Mededeling

Collapse
No announcement yet.

Laptop zeer traag, popup, geen internet

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Laptop zeer traag, popup, geen internet

    Ik heb sinds gisteren een groot probleem. mijn laptop is extreem traag en er blijven constant popus komen waarin anti spyware software wordt aangeboden. Je wordt dan ook gedwongen te downloaden, want als je op ‘cancel’ klikt, dan gaat ie toch een site openen.

    Ik heb geprobeerd hitmanpro te draaien, maar dat loopt vast; op een gegeven moment is hij de verbinding met internet krijgt. De taakbalk onderin verdwijnt dan ook en de laptop blijkt vast te zitten.

    Na opstarten geeft de computer steeds de volgende melding.

    Er is een fout opgetreden tijdens het laten van C:\windows\system32\ (en dan steeds wisselende lettercombinaties)’

    Het duurt heel lang op de laptop op te starten en ik kom ook NIET meer op internet (als ik op de E-butten druk) of moet ik soms nog langer wachten? Ik heb deze mail dan ook van mijn vaste computer gestuurd. Ik hoop dat iemand mij verder kan helpen.

    Hieronder geef ik mijn logfile. Kan iemand mij op weg helpen?



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:22:55, on 17-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\WINDOWS\system32\lxctcoms.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: {b722254a-f5f8-221b-6fc4-8f4c3c58deb4} - {4bed85c3-c4f8-4cf6-b122-8f5fa452227b} - C:\WINDOWS\system32\tcfljqhe.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {B3F8D840-2411-4EEB-B4E2-FF4B286924DE} - C:\WINDOWS\system32\byxyyvut.dll
    O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\pmnoljgg.dll (file missing)
    O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
    O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\rajjweum.dll",b
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BM3a3ee170] Rundll32.exe "C:\WINDOWS\system32\lehlkykr.dll",s
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O20 - Winlogon Notify: pmnoljgg - pmnoljgg.dll (file missing)
    O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 9695 bytes

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    O2 - BHO: {b722254a-f5f8-221b-6fc4-8f4c3c58deb4} - {4bed85c3-c4f8-4cf6-b122-8f5fa452227b} - C:\WINDOWS\system32\tcfljqhe.dll
    O2 - BHO: (no name) - {B3F8D840-2411-4EEB-B4E2-FF4B286924DE} - C:\WINDOWS\system32\byxyyvut.dll
    O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\pmnoljgg.dll (file missing)
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
    O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\rajjweum.dll",b
    O4 - HKLM\..\Run: [BM3a3ee170] Rundll32.exe "C:\WINDOWS\system32\lehlkykr.dll",s
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O20 - Winlogon Notify: pmnoljgg - pmnoljgg.dll (file missing)
    O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing)

    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Dank voor de snelle reactie. Op dit moment lukt het met niet eens meer om hijackthis op te starten. Bij het hersterten geeft de laptop ' COM - onderdeel installeren' maar doet vervolgens niets. Ik krijg na dubbelklikken van de icoon Hijackthis de mededeling ' Het wisselbestand is te klein voor deze bewerking'.

      Weet u wat ik hier aan kan doen?

      Comment


      • #4
        Hijackthis instructies ook in veilige modus proberen?(instructies uitprinten omdat je ze in veilige modus niet beschikbaar hebt )

        Anders alleen de overige instructies proberen?

        Comment


        • #5
          Dat is gelukt...alleen ziet mijn logfile er nu anders uit, namelijk als hieronder. Kun je me hiermee nog een keer verder helpen?

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 17:48:20, on 17-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Safe mode

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\Program Files\Spyware Doctor\pctsTray.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
          O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
          O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
          O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
          O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
          O4 - HKLM\..\Run: [CARPService] carpserv.exe
          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
          O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
          O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
          O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
          O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
          O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
          O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
          O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
          O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
          O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\rajjweum.dll",b
          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
          O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
          O4 - HKLM\..\Run: [BM3a3ee170] Rundll32.exe "C:\WINDOWS\system32\lehlkykr.dll",s
          O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
          O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
          O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
          O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
          O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing)
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
          O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
          O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
          O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
          O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
          O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

          --
          End of file - 7445 bytes

          Comment


          • #6
            Probeer dit te doen in veilige modus:
            Oorspronkelijk geplaatst door smeenk Bekijk Berichten
            Start Hijackthis en vink alleen de volgende regels aan:
            O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
            O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
            O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\rajjweum.dll",b
            O4 - HKLM\..\Run: [BM3a3ee170] Rundll32.exe "C:\WINDOWS\system32\lehlkykr.dll",s
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing)

            Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

            Download: RVAXO.exe
            • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
            • Start de computer in veilige modus.
            • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
              Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
            • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
            • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
              Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
            • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
            • Post de inhoud van de logfile in je volgende bericht.


