 / Error
Event Submitted/Written: 04/16/2008 08:05:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De MtRepair2-service kan vanwege de volgende fout niet worden gestart:
%%2

Event Record #/Type3733 / Error
Event Submitted/Written: 04/16/2008 08:05:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De MtRepair1-service kan vanwege de volgende fout niet worden gestart:
%%2

Event Record #/Type3732 / Error
Event Submitted/Written: 04/16/2008 08:05:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De Multi-Mode Plus Camera Video Service-service kan vanwege de volgende fout niet worden gestart:
%%1058

Event Record #/Type3727 / Error
Event Submitted/Written: 04/16/2008 08:03:50 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
om de server
{1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Event Record #/Type3726 / Error
Event Submitted/Written: 04/16/2008 08:03:26 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
om de server
{1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

-- End of Deckard's System Scanner: finished at 2008-04-16 20:13:52 ------------

--------------------

---RVAXO.exe Updated: 2008-04-16---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\noqrstwa.ini2
C:\WINDOWS\system32\pononnmp.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\MtRepair1.exe
C:\WINDOWS\system32\MtRepair2.exe
C:\WINDOWS\system32\winnb54.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\version69ie7fix.dll
C:\Program Files\Mozilla Firefox\regxpcom.exe
C:\WINDOWS\system32\pac.txt
C:\winlogon.exe

Folders Found:
C:\WINDOWS\system32\bharebio05
C:\Program Files\FBrowserAdvisor
C:\Temp\wdlw14

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:
C:\Documents and Settings\Fam. Roelofs\Mijn documenten\Mijn ontvangen bestanden\Oosterveen.zip

--------------RVAXO.exe finished----------------

**smeenk** · 16-04-08, 20:53

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
sc delete MtRepair1
sc delete MtRepair2
RD /S /Q "C:\Program Files\NavigationProgram"
REN "C:\Program Files\NavigationProgram\*.*" *.bak
FOR %%g in (
C:\WINDOWS\system32\noqrstwa.ini2
C:\WINDOWS\system32\xrlgxlnh.dll
C:\WINDOWS\system32\drjrqowv.dll
C:\WINDOWS\system32\irmshidr.dll
C:\WINDOWS\system32\sdvwpyja.dll
C:\WINDOWS\system32\ppjbelgg.dll
C:\WINDOWS\system32\awtsrqon.dll
C:\WINDOWS\system32\tiautsxb.dll
"C:\Program Files\NavigationProgram"
C:\WINDOWS\system32\awtttqpp.dll) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**bierkwartier** · 16-04-08, 22:18

Deleting files
C:\WINDOWS\system32\noqrstwa.ini2 deleted
renamed to C:\WINDOWS\system32\xrlgxlnh.dllNUCIA
C:\WINDOWS\system32\xrlgxlnh.dll deleted
renamed to C:\WINDOWS\system32\drjrqowv.dllNUCIA
C:\WINDOWS\system32\drjrqowv.dll deleted
renamed to C:\WINDOWS\system32\irmshidr.dllNUCIA
C:\WINDOWS\system32\irmshidr.dll deleted
C:\WINDOWS\system32\sdvwpyja.dll deleted
C:\WINDOWS\system32\ppjbelgg.dll deleted
C:\WINDOWS\system32\awtsrqon.dll not deleted
C:\WINDOWS\system32\tiautsxb.dll deleted
"C:\Program Files\NavigationProgram" not found
C:\WINDOWS\system32\awtttqpp.dll not deleted

**smeenk** · 16-04-08, 23:47

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Dubbelklik del.bat nog een keer en post dat logje ook.

