Mededeling

Collapse
No announcement yet.

Log controle

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Log controle

    Ik heb last van een toolbar genaamd Mirar. Ook is de computer traag en zie ik soms in taakbeheer dat de CPU op 100% staat. Als ik dan kijk wel process het veroorzaakt is het of cmd.exe, taskmon.exe of csrss.exe. Als ik dit process dan beëindig gaat het een poos goed.

    Wie kan me van deze rotzooi afhelpen?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:50:25, on 14-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\MtRepair1.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\MtRepair2.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\FAM~1.ROE\LOCALS~1\Temp\MirarPrefetchor.exe
    C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\SYSTEM32\TASKMON.EXE
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MtRepair1 - M i r a r - C:\WINDOWS\system32\MtRepair1.exe
    O23 - Service: MtRepair2 - M i r a r - C:\WINDOWS\system32\MtRepair2.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O24 - Desktop Component 0: (no name) - http://www.thundercloud.net/activescreens/christmas1/christmas-peace1024.htm

    --
    End of file - 9145 bytes
    http://www.bierkwartier.nl -- Vincent

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Deckard's System Scanner v20071014.68
      Run by Fam. Roelofs on 2008-04-16 20:10:32
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      94: 2008-04-16 18:10:54 UTC - RP141 - Deckard's System Scanner Restore Point
      93: 2008-04-15 16:01:31 UTC - RP140 - Controlepunt van systeem
      92: 2008-04-14 14:11:52 UTC - RP139 - Last known good configuration
      91: 2008-04-14 14:11:41 UTC - RP138 - Software Distribution Service 3.0
      90: 2008-04-14 14:11:41 UTC - RP137 - Installed Kleurenzoeker


      -- First Restore Point --
      1: 2008-04-14 14:11:15 UTC - RP48 - Configured Microsoft Office Enterprise 2007


      Backed up registry hives.
      Performed disk cleanup.

      System Drive C: has 6.39 GiB (less than 15%) free.


      -- HijackThis (run as Fam. Roelofs.exe) ----------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:13:06, on 16-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20733)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
      C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
      C:\WINDOWS\system32\tlntsvr.exe
      F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\SpywareGuard\sgmain.exe
      C:\Program Files\SpywareGuard\sgbhp.exe
      C:\Documents and Settings\Fam. Roelofs\Bureaublad\dss.exe
      C:\DOCUME~1\FAM~1.ROE\BUREAU~1\Fam. Roelofs.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1085AA10-C4C8-4DC4-BD3A-6C0EDAFC0A4A} - C:\WINDOWS\system32\awtsrqon.dll
      O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
      O2 - BHO: (no name) - {6DC2D282-D414-435E-8A26-FF3C23AC36EF} - C:\WINDOWS\system32\awtttqpp.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll
      O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\SYSTEM32\TASKMON.EXE
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
      O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
      O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O20 - Winlogon Notify: awtttqpp - C:\WINDOWS\SYSTEM32\awtttqpp.dll
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: MtRepair1 - Unknown owner - C:\WINDOWS\system32\MtRepair1.exe (file missing)
      O23 - Service: MtRepair2 - Unknown owner - C:\WINDOWS\system32\MtRepair2.exe (file missing)
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

      --
      End of file - 10232 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
      R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
      R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>

      S2 DSCCAM (Multi-Mode Plus Camera Video Service) - c:\windows\system32\drivers\dsccam.sys <Not Verified; SAMPO Corporation; Multi-Mode Plus Camera>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

      S2 MtRepair1 - "c:\windows\system32\mtrepair1.exe" -serv (file missing)
      S2 MtRepair2 - "c:\windows\system32\mtrepair2.exe" -serv (file missing)


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID:
      Description: Ethernet-controller
      Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_01061106&REV_8B\4&2E98101C&0&18F0
      Manufacturer:
      Name: Ethernet-controller
      PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_01061106&REV_8B\4&2E98101C&0&18F0
      Service:


      -- Files created between 2008-03-16 and 2008-04-16 -----------------------------

      2008-04-16 20:08:37 183634 --ahs---- C:\WINDOWS\system32\noqrstwa.ini2
      2008-04-16 20:05:41 0 d-------- C:\RVAXO
      2008-04-16 20:00:32 792650 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-04-16 20:00:32 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-04-16 17:24:39 95808 --a------ C:\WINDOWS\system32\xrlgxlnh.dll
      2008-04-16 17:21:38 105536 --a------ C:\WINDOWS\system32\drjrqowv.dll
      2008-04-16 17:20:27 100928 --a------ C:\WINDOWS\system32\irmshidr.dll
      2008-04-15 17:10:11 105536 --a------ C:\WINDOWS\system32\sdvwpyja.dll
      2008-04-15 17:10:03 100416 --a------ C:\WINDOWS\system32\ppjbelgg.dll
      2008-04-15 17:09:12 370688 --a------ C:\WINDOWS\system32\awtsrqon.dll
      2008-04-15 13:35:17 100416 --a------ C:\WINDOWS\system32\tiautsxb.dll
      2008-04-14 17:10:03 0 d-------- C:\Program Files\NavigationProgram
      2008-04-14 16:06:10 0 d-------- C:\Temp
      2008-04-14 16:05:59 30720 --a------ C:\WINDOWS\system32\awtttqpp.dll
      2008-04-14 13:54:39 0 dr-h----- C:\Documents and Settings\Fam. Roelofs\Onlangs geopend
      2008-04-12 16:39:56 0 d-------- C:\Program Files\Webhelpje.nl
      2008-04-12 16:37:39 0 d-------- C:\Program Files\Webhelpjekleurenzoeker
      2008-04-08 15:37:07 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Help
      2008-04-08 14:44:50 131726 -rahs---- C:\WINDOWS\system32\TASKMON.EXE
      2008-04-07 21:31:14 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
      2008-04-06 16:33:21 0 dr-h----- C:\$VAULT$.AVG
      2008-03-28 23:09:07 0 d-------- C:\Program Files\deyoutubedownloader
      2008-03-25 22:40:34 0 d-------- C:\Program Files\clue-by-4.org
      2008-03-25 19:49:34 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\ImagesWords
      2008-03-25 19:49:34 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\EasyPCGate
      2008-03-22 16:12:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
      2008-03-19 21:59:24 0 d-------- C:\Program Files\Digital1Audio
      2008-03-19 21:49:52 0 d-------- C:\Program Files\Ubisoft
      2008-03-16 19:05:01 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\.clue-by-4.org
      2008-03-16 17:32:38 0 d-------- C:\Program Files\[email protected]