            Download Deckard's System Scanner naar je Bureaublad.
            • Sluit alle toepassingen en vensters.
            • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
            • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
            • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

            Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
            - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
            Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
            Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

            Comment


            • #7
              Omdat de laptop geen verbinding meer maakte met het internet heb ik op mijn vaste computer de rvaxo.exe gedownload en via een USB stick op de laptop gezet, dit gedraaid en daarna de computer op de normale manier weer op gestart. Hieronder de logfile. Overigens deed de laptop er zeer lang over om weer op te starten.

              Probleem is dat ik nog steeds internet niet op kan en dus ook niet dss kan downloaden. Heeft het zin als ik deze ook op de vaste computer download en dan overzet? En hoe zou ik explorer weer aan de praat krijgen?





              ---RVAXO.exe Updated: 2008-04-17---first run---
              Uninstallers:

              Files found:
              C:\WINDOWS\BM3a3ee170.txt
              C:\WINDOWS\system32\pmnoljgg.dll__DELETE_ON_REBOOT
              C:\WINDOWS\system32\tuvyyxyb.ini2
              C:\WINDOWS\pskt.ini
              C:\WINDOWS\wininit.ini
              C:\WINDOWS\system32\mcrh.tmp
              C:\WINDOWS\mrofinu572.exe.tmp
              C:\WINDOWS\system32\pac.txt
              C:\Documents and Settings\Nostimos\Local Settings\Temp\_is1E.exe
              C:\Documents and Settings\Nostimos\Local Settings\Temp\_is1F.exe
              C:\Documents and Settings\All Users\Menu Start\Online Security Guide.url

              Folders Found:
              C:\Program Files\AntiSpywareMaster
              C:\WINDOWS\system32\xcsDd01

              Hosts-file was reset, If you use a custom hosts file please replace it...

              --------------RVAXO.exe last run---------------
              Not deleted items:

              --------------RVAXO.exe finished----------------

              Comment


              • #8
                Oorspronkelijk geplaatst door Marnix72 Bekijk Berichten
                Probleem is dat ik nog steeds internet niet op kan en dus ook niet dss kan downloaden. Heeft het zin als ik deze ook op de vaste computer download en dan overzet?
                Doe dat maar, des te meer info, des te groter de kans dat we het oplossen

                Comment


                • #9
                  Oke, gelukt. Hieronder de main.txt en extra.txt

                  Deckard's System Scanner v20071014.68
                  Run by Nostimos on 2008-04-17 18:56:18
                  Computer is in Normal Mode.
                  --------------------------------------------------------------------------------

                  -- System Restore --------------------------------------------------------------

                  System Restore is disabled; attempting to re-enable...success.


                  -- Last 1 Restore Point(s) --
                  1: 2008-04-17 16:56:31 UTC - RP1 - Controlepunt van systeem


                  Backed up registry hives.
                  Performed disk cleanup.

                  Percentage of Memory in Use: 87% (more than 75%).
                  Total Physical Memory: 191 MiB (512 MiB recommended).


                  -- HijackThis (run as Nostimos.exe) --------------------------------------------

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 19:00:16, on 17-4-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\System32\brss01a.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\System32\Ati2evxx.exe
                  C:\WINDOWS\system32\HPConfig.exe
                  C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                  C:\WINDOWS\system32\lxctcoms.exe
                  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                  C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
                  C:\Program Files\Spyware Doctor\pctsSvc.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Spyware Doctor\pctsTray.exe
                  C:\WINDOWS\system32\wdfmgr.exe
                  C:\WINDOWS\System32\alg.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
                  C:\WINDOWS\system32\carpserv.exe
                  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                  C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
                  C:\Program Files\Lexmark 5400 Series\lxctmon.exe
                  C:\Program Files\Lexmark 5400 Series\ezprint.exe
                  C:\Program Files\Messenger\MSMSGS.EXE
                  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                  C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE
                  C:\WINDOWS\explorer.exe
                  C:\WINDOWS\system32\rundll32.exe
                  C:\Documents and Settings\Nostimos\Bureaublad\dss.exe
                  C:\PROGRA~1\TRENDM~1\HIJACK~1\Nostimos.exe
                  C:\WINDOWS\System32\wbem\wmiprvse.exe

                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: (no name) - {0A927DAA-63A1-4D80-9F29-050CE819C869} - C:\WINDOWS\system32\byxyyvut.dll
                  O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O2 - BHO: {ec41cb82-6363-a06b-ed34-9052522cc9b7} - {7b9cc225-2509-43de-b60a-363628bc14ce} - C:\WINDOWS\system32\ddjmalav.dll
                  O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\pmnoljgg.dll (file missing)
                  O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
                  O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
                  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
                  O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
                  O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                  O4 - HKLM\..\Run: [CARPService] carpserv.exe
                  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                  O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
                  O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
                  O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
                  O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
                  O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
                  O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
                  O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                  O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
                  O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\xmafgrjd.dll",b
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                  O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                  O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
                  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
                  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                  O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
                  O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
                  O20 - Winlogon Notify: pmnoljgg - pmnoljgg.dll (file missing)
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
                  O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
                  O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
                  O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
                  O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                  O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                  O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                  O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

                  --
                  End of file - 9267 bytes

                  -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                  backup-20080417-180904-535 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
                  backup-20080417-180905-187 O4 - HKLM\..\Run: [BM3a3ee170] Rundll32.exe "C:\WINDOWS\system32\lehlkykr.dll",s
                  backup-20080417-180905-470 O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                  backup-20080417-180905-791 O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\rajjweum.dll",b
                  backup-20080417-180905-808 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
                  backup-20080417-180905-834 O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing)

                  -- File Associations -----------------------------------------------------------

                  All associations okay.