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

**bierkwartier** · 17-04-08, 18:27

VBG:

[04/17/2008, 18:20:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Fam. Roelofs\Bureaublad\VirtumundoBeGone.exe" )
[04/17/2008, 18:20:21] - Detected System Information:
[04/17/2008, 18:20:21] - Windows Version: 5.1.2600, Service Pack 2
[04/17/2008, 18:20:21] - Current Username: Fam. Roelofs (Admin)
[04/17/2008, 18:20:21] - Windows is in NORMAL mode.
[04/17/2008, 18:20:21] - Searching for Browser Helper Objects:
[04/17/2008, 18:20:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[04/17/2008, 18:20:21] - BHO 2: {2EC34846-3317-4399-8D82-CC0DCD2D86A1} ()
[04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\pmnnonop
[04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\pmnnonop, continuing.
[04/17/2008, 18:20:21] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[04/17/2008, 18:20:21] - BHO 4: {4E738F94-2D35-4077-BAA8-C00155FB84C4} ()
[04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\awtsrqon
[04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\awtsrqon, continuing.
[04/17/2008, 18:20:21] - BHO 5: {6DC2D282-D414-435E-8A26-FF3C23AC36EF} ()
[04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\awtttqpp
[04/17/2008, 18:20:21] - Found: HKLM\...\Winlogon\Notify\awtttqpp - This is probably Virtumundo.
[04/17/2008, 18:20:21] - Assigning {6DC2D282-D414-435E-8A26-FF3C23AC36EF} MSEvents Object
[04/17/2008, 18:20:21] - BHO list has been changed! Starting over...
[04/17/2008, 18:20:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[04/17/2008, 18:20:21] - BHO 2: {2EC34846-3317-4399-8D82-CC0DCD2D86A1} ()
[04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\pmnnonop
[04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\pmnnonop, continuing.
[04/17/2008, 18:20:21] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[04/17/2008, 18:20:21] - BHO 4: {4E738F94-2D35-4077-BAA8-C00155FB84C4} ()
[04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\awtsrqon
[04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\awtsrqon, continuing.
[04/17/2008, 18:20:21] - BHO 5: {6DC2D282-D414-435E-8A26-FF3C23AC36EF} (MSEvents Object)
[04/17/2008, 18:20:21] - ALERT: Found MSEvents Object!
[04/17/2008, 18:20:21] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/17/2008, 18:20:21] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/17/2008, 18:20:21] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/17/2008, 18:20:21] - BHO 9: {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} (NavigationProgram)
[04/17/2008, 18:20:21] - BHO 10: {e8beb10b-8734-4455-b9c8-5fd55030fadf} ()
[04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\drjrqowv
[04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\drjrqowv, continuing.
[04/17/2008, 18:20:21] - Finished Searching Browser Helper Objects
[04/17/2008, 18:20:21] - *** Detected MSEvents Object
[04/17/2008, 18:20:21] - Trying to remove MSEvents Object...
[04/17/2008, 18:20:22] - Terminating Process: IEXPLORE.EXE
[04/17/2008, 18:20:23] - Terminating Process: RUNDLL32.EXE
[04/17/2008, 18:20:24] - Disabling Automatic Shell Restart
[04/17/2008, 18:20:24] - Terminating Process: EXPLORER.EXE
[04/17/2008, 18:20:24] - Suspending the NT Session Manager System Service
[04/17/2008, 18:20:24] - Terminating Windows NT Logon/Logoff Manager
[04/17/2008, 18:20:24] - Re-enabling Automatic Shell Restart
[04/17/2008, 18:20:24] - File to disable: C:\WINDOWS\system32\awtttqpp.dll
[04/17/2008, 18:20:24] - Renaming C:\WINDOWS\system32\awtttqpp.dll -> C:\WINDOWS\system32\awtttqpp.dll.vir
[04/17/2008, 18:20:24] - File successfully renamed!
[04/17/2008, 18:20:24] - Removing HKLM\...\Browser Helper Objects\{6DC2D282-D414-435E-8A26-FF3C23AC36EF}
[04/17/2008, 18:20:24] - Removing HKCR\CLSID\{6DC2D282-D414-435E-8A26-FF3C23AC36EF}
[04/17/2008, 18:20:24] - Adding Kill Bit for ActiveX for GUID: {6DC2D282-D414-435E-8A26-FF3C23AC36EF}
[04/17/2008, 18:20:24] - Deleting ATLEvents/MSEvents Registry entries
[04/17/2008, 18:20:24] - Removing HKLM\...\Winlogon\Notify\awtttqpp
[04/17/2008, 18:20:24] - Searching for Browser Helper Objects:
[04/17/2008, 18:20:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[04/17/2008, 18:20:24] - BHO 2: {2EC34846-3317-4399-8D82-CC0DCD2D86A1} ()
[04/17/2008, 18:20:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:24] - Checking for HKLM\...\Winlogon\Notify\pmnnonop
[04/17/2008, 18:20:24] - Key not found: HKLM\...\Winlogon\Notify\pmnnonop, continuing.
[04/17/2008, 18:20:24] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[04/17/2008, 18:20:24] - BHO 4: {4E738F94-2D35-4077-BAA8-C00155FB84C4} ()
[04/17/2008, 18:20:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:24] - Checking for HKLM\...\Winlogon\Notify\awtsrqon
[04/17/2008, 18:20:24] - Key not found: HKLM\...\Winlogon\Notify\awtsrqon, continuing.
[04/17/2008, 18:20:24] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/17/2008, 18:20:24] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/17/2008, 18:20:24] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/17/2008, 18:20:24] - BHO 8: {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} (NavigationProgram)
[04/17/2008, 18:20:24] - BHO 9: {e8beb10b-8734-4455-b9c8-5fd55030fadf} ()
[04/17/2008, 18:20:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/17/2008, 18:20:24] - Checking for HKLM\...\Winlogon\Notify\drjrqowv
[04/17/2008, 18:20:24] - Key not found: HKLM\...\Winlogon\Notify\drjrqowv, continuing.
[04/17/2008, 18:20:24] - Finished Searching Browser Helper Objects
[04/17/2008, 18:20:24] - Finishing up...
[04/17/2008, 18:20:24] - A restart is needed.
[04/17/2008, 18:20:38] - Attempting to Restart via STOP error (Blue Screen!)