      -- Find3M Report ---------------------------------------------------------------

      2008-04-16 20:05:50 0 d-------- C:\Program Files\SPAMfighter
      2008-04-15 21:22:46 0 d-------- C:\Program Files\FlashFXP
      2008-04-14 15:32:29 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\LimeWire
      2008-04-13 14:38:04 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Adobe
      2008-04-12 22:33:06 472146 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-04-12 22:33:06 83460 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-04-11 20:34:55 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-04-03 14:27:55 0 d-------- C:\Program Files\Common Files\Adobe
      2008-03-30 20:15:52 0 d-------- C:\Program Files\Mozilla Thunderbird
      2008-03-22 16:46:59 0 d-------- C:\Program Files\Common Files
      2008-03-22 16:26:16 0 d-------- C:\Program Files\Website
      2008-03-22 14:54:57 0 d-------- C:\Program Files\EPN
      2008-03-22 14:48:49 0 d-------- C:\Program Files\Cyberlink
      2008-03-18 13:58:27 0 d-------- C:\Program Files\webcamXP
      2008-03-18 13:58:03 0 d-------- C:\Program Files\Common Files\Real
      2008-03-18 13:58:02 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Real
      2008-03-18 13:54:46 0 d-------- C:\Program Files\Java
      2008-03-08 17:59:19 0 d-------- C:\Program Files\worms
      2008-03-08 17:56:21 0 d-------- C:\Program Files\Common Files\BOONTY Shared
      2008-03-05 20:59:25 0 d-------- C:\Program Files\YouTube Downloader
      2008-03-04 23:13:23 0 d-------- C:\Program Files\Web Album Generator
      2008-03-03 20:11:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
      2008-03-03 20:11:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
      2008-02-29 15:07:28 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\AVG7
      2008-02-25 19:48:50 0 d-------- C:\Program Files\Common Files\Ankiro
      2008-02-25 19:48:37 0 d-------- C:\Program Files\Common Files\Application
      2008-02-23 17:35:53 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\SPAMfighter
      2008-02-23 17:34:45 0 d-------- C:\Program Files\Spam Monitor
      2008-02-23 17:34:45 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Spam Monitor
      2008-02-18 20:52:35 0 d-------- C:\Program Files\LimeWire
      2008-02-18 20:52:34 0 d-------- C:\Program Files\DivX
      2008-02-18 20:52:34 0 d-------- C:\Program Files\Avanquest update
      2008-02-18 20:52:24 0 d-------- C:\Documents and Settings\Fam. Roelofs\Application Data\Ahead
      2008-02-18 20:26:59 0 d-------- C:\Program Files\Sony Ericsson
      2008-02-14 21:29:15 8 --a------ C:\WINDOWS\system32\nvModes.dat


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1085AA10-C4C8-4DC4-BD3A-6C0EDAFC0A4A}]
      15-04-2008 17:09 370688 --a------ C:\WINDOWS\system32\awtsrqon.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EC34846-3317-4399-8D82-CC0DCD2D86A1}]
      C:\WINDOWS\system32\pmnnonop.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DC2D282-D414-435E-8A26-FF3C23AC36EF}]
      14-04-2008 16:05 30720 --a------ C:\WINDOWS\system32\awtttqpp.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D93B3CA5-6552-0DAA-353B-FB9D4F20B168}]
      30-12-2007 22:48 1019904 --a------ C:\Program Files\NavigationProgram\NavigationProgram-2.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8beb10b-8734-4455-b9c8-5fd55030fadf}]
      16-04-2008 17:21 105536 --a------ C:\WINDOWS\system32\drjrqowv.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Cmaudio"="cmicnfg.cpl"
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15-04-2008 13:36]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27-10-2006 01:47]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20-12-2007 13:46]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12-01-2005 04:01]
      "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01-03-2007 16:57]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08-08-2007 10:25]
      "taskmon"="C:\WINDOWS\SYSTEM32\TASKMON.EXE" [08-04-2008 14:44]
      "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [19-02-2008 10:41]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05-12-2007 02:41]
      "nwiz"="nwiz.exe" [05-12-2007 02:41 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05-12-2007 02:41]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
      "78fd5a2b"="C:\WINDOWS\system32\xrlgxlnh.dll" [16-04-2008 17:24]
      "BM7bce69b7"="C:\WINDOWS\system32\irmshidr.dll" [16-04-2008 17:20]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
      "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [19-12-2007 22:13]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [03-08-2007 13:51]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [20-11-2007 16:29]
      "EVEREST AutoStart"="F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe" [04-09-2007 18:28]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
      "ShowDeskFix"=regsvr32 /s /n /i:u shell32

      C:\Documents and Settings\Fam. Roelofs\Menu Start\Programma's\Opstarten\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26-10-2006 21:24:54]
      SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29-8-2003 20:05:35]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [20-12-2007 13:55:54]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{6DC2D282-D414-435E-8A26-FF3C23AC36EF}"= C:\WINDOWS\system32\awtttqpp.dll [14-04-2008 16:05 30720]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqpp]
      awtttqpp.dll 14-04-2008 16:05 30720 C:\WINDOWS\system32\awtttqpp.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      "Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsrqon

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVEREST AutoStart]
      F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmon]
      C:\WINDOWS\SYSTEM32\TASKMON.EXE


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6cbf1b8-bea9-11dc-8954-00138f9ea528}]
      Auto\Command- G:\TASKMON.EXE
      AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TASKMON.EXE




      -- End of Deckard's System Scanner: finished at 2008-04-16 20:13:52 ------------









      ------------------


      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Professional (build 2600) SP 2.0
      Architecture: X86; Language: Dutch

      CPU 0: Intel(R) Pentium(R) 4 CPU 2.66GHz
      Percentage of Memory in Use: 37%
      Physical Memory (total/avail): 1534.8 MiB / 966.3 MiB
      Pagefile Memory (total/avail): 3433.7 MiB / 3056.58 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1922.64 MiB

      A: is Removable (No Media)
      C: is Fixed (NTFS) - 68.32 GiB total, 6.39 GiB free.
      D: is Fixed (FAT32) - 28.8 GiB total, 6.01 GiB free.
      E: is Fixed (FAT32) - 14.65 GiB total, 8.91 GiB free.
      F: is Fixed (NTFS) - 465.76 GiB total, 177.32 GiB free.
      G: is Removable (FAT)
      J: is CDROM (No Media)
      K: is CDROM (No Media)
      M: is CDROM (No Media)

      \\.\PHYSICALDRIVE1 - ST3120023A - 111.79 GiB - 3 partitions
      \PARTITION0 (bootable) - Installable File System - 68.32 GiB - C:
      \PARTITION1 - Extended w/Extended Int 13 - 43.47 GiB - D: - E:

      \\.\PHYSICALDRIVE0 - WDC WD5000AAKB-22UKA0 - 465.76 GiB - 1 partition
      \PARTITION0 - Installable File System - 465.76 GiB - F:

      \\.\PHYSICALDRIVE2 - SanDisk Cruzer Mini USB Device - 117.66 MiB - 1 partition
      \PARTITION0 - MS-DOS V4 Huge - 122.33 MiB - G:



      -- Security Center -------------------------------------------------------------

      AUOptions is scheduled to auto-install.
      Windows Internal Firewall is enabled.