                  -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                  R0 caboagp (ATI Cabo AGP Filter) - c:\windows\system32\drivers\atisgkaf.sys <Not Verified; ATI Technologies Inc.; ATI AGP GART Driver>
                  R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
                  R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
                  R2 StreamDispatcher - c:\windows\system32\drivers\strmdisp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
                  R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
                  R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek MMKey>
                  R3 DP83815 (National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver) - c:\windows\system32\drivers\dp83815.sys <Not Verified; National Semiconductor Corp.; National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter>
                  R3 HPCI (HP Configuration Interface) - c:\windows\system32\drivers\hpci.sys <Not Verified; Hewlett-Packard; HP Configuration Interface>
                  R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
                  R3 HSFHWALI - c:\windows\system32\drivers\hsfhwali.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
                  R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

                  S3 BCM43XX (802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys (file missing)
                  S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
                  S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host-stuurprogramma>


                  -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                  R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
                  R2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>
                  R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
                  R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

                  S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


                  -- Device Manager: Disabled ----------------------------------------------------

                  No disabled devices found.


                  -- Files created between 2008-03-17 and 2008-04-17 -----------------------------

                  2008-04-17 18:51:46 88128 --a------ C:\WINDOWS\system32\xmafgrjd.dll
                  2008-04-17 18:49:30 92736 --a------ C:\WINDOWS\system32\ddjmalav.dll
                  2008-04-17 18:24:33 158253 --ahs---- C:\WINDOWS\system32\tuvyyxyb.ini2
                  2008-04-17 18:21:23 0 d-------- C:\RVAXO
                  2008-04-17 18:16:19 793825 --a------ C:\WINDOWS\system32\RVAXO.bat
                  2008-04-17 18:16:19 69632 --a------ C:\WINDOWS\system32\remove.exe
                  2008-04-17 17:39:47 0 d-------- C:\WINDOWS\pss
                  2008-04-17 15:32:03 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                  2008-04-17 15:31:28 0 d-------- C:\Program Files\Spyware Doctor
                  2008-04-17 15:31:28 0 d-------- C:\Documents and Settings\Nostimos\Application Data\PC Tools
                  2008-04-17 15:30:13 0 d-------- C:\Program Files\Webroot
                  2008-04-17 15:30:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                  2008-04-17 15:29:53 0 d-------- C:\Documents and Settings\Nostimos\Application Data\Webroot
                  2008-04-17 15:27:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
                  2008-04-17 13:39:03 0 d-------- C:\Program Files\Trend Micro
                  2008-04-17 12:39:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                  2008-04-17 09:11:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
                  2008-04-16 21:31:34 109163 --a------ C:\WINDOWS\system32\tcfljqhe.dll
                  2008-04-16 21:29:37 100686 --a------ C:\WINDOWS\system32\rajjweum.dll
                  2008-04-16 21:29:31 105642 --a------ C:\WINDOWS\system32\lehlkykr.dll
                  2008-04-16 21:28:29 393677 --a------ C:\WINDOWS\system32\byxyyvut.dll
                  2008-04-16 21:15:16 34099 --a------ C:\WINDOWS\system32\mljjjggh.dll
                  2008-04-16 21:12:13 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe


                  -- Find3M Report ---------------------------------------------------------------

                  2008-04-17 16:22:50 0 d-------- C:\Program Files\Hitman Pro
                  2008-04-17 16:16:43 0 d-------- C:\Program Files\Lx_cats
                  2008-04-17 15:49:56 442556 --a----c- C:\WINDOWS\system32\perfh013.dat
                  2008-04-17 15:49:56 69812 --a----c- C:\WINDOWS\system32\perfc013.dat
                  2008-04-17 15:29:38 0 d-------- C:\Program Files\Lavasoft
                  2008-04-17 09:11:18 0 d-------- C:\Program Files\Common Files
                  2008-03-05 13:24:58 0 d-------- C:\Documents and Settings\Nostimos\Application Data\ArcSoft
                  2008-02-22 22:17:00 0 d-------- C:\Documents and Settings\Nostimos\Application Data\dvdcss
                  2008-02-20 13:45:41 0 d-------- C:\Program Files\LizardTech


                  -- Registry Dump ---------------------------------------------------------------

                  *Note* empty entries & legit default entries are not shown


                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A927DAA-63A1-4D80-9F29-050CE819C869}]
                  16-04-2008 21:28 393677 --a------ C:\WINDOWS\system32\byxyyvut.dll