-------------------------------
Zoek.exe:

======C:\WINDOWS====
----a-w 0 2008-04-17 16:22:59 C:\WINDOWS\0.log
----a-w 3,777 2008-04-16 18:09:47 C:\WINDOWS\BM7bce69b7.txt
----a-w 101,217 2008-04-16 18:41:21 C:\WINDOWS\BM7bce69b7.xml
--s-a-w 2,048 2008-04-17 16:22:03 C:\WINDOWS\bootstat.dat
----a-w 318 2008-04-15 16:17:14 C:\WINDOWS\cookies.ini
----a-w 720,896 2008-04-07 19:30:58 C:\WINDOWS\iun6002.exe
----a-w 69 2008-04-02 13:30:12 C:\WINDOWS\NeroDigital.ini
----a-w 22 2008-04-16 18:09:17 C:\WINDOWS\pskt.ini
----a-w 1,409 2008-04-14 12:14:10 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-04-14 12:14:10 C:\WINDOWS\QTFont.qfn
----a-w 32,590 2008-04-16 17:52:28 C:\WINDOWS\SchedLgU.Txt
----a-w 6,081 2008-04-16 16:12:03 C:\WINDOWS\setupapi.log
----a-w 227 2008-04-16 18:03:47 C:\WINDOWS\system.ini
----a-w 317 2008-03-16 17:00:50 C:\WINDOWS\VehVwr.INI
----a-w 159 2008-04-17 16:22:55 C:\WINDOWS\wiadebug.log
----a-w 49 2008-04-17 16:22:32 C:\WINDOWS\wiaservc.log
----a-w 654 2008-04-16 18:03:47 C:\WINDOWS\win.ini
----a-w 1,768,312 2008-04-17 16:24:05 C:\WINDOWS\WindowsUpdate.log
----a-w 535 2008-04-14 14:09:35 C:\WINDOWS\wmsetup.log