      FirstRunDisabled is set.

      AV: AVG 7.5.524 v7.5.524 (Grisoft)

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
      "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
      "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
      "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
      "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
      "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
      "C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
      "C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"="C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe:*:Enabled:CyberLink PowerDirector"
      "C:\\Games\\Mohaa\\moh_spearhead.exe"="C:\\Games\\Mohaa\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
      "C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
      "G:\\PRIVE\\GAMES\\Age of Empires 2\\age2_x1.exe"="G:\\PRIVE\\GAMES\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
      "C:\\Games\\COD UO\\COD UO\\CoDUOMP.exe"="C:\\Games\\COD UO\\COD UO\\CoDUOMP.exe:*:Enabled:CoDUOMP"
      "C:\\Games\\COD UO\\COD UO\\CoDMP.exe"="C:\\Games\\COD UO\\COD UO\\CoDMP.exe:*:Enabled:CoDMP"
      "C:\\Games\\GP4\\GP4.exe"="C:\\Games\\GP4\\GP4.exe:*:Enabled:GP4"
      "C:\\Games\\Age of Empires 2\\age2_x1.exe"="C:\\Games\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
      "C:\\Games\\Call of duty 2\\CoD2MP_s.exe"="C:\\Games\\Call of duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
      "C:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"="C:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe:*:Enabled:GP4"
      "C:\\Program Files\\webcamXP\\webcamXP.exe"="C:\\Program Files\\webcamXP\\webcamXP.exe:*:Enabled:webcamXP 2007"
      "G:\\FILMS\\(Flatout-II) [0054] - FlatOut2.part.nzb yEnc (15)\\FlatOut2\\FlatOut2\\FlatOut2.exe"="G:\\FILMS\\(Flatout-II) [0054] - FlatOut2.part.nzb yEnc (15)\\FlatOut2\\FlatOut2\\FlatOut2.exe:*:Enabled:FlatOut2"
      "C:\\Games\\Mohaa\\moh_Breakthrough_server.exe"="C:\\Games\\Mohaa\\moh_Breakthrough_server.exe:*:Ena bled:Medal of Honor Allied Assault(tm) Breakthrough"
      "C:\\Games\\Mohaa\\moh_Breakthrough.exe"="C:\\Games\\Mohaa\\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
      "C:\\Games\\rFactor\\rFactor.exe"="C:\\Games\\rFactor\\rFactor.exe:*:Enabled:rFactor"
      "C:\\Games\\rFactor\\rFactor Dedicated.exe"="C:\\Games\\rFactor\\rFactor Dedicated.exe:*:Enabled:rFactor"
      "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
      "C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow MultiPlayer Demo\\online\\System\\PandoraMultiPlayerDemo.exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow MultiPlayer Demo\\online\\System\\PandoraMultiPlayerDemo.exe:*:Enabled:PandoraMultiPlayerDemo"
      "C:\\Games\\Splinter Cell DA\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Games\\Splinter Cell DA\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
      "C:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe"="C:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe:*:Enabled:Worms 4 Mayhem Demo"
      "C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
      "C:\\Program Files\\[email protected]\\LookAtLan.exe"="C:\\Program Files\\[email protected]\\LookAtLan.exe:*:Enabled:[email protected]"


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\Fam. Roelofs\Application Data
      CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=VINCENT
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\Fam. Roelofs
      LOGONSERVER=\\VINCENT
      NUMBER_OF_PROCESSORS=1
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
      PROCESSOR_LEVEL=15
      PROCESSOR_REVISION=0207
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\FAM~1.ROE\LOCALS~1\Temp
      TMP=C:\DOCUME~1\FAM~1.ROE\LOCALS~1\Temp
      USERDOMAIN=VINCENT
      USERNAME=Fam. Roelofs
      USERPROFILE=C:\Documents and Settings\Fam. Roelofs
      windir=C:\WINDOWS


      -- User Profiles ---------------------------------------------------------------

      Fam. Roelofs (admin)
      Administrator (new local, admin)