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b9cc225-2509-43de-b60a-363628bc14ce}]
                  17-04-2008 18:49 92736 --a------ C:\WINDOWS\system32\ddjmalav.dll

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
                  C:\WINDOWS\system32\pmnoljgg.dll

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "ATIModeChange"="Ati2mdxx.exe" [04-09-2001 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
                  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [25-06-2003 16:30]
                  "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [15-08-2002 07:26]
                  "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [13-03-2003 17:11]
                  "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [26-03-2003 12:15]
                  "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [05-10-2003 19:28]
                  "CARPService"="carpserv.exe" [21-05-2003 15:35 C:\WINDOWS\system32\carpserv.exe]
                  "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [15-10-2003 08:10]
                  "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [10-09-2003 04:11]
                  "UniPrint"="C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe" [20-02-2004 12:15]
                  "BearShare"="C:\Program Files\BearShare\BearShare.exe"
                  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01-09-2005 23:41]
                  "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-03-2006 19:49]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13-04-2005 04:48]
                  "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [20-06-2006 15:37]
                  "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11-07-2006 01:30]
                  "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [07-06-2006 05:05]
                  "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
                  "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 11:55]
                  "LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [07-06-2006 14:09]
                  "390dd2ec"="C:\WINDOWS\system32\xmafgrjd.dll" [17-04-2008 18:51]

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13-10-2004 18:24]
                  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                  "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

                  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21-1-2000 10:15:56]
                  Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [3-5-1999 17:02:18]
                  SpeedTouch 121g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [23-9-2004 19:36:28]

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                  "NoColorChoice"=0 (0x0)
                  "NoSizeChoice"=0 (0x0)
                  "NoDispScrSavPage"=0 (0x0)
                  "NoDispCPL"=0 (0x0)
                  "NoVisualStyleChoice"=0 (0x0)
                  "NoDispSettingsPage"=0 (0x0)

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
                  "{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\pmnoljgg.dll [ ]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnoljgg]
                  pmnoljgg.dll

                  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                  "Authentication Packages"= msv1_0 C:\WINDOWS\system32\byxyyvut

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                  @="Volume shadow copy"


                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
                  AutoRun\command- E:\autorun.exe




                  -- End of Deckard's System Scanner: finished at 2008-04-17 19:03:13 ------------


                  Deckard's System Scanner v20071014.68
                  Extra logfile - please post this as an attachment with your post.
                  --------------------------------------------------------------------------------

                  -- System Information ----------------------------------------------------------

                  Microsoft Windows XP Professional (build 2600) SP 2.0
                  Architecture: X86; Language: Dutch

                  CPU 0: mobile AMD Athlon(tm) XP2500+
                  Percentage of Memory in Use: 87%
                  Physical Memory (total/avail): 190.48 MiB / 24.43 MiB
                  Pagefile Memory (total/avail): 577.68 MiB / 81.11 MiB
                  Virtual Memory (total/avail): 2047.88 MiB / 1936.38 MiB

                  A: is Removable (No Media)
                  C: is Fixed (NTFS) - 10.17 GiB total, 1.96 GiB free.
                  D: is Fixed (NTFS) - 27.09 GiB total, 8.23 GiB free.
                  E: is CDROM (CDFS)
                  G: is Removable (FAT32)

                  \\.\PHYSICALDRIVE0 - ST94011A - 37.26 GiB - 2 partitions
                  \PARTITION0 (bootable) - Installable File System - 10.17 GiB - C:
                  \PARTITION1 - Extended w/Extended Int 13 - 27.09 GiB - D:

                  \\.\PHYSICALDRIVE1 - USB NAND FLASH DISK USB Device - 117.66 MiB - 1 partition
                  \PARTITION0 (bootable) - Unknown - 124.98 MiB - G:



                  -- Security Center -------------------------------------------------------------

                  AUOptions is scheduled to auto-install.
                  Windows Internal Firewall is enabled.


                  [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
                  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

                  [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                  "C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*isabled:BearShare"
                  "C:\\Program Files\\Microsoft Office\\Office\\1043\\WFXMSRVR.EXE"="C:\\Program Files\\Microsoft Office\\Office\\1043\\WFXMSRVR.EXE:*isabled:WFXMSRVR"
                  "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
                  "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                  "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
                  "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*isabled:Framework Service"
                  "C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
                  "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
                  "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
                  "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
                  "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
                  "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"


                  -- Environment Variables -------------------------------------------------------

                  ALLUSERSPROFILE=C:\Documents and Settings\All Users
                  APPDATA=C:\Documents and Settings\Nostimos\Application Data
                  CLIENTNAME=Console
                  CommonProgramFiles=C:\Program Files\Common Files
                  COMPUTERNAME=MT
                  ComSpec=C:\WINDOWS\system32\cmd.exe
                  FP_NO_HOST_CHECK=NO
                  HOMEDRIVE=C:
                  HOMEPATH=\Documents and Settings\Nostimos
                  LOGONSERVER=\\MT
                  LOGSCRIPT=C:\Program Files\UniPrint\Log Files
                  NUMBER_OF_PROCESSORS=1
                  OS=Windows_NT
                  Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System
                  PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
                  PROCESSOR_ARCHITECTURE=x86
                  PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
                  PROCESSOR_LEVEL=6
                  PROCESSOR_REVISION=0a00
                  ProgramFiles=C:\Program Files
                  PROMPT=$P$G
                  SESSIONNAME=Console
                  SystemDrive=C:
                  SystemRoot=C:\WINDOWS
                  TEMP=C:\windows\temp
                  TMP=C:\windows\temp
                  USERDOMAIN=MT
                  USERNAME=Nostimos
                  USERPROFILE=C:\Documents and Settings\Nostimos
                  windir=C:\WINDOWS


                  -- User Profiles ---------------------------------------------------------------

                  Nostimos (admin)
                  Administrator (admin)


                  -- Add/Remove Programs ---------------------------------------------------------

                  --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
                  --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
                  Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
                  ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
                  Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
                  Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~3\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~3\INSTALL.LOG
                  Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN0413.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
                  Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
                  ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x13
                  ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
                  ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
                  Azureus --> C:\Program Files\Azureus\Uninstall.exe
                  Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
                  Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
                  Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
                  Books That Work 3D Tuin Design version 2.0NL --> C:\TLCDOMUS\3DLand2\UnSetup.EXE \INSTALL.LOG
                  Brother 1230 --> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\Brother\BRHL1230\DeIsL1.isu" -cbrunin123.dll
                  Brother HL-1430 --> "C:\Program Files\Brother\BRHL1430\IsUn0413.exe" -f"C:\Program Files\Brother\BRHL1430\DeIsL1.isu" -cbruninst.dll
                  Brownie --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Brownie\Uninst.isu"
                  Conexant AC-Link Audio --> CIAunwdm.exe
                  coverXP (remove only) --> "C:\Program Files\coverXP\cxp-uninst.exe"
                  Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
                  Grundig DigtaMobile --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{166DAE24-301D-4635-8E7E-50E96AF3654F}\Setup.exe" -l0x13 -remove
                  Hema Album Software Advanced --> "D:\Hema Album Software Advanced\unins000.exe"
                  HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
                  HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
                  Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
                  HP LaserJet 2200 De-installeerder --> C:\Program Files\Hewlett-Packard\LaserJet All-in-one\Uninstall\2200\setup.exe uninst22.ini
                  hp LaserJet 2300 uninstaller --> C:\Program Files\Hewlett-Packard\LJ2300\Uninstall\unhp.exe ciuninst.ini
                  InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
                  J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
                  Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
                  Kluwer L.O. Personenschade, Aansprakelijkheid & Verz. --> C:\KLUWIN\LOPH\uninstal.exe
                  Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
                  Lexmark Werkbalk --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
                  McAfee VirusScan Enterprise --> MsiExec.exe /I{5A28A881-1B9A-4184-98F2-6C625BDE662C}
                  MetaFrame Presentation Server Client --> MsiExec.exe /I{D989BCC0-757C-4FB6-893C-512DF4382656}
                  Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
                  Microsoft Office 2000 SR-1 Standard --> MsiExec.exe /I{00020413-78E1-11D2-B60F-006097C998E7}
                  Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
                  neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
                  Notebook Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\Setup.exe" -l0x13 UNINSTALL
                  One-Touch knoppen --> C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
                  Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
                  PENTAX USB DISK Device --> MsiExec.exe /X{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}
                  PerfV350 Gebruikershandleiding --> C:\Program Files\EPSON\TPMANUAL\PerfV350\USE_G\DOCUNINS.EXE
                  QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
                  RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
                  Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
                  Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
                  Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
                  UniPrint Client 3.3.0b --> C:\PROGRA~1\UniPrint\Client\UNWISE.EXE C:\PROGRA~1\UniPrint\Client\INSTALL.LOG
                  Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
                  Update voor Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
                  Verzoek voorlopige teruggaaf 2008 --> C:\Program Files\Belastingdienst\Voorlopige Teruggaaf\2008\vt2008u.exe
                  VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
                  WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe


                  -- Application Event Log -------------------------------------------------------

                  Event Record #/Type7922 / Error
                  Event Submitted/Written: 04/17/2008 05:28:37 PM / 04/17/2008 05:28:38 PM
                  Event ID/Source: 1008 / McLogEvent
                  Event Description:
                  De McShield-service is onverwachts beëindigd.