Entries: 19 (17)
Directories: 0 Files: 19
Bytes: 2,692,836 Blocks: 5,268
======C:\WINDOWS\system32=====
----a-w 370,688 2008-04-15 15:09:13 C:\WINDOWS\System32\awtsrqon.dll
----a-w 30,720 2008-04-14 14:05:59 C:\WINDOWS\System32\awtttqpp.dll.vir
----a-w 105,536 2008-04-16 15:21:39 C:\WINDOWS\System32\drjrqowv.dllNUCIA
--sh--w 1,558,099 2008-04-16 15:19:41 C:\WINDOWS\System32\fchmyeta.ini
----a-w 278,152 2008-04-12 21:27:10 C:\WINDOWS\System32\FNTCACHE.DAT
--sh--w 1,524,724 2008-04-16 18:09:29 C:\WINDOWS\System32\hnlxglrx.ini
----a-w 100,928 2008-04-16 15:20:28 C:\WINDOWS\System32\irmshidr.dllNUCIA
----a-w 6,300 2008-03-18 11:54:46 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
--sha-w 163,316 2008-04-17 16:25:48 C:\WINDOWS\System32\noqrstwa.ini
--sha-w 163,316 2008-04-17 16:25:28 C:\WINDOWS\System32\noqrstwa.ini2
----a-w 63,664 2008-04-12 20:33:06 C:\WINDOWS\System32\perfc009.dat
----a-w 83,460 2008-04-12 20:33:06 C:\WINDOWS\System32\perfc013.dat
----a-w 406,464 2008-04-12 20:33:06 C:\WINDOWS\System32\perfh009.dat
----a-w 472,146 2008-04-12 20:33:06 C:\WINDOWS\System32\perfh013.dat
----a-w 991,696 2008-04-12 20:33:06 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 107,832 2008-04-05 16:51:28 C:\WINDOWS\System32\PnkBstrB.exe
--sha-w 176,541 2008-04-15 11:49:54 C:\WINDOWS\System32\pononnmp.ini
----a-w 792,650 2008-04-16 17:08:24 C:\WINDOWS\System32\RVAXO.bat
--sha-r 131,726 2008-04-08 12:44:50 C:\WINDOWS\System32\TASKMON.EXE
----a-w 1,846,016 2008-03-20 08:01:24 C:\WINDOWS\System32\win32k.sys
----a-w 2,206 2008-04-17 16:23:38 C:\WINDOWS\System32\wpa.dbl
----a-w 95,808 2008-04-16 15:24:40 C:\WINDOWS\System32\xrlgxlnh.dllNUCIA

Entries: 23 (17)
Directories: 0 Files: 23
Bytes: 29,308,012 Blocks: 57,254
======C:\WINDOWS\system32\drivers=====
----a-w 22,328 2008-04-05 16:52:02 C:\WINDOWS\System32\drivers\PnkBstrK.sys

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 22,328 Blocks: 44
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
--sh--w 304 2008-04-16 18:03:47 C:\boot.ini
----a-w 688 2008-04-16 18:01:34 C:\firstrun5.log
----a-w 367 2008-03-25 14:57:15 C:\Mijn websites.lnk
--sha-w 2,145,386,496 2008-04-17 16:21:59 C:\pagefile.sys
----a-w 101 2008-03-25 19:39:27 C:\Protokoll.txt
----a-w 919 2008-04-16 18:06:10 C:\RVAXO-results.log
----a-w 28,749 2008-04-16 18:08:55 C:\RVAXO-Vfind.log

Entries: 7 (5)
Directories: 0 Files: 7
Bytes: 2,145,417,624 Blocks: 4,190,272
======C:\Documents and Settings\Fam. Roelofs\Application Data======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Temp======
----a-w 394 2008-04-14 14:08:08 C:\Temp\WMALog.txt

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 394 Blocks: 1
======C:\Documents and Settings\Fam. Roelofs======
---ha-w 7,340,032 2008-04-17 16:20:41 C:\Documents and Settings\Fam. Roelofs\NTUSER.DAT
---ha-w 237,568 2008-04-17 16:25:55 C:\Documents and Settings\Fam. Roelofs\ntuser.dat.LOG
--sh--w 188 2008-04-16 20:23:11 C:\Documents and Settings\Fam. Roelofs\ntuser.ini

Entries: 3 (0)
Directories: 0 Files: 3
Bytes: 7,577,788 Blocks: 14,801
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

-----------------------
Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:50, on 17-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SYSTEM32\TASKMON.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe
C:\WINDOWS\system32\tlntadmn.exe
C:\WINDOWS\system32\find.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D6BDB6D1-982E-4EB4-8187-876C84CCA96F} - C:\WINDOWS\system32\awtsrqon.dll
O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll (file missing)
O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\SYSTEM32\TASKMON.EXE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 10018 bytes