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
      --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
      --> C:\WINDOWS\UNRecode.exe /UNINSTALL
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x13
      Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
      Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
      Agent Ransack Version 1.7.3 --> "C:\Program Files\Mythicsoft\Agent Ransack\unins000.exe"
      Alligator Flash Designer 6 (6.0.0.7) --> C:\PROGRA~1\Selteco\ALLIGA~2\Setup.exe /remove
      Alt.Binz 0.25.0 --> C:\Program Files\AltBinz\uninst.exe
      Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0013 -removeonly
      AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
      Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
      C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
      C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
      Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
      CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
      DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
      DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
      DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      EPN werkboek-i Getal en Ruimte/1 vmbo-B(K) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D52A675-1565-49DA-BA1B-807DF01A83BC}\setup.exe" -l0x13 UNINSTALL
      FlashFXP v3.2.0 (Build 1080) Scene Edition --> C:\WINDOWS\unvise32.exe C:\Program Files\FlashFXP\uninstal.log
      Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
      Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
      Grand Prix 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Infogrames\Grand Prix 4\setup.exe"
      HijackThis 2.0.2 --> "C:\Documents and Settings\Fam. Roelofs\Local Settings\Temporary Internet Files\Content.IE5\IMM3XVIS\HijackThis.exe" /uninstall
      IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
      J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
      Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
      Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
      Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
      K-Lite Codec Pack 3.5.7 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
      Kleurenzoeker --> MsiExec.exe /I{71134987-BC08-415C-B42C-52E8021FED8D}
      LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
      [email protected] 2.50 Build 35 --> C:\WINDOWS\iun6002.exe "C:\Program Files\[email protected]\irunin.ini"
      Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x13
      Medal of Honor Allied Assault(tm) Breakthrough --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x13
      Medal of Honor Allied Assault(tm) Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x13
      Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
      Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
      Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
      Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
      Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
      Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170413-6000-11D3-8CFE-0150048383C9}
      Microsoft Office Groove MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
      Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
      Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
      Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
      Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Mirar --> "C:\Program Files\Internet Explorer\iexplore.exe" http://remove.getmirar.com/
      Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
      MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{988B6E93-EAE9-44C2-A226-A4631C57B2AF}
      Multi-Mode Plus Camera V1.00 --> C:\WINDOWS\twain_32\mmdsc\UNWISE.EXE C:\WINDOWS\twain_32\mmdsc\install.log
      NavigationProgram --> C:\Program Files\NavigationProgram\uninstall.exe
      Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1043}
      Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
      NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
      PCDJ VJ --> C:\PROGRA~1\DIGITA~1\PCDJVJ~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\PCDJVJ~1\INSTALL.LOG
      PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
      PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
      QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
      QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1043
      Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x9 -removeonly
      REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0013 -removeonly
      rFactor (remove only) --> "C:\Games\rFactor\Uninstall.exe"
      Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
      Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
      Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
      Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
      Sony Ericsson PC Suite 3.108.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0013 -removeonly
      SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
      SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
      SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
      Talent Editor 2.0.3.0 --> "C:\Program Files\clue-by-4.org\Talent Editor\unins000.exe"
      Tom Clancy's Splinter Cell Double Agent 1.02 --> "C:\Games\Splinter Cell DA\unins000.exe"
      Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
      Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
      Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
      VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
      Web Album Generator 1.8.2 --> "C:\Program Files\Web Album Generator\unins000.exe"
      Windows Imaging Component -->
      Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
      Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
      WinRAR --> C:\Program Files\WinRAR\uninstall.exe
      XML Paper Specification Shared Components Pack 1.0 -->
      YouTube Downloader 2.41 --> "C:\Program Files\deyoutubedownloader\YouTube Downloader\unins000.exe"


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type457 / Error
      Event Submitted/Written: 04/16/2008 07:50:49 PM
      Event ID/Source: 1000 / Application Error
      Event Description:
      Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.20733, vastgelopen module: msctf.dll, versie: 5.1.2600.2180, vastgelopen op: 0x00039b5c.
      Verwerken van mediaspecifieke gebeurtenis voor [iexplore.exe!ws!]

      Event Record #/Type447 / Success
      Event Submitted/Written: 04/16/2008 06:23:12 PM
      Event ID/Source: 12001 / usnjsvc
      Event Description:
      The Messenger Sharing USN Journal Reader service started successfully.

      Event Record #/Type424 / Success
      Event Submitted/Written: 04/16/2008 01:03:21 PM
      Event ID/Source: 12001 / usnjsvc
      Event Description:
      The Messenger Sharing USN Journal Reader service started successfully.

      Event Record #/Type406 / Success
      Event Submitted/Written: 04/15/2008 07:56:38 PM
      Event ID/Source: 12001 / usnjsvc
      Event Description:
      The Messenger Sharing USN Journal Reader service started successfully.

      Event Record #/Type392 / Success
      Event Submitted/Written: 04/15/2008 06:46:34 PM
      Event ID/Source: 12001 / usnjsvc
      Event Description:
      The Messenger Sharing USN Journal Reader service started successfully.



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type3734 / Error
      Event Submitted/Written: 04/16/2008 08:05:50 PM
      Event ID/Source: 7000 / Service Control Manager
      Event Description:
      De MtRepair2-service kan vanwege de volgende fout niet worden gestart:
      %%2

      Event Record #/Type3733 / Error
      Event Submitted/Written: 04/16/2008 08:05:50 PM
      Event ID/Source: 7000 / Service Control Manager
      Event Description:
      De MtRepair1-service kan vanwege de volgende fout niet worden gestart:
      %%2

      Event Record #/Type3732 / Error
      Event Submitted/Written: 04/16/2008 08:05:50 PM
      Event ID/Source: 7000 / Service Control Manager
      Event Description:
      De Multi-Mode Plus Camera Video Service-service kan vanwege de volgende fout niet worden gestart:
      %%1058

      Event Record #/Type3727 / Error
      Event Submitted/Written: 04/16/2008 08:03:50 PM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
      om de server
      {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

      Event Record #/Type3726 / Error
      Event Submitted/Written: 04/16/2008 08:03:26 PM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
      om de server
      {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten



      -- End of Deckard's System Scanner: finished at 2008-04-16 20:13:52 ------------







      --------------------


      ---RVAXO.exe Updated: 2008-04-16---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\noqrstwa.ini2
      C:\WINDOWS\system32\pononnmp.ini2
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\system32\MtRepair1.exe
      C:\WINDOWS\system32\MtRepair2.exe
      C:\WINDOWS\system32\winnb54.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\version69ie7fix.dll
      C:\Program Files\Mozilla Firefox\regxpcom.exe
      C:\WINDOWS\system32\pac.txt
      C:\winlogon.exe

      Folders Found:
      C:\WINDOWS\system32\bharebio05
      C:\Program Files\FBrowserAdvisor
      C:\Temp\wdlw14

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:
      C:\Documents and Settings\Fam. Roelofs\Mijn documenten\Mijn ontvangen bestanden\Oosterveen.zip

      --------------RVAXO.exe finished----------------
      http://www.bierkwartier.nl -- Vincent

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        sc delete MtRepair1
        sc delete MtRepair2
        RD /S /Q "C:\Program Files\NavigationProgram"
        REN "C:\Program Files\NavigationProgram\*.*" *.bak
        FOR %%g in (
        C:\WINDOWS\system32\noqrstwa.ini2
        C:\WINDOWS\system32\xrlgxlnh.dll
        C:\WINDOWS\system32\drjrqowv.dll
        C:\WINDOWS\system32\irmshidr.dll
        C:\WINDOWS\system32\sdvwpyja.dll
        C:\WINDOWS\system32\ppjbelgg.dll
        C:\WINDOWS\system32\awtsrqon.dll
        C:\WINDOWS\system32\tiautsxb.dll
        "C:\Program Files\NavigationProgram"
        C:\WINDOWS\system32\awtttqpp.dll) DO (
        DEL /Q %%gNUCIA
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        REN %%g *NUCIA
        IF EXIST %%gNUCIA (
        ECHO renamed to %%gNUCIA>>log.txt)
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Comment


        • #5
          Deleting files
          C:\WINDOWS\system32\noqrstwa.ini2 deleted
          renamed to C:\WINDOWS\system32\xrlgxlnh.dllNUCIA
          C:\WINDOWS\system32\xrlgxlnh.dll deleted
          renamed to C:\WINDOWS\system32\drjrqowv.dllNUCIA
          C:\WINDOWS\system32\drjrqowv.dll deleted
          renamed to C:\WINDOWS\system32\irmshidr.dllNUCIA
          C:\WINDOWS\system32\irmshidr.dll deleted
          C:\WINDOWS\system32\sdvwpyja.dll deleted
          C:\WINDOWS\system32\ppjbelgg.dll deleted
          C:\WINDOWS\system32\awtsrqon.dll not deleted
          C:\WINDOWS\system32\tiautsxb.dll deleted
          "C:\Program Files\NavigationProgram" not found
          C:\WINDOWS\system32\awtttqpp.dll not deleted
          http://www.bierkwartier.nl -- Vincent

          Comment


          • #6
            Download VirtumundoBegone (mirror)
            Sla dit op op je bureaublad.

            Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
            Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
            Als de fix klaar is, start je de pc opnieuw op.
            Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

            Dubbelklik del.bat nog een keer en post dat logje ook.


            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht

            Comment


            • #7
              VBG:


              [04/17/2008, 18:20:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Fam. Roelofs\Bureaublad\VirtumundoBeGone.exe" )
              [04/17/2008, 18:20:21] - Detected System Information:
              [04/17/2008, 18:20:21] - Windows Version: 5.1.2600, Service Pack 2
              [04/17/2008, 18:20:21] - Current Username: Fam. Roelofs (Admin)
              [04/17/2008, 18:20:21] - Windows is in NORMAL mode.
              [04/17/2008, 18:20:21] - Searching for Browser Helper Objects:
              [04/17/2008, 18:20:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
              [04/17/2008, 18:20:21] - BHO 2: {2EC34846-3317-4399-8D82-CC0DCD2D86A1} ()
              [04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\pmnnonop
              [04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\pmnnonop, continuing.
              [04/17/2008, 18:20:21] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
              [04/17/2008, 18:20:21] - BHO 4: {4E738F94-2D35-4077-BAA8-C00155FB84C4} ()
              [04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\awtsrqon
              [04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\awtsrqon, continuing.
              [04/17/2008, 18:20:21] - BHO 5: {6DC2D282-D414-435E-8A26-FF3C23AC36EF} ()
              [04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\awtttqpp
              [04/17/2008, 18:20:21] - Found: HKLM\...\Winlogon\Notify\awtttqpp - This is probably Virtumundo.
              [04/17/2008, 18:20:21] - Assigning {6DC2D282-D414-435E-8A26-FF3C23AC36EF} MSEvents Object
              [04/17/2008, 18:20:21] - BHO list has been changed! Starting over...
              [04/17/2008, 18:20:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
              [04/17/2008, 18:20:21] - BHO 2: {2EC34846-3317-4399-8D82-CC0DCD2D86A1} ()
              [04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\pmnnonop
              [04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\pmnnonop, continuing.
              [04/17/2008, 18:20:21] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
              [04/17/2008, 18:20:21] - BHO 4: {4E738F94-2D35-4077-BAA8-C00155FB84C4} ()
              [04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\awtsrqon
              [04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\awtsrqon, continuing.
              [04/17/2008, 18:20:21] - BHO 5: {6DC2D282-D414-435E-8A26-FF3C23AC36EF} (MSEvents Object)
              [04/17/2008, 18:20:21] - ALERT: Found MSEvents Object!
              [04/17/2008, 18:20:21] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
              [04/17/2008, 18:20:21] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
              [04/17/2008, 18:20:21] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
              [04/17/2008, 18:20:21] - BHO 9: {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} (NavigationProgram)
              [04/17/2008, 18:20:21] - BHO 10: {e8beb10b-8734-4455-b9c8-5fd55030fadf} ()
              [04/17/2008, 18:20:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:21] - Checking for HKLM\...\Winlogon\Notify\drjrqowv
              [04/17/2008, 18:20:21] - Key not found: HKLM\...\Winlogon\Notify\drjrqowv, continuing.
              [04/17/2008, 18:20:21] - Finished Searching Browser Helper Objects
              [04/17/2008, 18:20:21] - *** Detected MSEvents Object
              [04/17/2008, 18:20:21] - Trying to remove MSEvents Object...
              [04/17/2008, 18:20:22] - Terminating Process: IEXPLORE.EXE
              [04/17/2008, 18:20:23] - Terminating Process: RUNDLL32.EXE
              [04/17/2008, 18:20:24] - Disabling Automatic Shell Restart
              [04/17/2008, 18:20:24] - Terminating Process: EXPLORER.EXE
              [04/17/2008, 18:20:24] - Suspending the NT Session Manager System Service
              [04/17/2008, 18:20:24] - Terminating Windows NT Logon/Logoff Manager
              [04/17/2008, 18:20:24] - Re-enabling Automatic Shell Restart
              [04/17/2008, 18:20:24] - File to disable: C:\WINDOWS\system32\awtttqpp.dll
              [04/17/2008, 18:20:24] - Renaming C:\WINDOWS\system32\awtttqpp.dll -> C:\WINDOWS\system32\awtttqpp.dll.vir
              [04/17/2008, 18:20:24] - File successfully renamed!
              [04/17/2008, 18:20:24] - Removing HKLM\...\Browser Helper Objects\{6DC2D282-D414-435E-8A26-FF3C23AC36EF}
              [04/17/2008, 18:20:24] - Removing HKCR\CLSID\{6DC2D282-D414-435E-8A26-FF3C23AC36EF}
              [04/17/2008, 18:20:24] - Adding Kill Bit for ActiveX for GUID: {6DC2D282-D414-435E-8A26-FF3C23AC36EF}
              [04/17/2008, 18:20:24] - Deleting ATLEvents/MSEvents Registry entries
              [04/17/2008, 18:20:24] - Removing HKLM\...\Winlogon\Notify\awtttqpp
              [04/17/2008, 18:20:24] - Searching for Browser Helper Objects:
              [04/17/2008, 18:20:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
              [04/17/2008, 18:20:24] - BHO 2: {2EC34846-3317-4399-8D82-CC0DCD2D86A1} ()
              [04/17/2008, 18:20:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:24] - Checking for HKLM\...\Winlogon\Notify\pmnnonop
              [04/17/2008, 18:20:24] - Key not found: HKLM\...\Winlogon\Notify\pmnnonop, continuing.
              [04/17/2008, 18:20:24] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
              [04/17/2008, 18:20:24] - BHO 4: {4E738F94-2D35-4077-BAA8-C00155FB84C4} ()
              [04/17/2008, 18:20:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:24] - Checking for HKLM\...\Winlogon\Notify\awtsrqon
              [04/17/2008, 18:20:24] - Key not found: HKLM\...\Winlogon\Notify\awtsrqon, continuing.
              [04/17/2008, 18:20:24] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
              [04/17/2008, 18:20:24] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
              [04/17/2008, 18:20:24] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
              [04/17/2008, 18:20:24] - BHO 8: {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} (NavigationProgram)
              [04/17/2008, 18:20:24] - BHO 9: {e8beb10b-8734-4455-b9c8-5fd55030fadf} ()
              [04/17/2008, 18:20:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [04/17/2008, 18:20:24] - Checking for HKLM\...\Winlogon\Notify\drjrqowv
              [04/17/2008, 18:20:24] - Key not found: HKLM\...\Winlogon\Notify\drjrqowv, continuing.
              [04/17/2008, 18:20:24] - Finished Searching Browser Helper Objects
              [04/17/2008, 18:20:24] - Finishing up...
              [04/17/2008, 18:20:24] - A restart is needed.
              [04/17/2008, 18:20:38] - Attempting to Restart via STOP error (Blue Screen!)


              -------------------------------
              Zoek.exe:


              ======C:\WINDOWS====
              ----a-w 0 2008-04-17 16:22:59 C:\WINDOWS\0.log
              ----a-w 3,777 2008-04-16 18:09:47 C:\WINDOWS\BM7bce69b7.txt
              ----a-w 101,217 2008-04-16 18:41:21 C:\WINDOWS\BM7bce69b7.xml
              --s-a-w 2,048 2008-04-17 16:22:03 C:\WINDOWS\bootstat.dat
              ----a-w 318 2008-04-15 16:17:14 C:\WINDOWS\cookies.ini
              ----a-w 720,896 2008-04-07 19:30:58 C:\WINDOWS\iun6002.exe
              ----a-w 69 2008-04-02 13:30:12 C:\WINDOWS\NeroDigital.ini
              ----a-w 22 2008-04-16 18:09:17 C:\WINDOWS\pskt.ini
              ----a-w 1,409 2008-04-14 12:14:10 C:\WINDOWS\QTFont.for
              ---ha-w 54,156 2008-04-14 12:14:10 C:\WINDOWS\QTFont.qfn
              ----a-w 32,590 2008-04-16 17:52:28 C:\WINDOWS\SchedLgU.Txt
              ----a-w 6,081 2008-04-16 16:12:03 C:\WINDOWS\setupapi.log
              ----a-w 227 2008-04-16 18:03:47 C:\WINDOWS\system.ini
              ----a-w 317 2008-03-16 17:00:50 C:\WINDOWS\VehVwr.INI
              ----a-w 159 2008-04-17 16:22:55 C:\WINDOWS\wiadebug.log
              ----a-w 49 2008-04-17 16:22:32 C:\WINDOWS\wiaservc.log
              ----a-w 654 2008-04-16 18:03:47 C:\WINDOWS\win.ini
              ----a-w 1,768,312 2008-04-17 16:24:05 C:\WINDOWS\WindowsUpdate.log
              ----a-w 535 2008-04-14 14:09:35 C:\WINDOWS\wmsetup.log

              Entries: 19 (17)
              Directories: 0 Files: 19
              Bytes: 2,692,836 Blocks: 5,268
              ======C:\WINDOWS\system32=====
              ----a-w 370,688 2008-04-15 15:09:13 C:\WINDOWS\System32\awtsrqon.dll
              ----a-w 30,720 2008-04-14 14:05:59 C:\WINDOWS\System32\awtttqpp.dll.vir
              ----a-w 105,536 2008-04-16 15:21:39 C:\WINDOWS\System32\drjrqowv.dllNUCIA
              --sh--w 1,558,099 2008-04-16 15:19:41 C:\WINDOWS\System32\fchmyeta.ini
              ----a-w 278,152 2008-04-12 21:27:10 C:\WINDOWS\System32\FNTCACHE.DAT
              --sh--w 1,524,724 2008-04-16 18:09:29 C:\WINDOWS\System32\hnlxglrx.ini
              ----a-w 100,928 2008-04-16 15:20:28 C:\WINDOWS\System32\irmshidr.dllNUCIA
              ----a-w 6,300 2008-03-18 11:54:46 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
              ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
              --sha-w 163,316 2008-04-17 16:25:48 C:\WINDOWS\System32\noqrstwa.ini
              --sha-w 163,316 2008-04-17 16:25:28 C:\WINDOWS\System32\noqrstwa.ini2
              ----a-w 63,664 2008-04-12 20:33:06 C:\WINDOWS\System32\perfc009.dat
              ----a-w 83,460 2008-04-12 20:33:06 C:\WINDOWS\System32\perfc013.dat
              ----a-w 406,464 2008-04-12 20:33:06 C:\WINDOWS\System32\perfh009.dat
              ----a-w 472,146 2008-04-12 20:33:06 C:\WINDOWS\System32\perfh013.dat
              ----a-w 991,696 2008-04-12 20:33:06 C:\WINDOWS\System32\PerfStringBackup.INI
              ----a-w 107,832 2008-04-05 16:51:28 C:\WINDOWS\System32\PnkBstrB.exe
              --sha-w 176,541 2008-04-15 11:49:54 C:\WINDOWS\System32\pononnmp.ini
              ----a-w 792,650 2008-04-16 17:08:24 C:\WINDOWS\System32\RVAXO.bat
              --sha-r 131,726 2008-04-08 12:44:50 C:\WINDOWS\System32\TASKMON.EXE
              ----a-w 1,846,016 2008-03-20 08:01:24 C:\WINDOWS\System32\win32k.sys
              ----a-w 2,206 2008-04-17 16:23:38 C:\WINDOWS\System32\wpa.dbl
              ----a-w 95,808 2008-04-16 15:24:40 C:\WINDOWS\System32\xrlgxlnh.dllNUCIA

              Entries: 23 (17)
              Directories: 0 Files: 23
              Bytes: 29,308,012 Blocks: 57,254
              ======C:\WINDOWS\system32\drivers=====
              ----a-w 22,328 2008-04-05 16:52:02 C:\WINDOWS\System32\drivers\PnkBstrK.sys

              Entries: 1 (1)
              Directories: 0 Files: 1
              Bytes: 22,328 Blocks: 44
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              --sh--w 304 2008-04-16 18:03:47 C:\boot.ini
              ----a-w 688 2008-04-16 18:01:34 C:\firstrun5.log
              ----a-w 367 2008-03-25 14:57:15 C:\Mijn websites.lnk
              --sha-w 2,145,386,496 2008-04-17 16:21:59 C:\pagefile.sys
              ----a-w 101 2008-03-25 19:39:27 C:\Protokoll.txt
              ----a-w 919 2008-04-16 18:06:10 C:\RVAXO-results.log
              ----a-w 28,749 2008-04-16 18:08:55 C:\RVAXO-Vfind.log

              Entries: 7 (5)
              Directories: 0 Files: 7
              Bytes: 2,145,417,624 Blocks: 4,190,272
              ======C:\Documents and Settings\Fam. Roelofs\Application Data======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Temp======
              ----a-w 394 2008-04-14 14:08:08 C:\Temp\WMALog.txt

              Entries: 1 (1)
              Directories: 0 Files: 1
              Bytes: 394 Blocks: 1
              ======C:\Documents and Settings\Fam. Roelofs======
              ---ha-w 7,340,032 2008-04-17 16:20:41 C:\Documents and Settings\Fam. Roelofs\NTUSER.DAT
              ---ha-w 237,568 2008-04-17 16:25:55 C:\Documents and Settings\Fam. Roelofs\ntuser.dat.LOG
              --sh--w 188 2008-04-16 20:23:11 C:\Documents and Settings\Fam. Roelofs\ntuser.ini

              Entries: 3 (0)
              Directories: 0 Files: 3
              Bytes: 7,577,788 Blocks: 14,801
              ======C:\WINDOWS\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============




              -----------------------
              Hijackthis:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 18:27:50, on 17-4-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.20733)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Cyberlink\Shared files\RichVideo.exe
              C:\Program Files\SPAMfighter\sfus.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\RunDll32.exe
              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
              C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
              C:\WINDOWS\SYSTEM32\TASKMON.EXE
              C:\Program Files\SPAMfighter\SFAgent.exe
              C:\WINDOWS\SYSTEM32\cmd.exe
              C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\DAEMON Tools Lite\daemon.exe
              C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
              C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
              F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
              C:\Program Files\SpywareGuard\sgmain.exe
              C:\WINDOWS\system32\msiexec.exe
              C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
              C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
              C:\WINDOWS\system32\tlntsvr.exe
              C:\Program Files\SpywareGuard\sgbhp.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\WINDOWS\system32\NOTEPAD.EXE
              C:\WINDOWS\system32\notepad.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe
              C:\WINDOWS\system32\tlntadmn.exe
              C:\WINDOWS\system32\find.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
              O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
              O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
              O2 - BHO: (no name) - {D6BDB6D1-982E-4EB4-8187-876C84CCA96F} - C:\WINDOWS\system32\awtsrqon.dll
              O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll (file missing)
              O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
              O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
              O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\SYSTEM32\TASKMON.EXE
              O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
              O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
              O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
              O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
              O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
              O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
              O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
              O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
              O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

              --
              End of file - 10018 bytes
              http://www.bierkwartier.nl -- Vincent

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\BM7bce69b7.txt
                C:\WINDOWS\BM7bce69b7.xml
                C:\WINDOWS\cookies.ini
                C:\WINDOWS\pskt.ini
                C:\WINDOWS\System32\awtsrqon.dll
                C:\WINDOWS\System32\awtttqpp.dll.vir
                C:\WINDOWS\System32\drjrqowv.dllNUCIA
                C:\WINDOWS\System32\fchmyeta.ini
                C:\WINDOWS\System32\hnlxglrx.ini
                C:\WINDOWS\System32\irmshidr.dllNUCIA
                C:\WINDOWS\System32\noqrstwa.ini
                C:\WINDOWS\System32\noqrstwa.ini2
                C:\WINDOWS\System32\pononnmp.ini
                C:\WINDOWS\System32\xrlgxlnh.dllNUCIA) DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                Last edited by smeenk; 17-04-08, 18:36.

                Comment


                • #9
                  Deleting files
                  C:\WINDOWS\BM7bce69b7.txt deleted
                  C:\WINDOWS\BM7bce69b7.xml deleted
                  C:\WINDOWS\cookies.ini deleted
                  C:\WINDOWS\pskt.ini deleted
                  C:\WINDOWS\System32\awtsrqon.dll not deleted
                  C:\WINDOWS\System32\awtttqpp.dll.vir deleted
                  C:\WINDOWS\System32\drjrqowv.dllNUCIA deleted
                  C:\WINDOWS\System32\fchmyeta.ini deleted
                  C:\WINDOWS\System32\hnlxglrx.ini deleted
                  C:\WINDOWS\System32\irmshidr.dllNUCIA deleted
                  C:\WINDOWS\System32\noqrstwa.ini deleted
                  C:\WINDOWS\System32\noqrstwa.ini2 deleted
                  C:\WINDOWS\System32\pononnmp.ini deleted
                  C:\WINDOWS\System32\xrlgxlnh.dllNUCIA deleted
                  http://www.bierkwartier.nl -- Vincent

                  Comment


                  • #10
                    Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
                    Unzip het.
                    Start het programma door op avenger.exe te klikken.
                    In het venster "Input Script here", plak je het volgende (vetgedrukte):


                    Files to delete:
                    C:\WINDOWS\System32\awtsrqon.dll
                    C:\WINDOWS\System32\noqrstwa.ini
                    C:\WINDOWS\System32\noqrstwa.ini2


                    Klik daarna op de knop "Execute".
                    Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                    Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

                    Comment


                    • #11
                      Tijdens het opstarten van mijn pc krijg ik 2 foutmeldingen. Ze staan in de bijlage. Hier de logfile van Avenger:



                      Logfile of The Avenger Version 2.0, (c) by Swandog46
                      http://swandog46.geekstogo.com

                      Platform: Windows XP

                      *******************

                      Script file opened successfully.
                      Script file read successfully.

                      Backups directory opened successfully at C:\Avenger

                      *******************

                      Beginning to process script file:

                      Rootkit scan active.
                      No rootkits found!

                      File "C:\WINDOWS\System32\awtsrqon.dll" deleted successfully.
                      File "C:\WINDOWS\System32\noqrstwa.ini" deleted successfully.
                      File "C:\WINDOWS\System32\noqrstwa.ini2" deleted successfully.

                      Completed script processing.

                      *******************

                      Finished! Terminate.


                      Hijackthis:

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 19:08:05, on 17-4-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.20733)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                      C:\WINDOWS\system32\NOTEPAD.EXE
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\PnkBstrA.exe
                      C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                      C:\WINDOWS\system32\RunDll32.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\QuickTime\qttask.exe
                      C:\Program Files\SPAMfighter\sfus.exe
                      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\SYSTEM32\TASKMON.EXE
                      C:\Program Files\SPAMfighter\SFAgent.exe
                      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                      C:\WINDOWS\SYSTEM32\cmd.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\DAEMON Tools Lite\daemon.exe
                      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
                      C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
                      F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
                      C:\WINDOWS\system32\msiexec.exe
                      C:\Program Files\SpywareGuard\sgmain.exe
                      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                      C:\WINDOWS\system32\tlntsvr.exe
                      C:\Program Files\SpywareGuard\sgbhp.exe
                      C:\WINDOWS\system32\mspaint.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\Mozilla Firefox\firefox.exe
                      C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe
                      C:\WINDOWS\system32\find.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
                      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                      O2 - BHO: (no name) - {D6BDB6D1-982E-4EB4-8187-876C84CCA96F} - C:\WINDOWS\system32\awtsrqon.dll (file missing)
                      O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll (file missing)
                      O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                      O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\SYSTEM32\TASKMON.EXE
                      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
                      O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
                      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                      O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
                      O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
                      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
                      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
                      O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
                      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

                      --
                      End of file - 9999 bytes
                      Bijgevoegde Bestanden
                      http://www.bierkwartier.nl -- Vincent

                      Comment


                      • #12
                        Start Hijackthis en vink alleen de volgende regels aan:
                        O2 - BHO: (no name) - {2EC34846-3317-4399-8D82-CC0DCD2D86A1} - C:\WINDOWS\system32\pmnnonop.dll (file missing)
                        O2 - BHO: (no name) - {D6BDB6D1-982E-4EB4-8187-876C84CCA96F} - C:\WINDOWS\system32\awtsrqon.dll (file missing)
                        O2 - BHO: NavigationProgram - {D93B3CA5-6552-0DAA-353B-FB9D4F20B168} - C:\Program Files\NavigationProgram\NavigationProgram-2.dll (file missing)
                        O4 - HKLM\..\Run: [78fd5a2b] rundll32.exe "C:\WINDOWS\system32\xrlgxlnh.dll",b
                        O4 - HKLM\..\Run: [BM7bce69b7] Rundll32.exe "C:\WINDOWS\system32\irmshidr.dll",s

                        Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                        Herstart je computer.

                        Post na de herstart een nieuw logje van Hijackthis en vertel of er nog problemen zijn

                        Comment


                        • #13
                          Het lijkt nu allemaal weer een stuk beter en sneller. Echt bedankt daarvoor!! Ik ga het even een weekend aanzien en mocht het dan nog niet helemaal goed zijn laat ik het weer horen. Hier een laatste logje ter controle:


                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 21:04:40, on 17-4-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.20733)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                          C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                          C:\WINDOWS\system32\nvsvc32.exe
                          C:\WINDOWS\system32\PnkBstrA.exe
                          C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                          C:\Program Files\SPAMfighter\sfus.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\system32\RunDll32.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                          C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                          C:\Program Files\QuickTime\qttask.exe
                          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                          C:\Program Files\SPAMfighter\SFAgent.exe
                          C:\WINDOWS\system32\RUNDLL32.EXE
                          C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\DAEMON Tools Lite\daemon.exe
                          C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
                          C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
                          C:\WINDOWS\system32\msiexec.exe
                          F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
                          C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                          C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                          C:\Program Files\SpywareGuard\sgmain.exe
                          C:\Program Files\SpywareGuard\sgbhp.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe
                          C:\Program Files\Internet Explorer\iexplore.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                          O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                          O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                          O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                          O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
                          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                          O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
                          O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                          O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
                          O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                          O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
                          O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
                          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

                          --
                          End of file - 9252 bytes



                          Nogmaals: Bedankt!
                          http://www.bierkwartier.nl -- Vincent

                          Comment


                          • #14
                            Deze regel mag je nog weghalen met Hijackthis:
                            O2 - BHO: {fdaf0305-5df5-8c9b-5544-4378b01beb8e} - {e8beb10b-8734-4455-b9c8-5fd55030fadf} - C:\WINDOWS\system32\drjrqowv.dll (file missing)

                            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                            Kijk hier hoe je je systeemherstel moet uitschakelen.
                            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                            Dan denk ik dat we klaar zijn

                            Comment


                            • #15
                              Oke heel erg bedankt, het lijkt allemaal goed nou..

                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 18:59:45, on 20-4-2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v7.00 (7.00.6000.20733)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                              C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                              C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                              C:\WINDOWS\system32\nvsvc32.exe
                              C:\WINDOWS\system32\PnkBstrA.exe
                              C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                              C:\Program Files\SPAMfighter\sfus.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\system32\RunDll32.exe
                              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                              C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                              C:\Program Files\QuickTime\qttask.exe
                              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                              C:\Program Files\SPAMfighter\SFAgent.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\DAEMON Tools Lite\daemon.exe
                              C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
                              F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
                              C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                              C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                              C:\Program Files\SpywareGuard\sgmain.exe
                              C:\Program Files\SpywareGuard\sgbhp.exe
                              C:\Program Files\Outlook Express\msimn.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Documents and Settings\Fam. Roelofs\Bureaublad\HiJackThis LATEN STAAN.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bierkwartier.nl/startpagina
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                              O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                              O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                              O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                              O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                              O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                              O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
                              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                              O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
                              O4 - HKCU\..\Run: [EVEREST AutoStart] F:\Gedownloade files\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\everest.exe
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                              O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                              O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
                              O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
                              O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                              O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
                              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
                              O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD59FE3-BD2D-4367-A7C7-958E78180F80}: NameServer = 192.168.2.1
                              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                              O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                              O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                              O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

                              --
                              End of file - 8930 bytes
                              http://www.bierkwartier.nl -- Vincent

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X