                  Bekijk gebeurtenis 5019 of 5051 voor nadere gegevens.
                  De McShield-service wordt over 5 seconden opnieuw gestart;

                  Event Record #/Type7883 / Warning
                  Event Submitted/Written: 04/16/2008 09:05:37 PM
                  Event ID/Source: 4440 / COM+
                  Event Description:
                  Het CRM-logboekbestand is oorspronkelijk gemaakt op een computer met een andere naam. Het bestand is bijgewerkt met de naam van de huidige computer. Als deze waarschuwing wordt weergegeven als de naam van de computer is gewijzigd, hoeft u verder niets te doen. De toepassings-id wordt hieronder weergegeven. LAPTOPEEF

                  Servertoepassing-id: {02D4B3F1-FD88-11D1-960D-00805FC79235}
                  Id van servertoepassingsexemplaar:
                  {BCFC0772-4738-45F9-BBF0-090A6E609445}
                  Servertoepassingsnaam: System Application
                  Comsvcs.dll-bestand versie: ENU 2001.12.4414.308 shp



                  -- Security Event Log ----------------------------------------------------------

                  No Errors/Warnings found.


                  -- System Event Log ------------------------------------------------------------

                  Event Record #/Type27266 / Error
                  Event Submitted/Written: 04/17/2008 06:38:06 PM
                  Event ID/Source: 10010 / DCOM
                  Event Description:
                  De server {0002DF01-0000-0000-C000-000000000046} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd.

                  Event Record #/Type27252 / Error
                  Event Submitted/Written: 04/17/2008 06:26:12 PM
                  Event ID/Source: 7016 / Service Control Manager
                  Event Description:
                  De BrSplService-service heeft een ongeldige status 0 gerapporteerd.

                  Event Record #/Type27234 / Error
                  Event Submitted/Written: 04/17/2008 06:19:19 PM
                  Event ID/Source: 10005 / DCOM
                  Event Description:
                  DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
                  om de server
                  {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

                  Event Record #/Type27233 / Error
                  Event Submitted/Written: 04/17/2008 06:15:45 PM
                  Event ID/Source: 10005 / DCOM
                  Event Description:
                  DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                  om de server
                  {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

                  Event Record #/Type27232 / Error
                  Event Submitted/Written: 04/17/2008 06:15:26 PM
                  Event ID/Source: 10005 / DCOM
                  Event Description:
                  DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                  om de server
                  {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten



                  -- End of Deckard's System Scanner: finished at 2008-04-17 19:03:13 ------------

                  Comment


                  • #10
                    Het lijkt erop of de functie van de button explorer het niet doet

                    Als ik namelijk b.v. het venster ‘ mijn documenten’ open en op de adresbalk b.v. in plaats van mijn documenten intyp www.google.nl dan start internet wel op.

                    Mijn vraag:
                    - hoe kan ik dat herstellen
                    - moet ik nog een hijackthis log draaien

                    Comment


                    • #11
                      Misschien geeft dit nog meer info:
                      ik heb op mijn laptop ook een icoon explorer waarmee ik direct via internet verbinding kan maken op mijn netwerk van het bedrijf waar ik werk. Dan geeft hij de boodschap:
                      Windows kan het bestand (...) niet vinden. Controleer of u de naam juist hebt ingevoerd en probeer het opnieuw. Klik als u naar een bestand wilt zoeken op de knop Start en daarna op Zoeken.'

                      Het lijkt of ie geen exe bestand uitvoert of zoiets.....

                      Nogmaals, de Internet button op de taakbalk en die via Strt/Programmas werkt ook niet.

                      Moet ik nog een Hijack log draaien?

                      Comment


                      • #12
                        Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
                        Unzip het.
                        Start het programma door op avenger.exe te klikken.
                        In het venster "Input Script here", plak je het volgende (vetgedrukte):


                        Files to delete:
                        C:\WINDOWS\system32\xmafgrjd.dll
                        C:\WINDOWS\system32\ddjmalav.dll
                        C:\WINDOWS\system32\tuvyyxyb.ini2
                        C:\WINDOWS\system32\tcfljqhe.dll
                        C:\WINDOWS\system32\rajjweum.dll
                        C:\WINDOWS\system32\lehlkykr.dll
                        C:\WINDOWS\system32\byxyyvut.dll
                        C:\WINDOWS\system32\mljjjggh.dll
                        C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe


                        Klik daarna op de knop "Execute".
                        Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                        Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

                        Post ook een nieuw logje van Deckard's System Scanner

                        Comment


                        • #13
                          Hallo,

                          je aanwijzigingen opgevolgd, en ik kreek ook een avenger.txt na opstarten maar allerlei foutmeldiungen (van spubot, die wilde register entrys veranderen) en de comp liep vast..... Hoe kan ik die avenger.txt nog een keer verkrijgen? wel hieronder de main.txt via dss.

                          Ik wacht weer af. (krijg nog steeds bij opstarten dus foutmeldingen en een baklk die zegd COM-onderdeel instelleren'en die doet vervolgens niets...

                          Deckard's System Scanner v20071014.68
                          Run by Nostimos on 2008-04-17 21:40:20
                          Computer is in Normal Mode.
                          --------------------------------------------------------------------------------

                          Percentage of Memory in Use: 86% (more than 75%).
                          Total Physical Memory: 191 MiB (512 MiB recommended).


                          -- HijackThis (run as Nostimos.exe) --------------------------------------------

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 21:42:00, on 17-4-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\csrss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                          C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                          C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
                          C:\WINDOWS\system32\carpserv.exe
                          C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                          C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                          C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
                          C:\Program Files\Lexmark 5400 Series\lxctmon.exe
                          C:\Program Files\Lexmark 5400 Series\ezprint.exe
                          C:\Program Files\Spyware Doctor\pctsTray.exe
                          C:\Program Files\Messenger\MSMSGS.EXE
                          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                          C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                          C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE
                          C:\WINDOWS\System32\brsvc01a.exe
                          C:\WINDOWS\System32\brss01a.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\WINDOWS\System32\Ati2evxx.exe
                          C:\WINDOWS\system32\HPConfig.exe
                          C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                          C:\WINDOWS\system32\lxctcoms.exe
                          C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                          C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                          C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
                          C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                          C:\Program Files\Spyware Doctor\pctsSvc.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\wdfmgr.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\WINDOWS\System32\alg.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\Documents and Settings\Nostimos\Bureaublad\dss.exe
                          C:\PROGRA~1\TRENDM~1\HIJACK~1\Nostimos.exe
                          C:\Program Files\Microsoft Office\Office\WINWORD.EXE
                          C:\WINDOWS\System32\wbem\wmiprvse.exe

                          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: (no name) - {0A927DAA-63A1-4D80-9F29-050CE819C869} - C:\WINDOWS\system32\byxyyvut.dll (file missing)
                          O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
                          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                          O2 - BHO: {ec41cb82-6363-a06b-ed34-9052522cc9b7} - {7b9cc225-2509-43de-b60a-363628bc14ce} - C:\WINDOWS\system32\ddjmalav.dll (file missing)
                          O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\pmnoljgg.dll (file missing)
                          O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
                          O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
                          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                          O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
                          O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                          O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
                          O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                          O4 - HKLM\..\Run: [CARPService] carpserv.exe
                          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                          O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
                          O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
                          O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
                          O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
                          O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
                          O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
                          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                          O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\xmafgrjd.dll",b
                          O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
                          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
                          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                          O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                          O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
                          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
                          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
                          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                          O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                          O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
                          O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
                          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
                          O20 - Winlogon Notify: pmnoljgg - pmnoljgg.dll (file missing)
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
                          O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
                          O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
                          O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
                          O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                          O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                          O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                          O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
                          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

                          --
                          End of file - 9384 bytes

                          -- Files created between 2008-03-17 and 2008-04-17 -----------------------------

                          2008-04-17 18:21:23 0 d-------- C:\RVAXO
                          2008-04-17 18:16:19 793825 --a------ C:\WINDOWS\system32\RVAXO.bat
                          2008-04-17 18:16:19 69632 --a------ C:\WINDOWS\system32\remove.exe
                          2008-04-17 17:39:47 0 d-------- C:\WINDOWS\pss
                          2008-04-17 15:32:03 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                          2008-04-17 15:31:28 0 d-------- C:\Program Files\Spyware Doctor
                          2008-04-17 15:31:28 0 d-------- C:\Documents and Settings\Nostimos\Application Data\PC Tools
                          2008-04-17 15:30:13 0 d-------- C:\Program Files\Webroot
                          2008-04-17 15:30:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                          2008-04-17 15:29:53 0 d-------- C:\Documents and Settings\Nostimos\Application Data\Webroot
                          2008-04-17 15:27:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
                          2008-04-17 13:39:03 0 d-------- C:\Program Files\Trend Micro
                          2008-04-17 12:39:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                          2008-04-17 09:11:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


                          -- Find3M Report ---------------------------------------------------------------

                          2008-04-17 21:07:20 0 d-------- C:\Program Files\Common Files
                          2008-04-17 16:22:50 0 d-------- C:\Program Files\Hitman Pro
                          2008-04-17 16:16:43 0 d-------- C:\Program Files\Lx_cats
                          2008-04-17 15:49:56 442556 --a----c- C:\WINDOWS\system32\perfh013.dat
                          2008-04-17 15:49:56 69812 --a----c- C:\WINDOWS\system32\perfc013.dat
                          2008-04-17 15:29:38 0 d-------- C:\Program Files\Lavasoft
                          2008-03-05 13:24:58 0 d-------- C:\Documents and Settings\Nostimos\Application Data\ArcSoft
                          2008-02-22 22:17:00 0 d-------- C:\Documents and Settings\Nostimos\Application Data\dvdcss
                          2008-02-20 13:45:41 0 d-------- C:\Program Files\LizardTech


                          -- Registry Dump ---------------------------------------------------------------

                          *Note* empty entries & legit default entries are not shown


                          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A927DAA-63A1-4D80-9F29-050CE819C869}]
                          C:\WINDOWS\system32\byxyyvut.dll

                          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b9cc225-2509-43de-b60a-363628bc14ce}]
                          C:\WINDOWS\system32\ddjmalav.dll

                          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
                          C:\WINDOWS\system32\pmnoljgg.dll

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "ATIModeChange"="Ati2mdxx.exe" [04-09-2001 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
                          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [25-06-2003 16:30]
                          "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [15-08-2002 07:26]
                          "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [13-03-2003 17:11]
                          "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [26-03-2003 12:15]
                          "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [05-10-2003 19:28]
                          "CARPService"="carpserv.exe" [21-05-2003 15:35 C:\WINDOWS\system32\carpserv.exe]
                          "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [15-10-2003 08:10]
                          "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [10-09-2003 04:11]
                          "UniPrint"="C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe" [20-02-2004 12:15]
                          "BearShare"="C:\Program Files\BearShare\BearShare.exe"
                          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01-09-2005 23:41]
                          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-03-2006 19:49]
                          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13-04-2005 04:48]
                          "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [20-06-2006 15:37]
                          "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11-07-2006 01:30]
                          "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [07-06-2006 05:05]
                          "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
                          "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 11:55]
                          "390dd2ec"="C:\WINDOWS\system32\xmafgrjd.dll"
                          "LXCTCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [07-06-2006 14:09]

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [13-10-2004 18:24]
                          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

                          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21-1-2000 10:15:56]
                          Poort voor Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE [3-5-1999 17:02:18]
                          SpeedTouch 121g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [23-9-2004 19:36:28]

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                          "NoColorChoice"=0 (0x0)
                          "NoSizeChoice"=0 (0x0)
                          "NoDispScrSavPage"=0 (0x0)
                          "NoDispCPL"=0 (0x0)
                          "NoVisualStyleChoice"=0 (0x0)
                          "NoDispSettingsPage"=0 (0x0)

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
                          "{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\pmnoljgg.dll [ ]

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnoljgg]
                          pmnoljgg.dll

                          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                          "Authentication Packages"= msv1_0 C:\WINDOWS\system32\byxyyvut

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
                          @="Service"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
                          @="Service"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
                          @="Service"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                          @="Volume shadow copy"


                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
                          AutoRun\command- E:\autorun.exe




                          -- End of Deckard's System Scanner: finished at 2008-04-17 21:44:28 ------------

                          Comment


                          • #14
                            Start Hijackthis en vink alleen de volgende regels aan:
                            O2 - BHO: (no name) - {0A927DAA-63A1-4D80-9F29-050CE819C869} - C:\WINDOWS\system32\byxyyvut.dll (file missing)
                            O2 - BHO: {ec41cb82-6363-a06b-ed34-9052522cc9b7} - {7b9cc225-2509-43de-b60a-363628bc14ce} - C:\WINDOWS\system32\ddjmalav.dll (file missing)
                            O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\pmnoljgg.dll (file missing)
                            O4 - HKLM\..\Run: [390dd2ec] rundll32.exe "C:\WINDOWS\system32\xmafgrjd.dll",b
                            O20 - Winlogon Notify: pmnoljgg - pmnoljgg.dll (file missing)

                            Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                            Herstart je computer.

                            Post na de herstart een nieuw logje van Hijackthis en vertel welke problemen je nog ondervindt

                            Comment


                            • #15
                              Hieronder nog een logfile,

                              het lijkt er op dat de problemen geweken zijn. Ik wil je alvast heel hartelijk bedanken.

                              Mag ik nog een berichtje plaatsen als zoch toch vreemde zaken voordoen?

                              vriendelijke groet,
                              Marnix.

                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 22:32:34, on 17-4-2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\csrss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                              C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                              C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                              C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
                              C:\WINDOWS\system32\carpserv.exe
                              C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                              C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                              C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
                              C:\Program Files\Lexmark 5400 Series\lxctmon.exe
                              C:\Program Files\Lexmark 5400 Series\ezprint.exe
                              C:\Program Files\Spyware Doctor\pctsTray.exe
                              C:\Program Files\Messenger\MSMSGS.EXE
                              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                              C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                              C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                              C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE
                              C:\WINDOWS\System32\brss01a.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\WINDOWS\System32\Ati2evxx.exe
                              C:\WINDOWS\system32\HPConfig.exe
                              C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                              C:\WINDOWS\system32\lxctcoms.exe
                              C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                              C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                              C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                              C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
                              C:\Program Files\Spyware Doctor\pctsSvc.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\wdfmgr.exe
                              C:\WINDOWS\system32\wuauclt.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                              C:\WINDOWS\System32\wbem\wmiprvse.exe

                              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
                              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                              O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
                              O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
                              O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                              O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
                              O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                              O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
                              O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                              O4 - HKLM\..\Run: [CARPService] carpserv.exe
                              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                              O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe
                              O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
                              O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
                              O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
                              O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
                              O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
                              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                              O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
                              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
                              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                              O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
                              O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
                              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
                              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
                              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                              O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                              O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
                              O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
                              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
                              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                              O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
                              O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
                              O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
                              O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                              O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
                              O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                              O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                              O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                              O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
                              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

                              --
                              End of file - 8732 bytes

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X