**smeenk** · 17-04-08, 18:32

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\BM7bce69b7.txt
C:\WINDOWS\BM7bce69b7.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\System32\awtsrqon.dll
C:\WINDOWS\System32\awtttqpp.dll.vir
C:\WINDOWS\System32\drjrqowv.dllNUCIA
C:\WINDOWS\System32\fchmyeta.ini
C:\WINDOWS\System32\hnlxglrx.ini
C:\WINDOWS\System32\irmshidr.dllNUCIA
C:\WINDOWS\System32\noqrstwa.ini
C:\WINDOWS\System32\noqrstwa.ini2
C:\WINDOWS\System32\pononnmp.ini
C:\WINDOWS\System32\xrlgxlnh.dllNUCIA) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**bierkwartier** · 17-04-08, 18:35

Deleting files
C:\WINDOWS\BM7bce69b7.txt deleted
C:\WINDOWS\BM7bce69b7.xml deleted
C:\WINDOWS\cookies.ini deleted
C:\WINDOWS\pskt.ini deleted
C:\WINDOWS\System32\awtsrqon.dll not deleted
C:\WINDOWS\System32\awtttqpp.dll.vir deleted
C:\WINDOWS\System32\drjrqowv.dllNUCIA deleted
C:\WINDOWS\System32\fchmyeta.ini deleted
C:\WINDOWS\System32\hnlxglrx.ini deleted
C:\WINDOWS\System32\irmshidr.dllNUCIA deleted
C:\WINDOWS\System32\noqrstwa.ini deleted
C:\WINDOWS\System32\noqrstwa.ini2 deleted
C:\WINDOWS\System32\pononnmp.ini deleted
C:\WINDOWS\System32\xrlgxlnh.dllNUCIA deleted

**smeenk** · 17-04-08, 18:38

Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
Unzip het.
Start het programma door op avenger.exe te klikken.
In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:
C:\WINDOWS\System32\awtsrqon.dll
C:\WINDOWS\System32\noqrstwa.ini
C:\WINDOWS\System32\noqrstwa.ini2

Klik daarna op de knop "Execute".
Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

**bierkwartier** · 17-04-08, 19:07

Tijdens het opstarten van mijn pc krijg ik 2 foutmeldingen. Ze staan in de bijlage. Hier de logfile van Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System32\awtsrqon.dll" deleted successfully.
File "C:\WINDOWS\System32\noqrstwa.ini" deleted successfully.
File "C:\WINDOWS\System32\noqrstwa.ini2" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:05, on 17-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\TASKMON.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe
C:\WINDOWS\system32\find.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D6BDB6D1-982E-4EB4-8187-876C84CCA96F} - C:\WINDOWS\system32\awtsrqon.dll (file missing)
O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll (file missing)
O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\SYSTEM32\TASKMON.EXE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 9999 bytes

Bijgevoegde Bestanden

**smeenk** · 17-04-08, 20:31

Start Hijackthis en vink alleen de volgende regels aan:
O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
O2 - BHO: (no name) - {D6BDB6D1-982E-4EB4-8187-876C84CCA96F} - C:\WINDOWS\system32\awtsrqon.dll (file missing)
O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll (file missing)
O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Herstart je computer.

Post na de herstart een nieuw logje van Hijackthis en vertel of er nog problemen zijn

**bierkwartier** · 17-04-08, 21:04

Het lijkt nu allemaal weer een stuk beter en sneller. Echt bedankt daarvoor!! Ik ga het even een weekend aanzien en mocht het dan nog niet helemaal goed zijn laat ik het weer horen. Hier een laatste logje ter controle:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:40, on 17-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\msiexec.exe
F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 9252 bytes

Nogmaals: Bedankt!

**smeenk** · 17-04-08, 21:35

Deze regel mag je nog weghalen met Hijackthis:
O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Dan denk ik dat we klaar zijn

**bierkwartier** · 20-04-08, 19:00

Oke heel erg bedankt, het lijkt allemaal goed nou..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:45, on 20-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 8930 bytes

Mededeling

Log controle

Log controle

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment