Mededeling

**Saara** · 19-04-08, 14:44

Beste

**Saara** · 19-04-08, 15:07

oeps, ik had ook m'n hijacklogje vergeten bijvoegen.

Nu ik de nieuwe versie probeerde te downloaden, kreeg ik na meerdere malen proberen iedere keer het volgende in mijn adresbalk:

http://www.trendsecure.com/portal/en-US/error/error_page/404

ook nog wat bijkomende info:

de pc is spijtig genoeg ook nog véél vertraagt sinds gisteren, vooral ook firefox en i explorer.

iedere keer als ik firefox probeer op te starten, krijg ik ook volgende melding:
firefox.exe : kan entrypoint van procedure NS_Alloc niet vinden in DLL-bestand xpcom.dll.

Vele groetjes,

Saara

**smeenk** · 19-04-08, 16:12

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**Saara** · 19-04-08, 17:34

Beste Smeenk

is gebeurd !

Groetjes

Rvaxo results:

---RVAXO.exe Updated: 2008-04-19---first run---
Uninstallers:

Files found:
C:\WINDOWS\BMe3763960.xml
C:\WINDOWS\BMe3763960.txt
C:\WINDOWS\system32\wGgjlnnn.ini2
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\System32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll
C:\WINDOWS\System32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll-uninst.exe
C:\WINDOWS\System32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll
C:\WINDOWS\System32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll-uninst.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\WinNB58.dll
C:\Documents and Settings\Guus\lsass.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\Prefetch\MROFINU1000106.EXE-32DF0342.pf
C:\WINDOWS\Prefetch\MROFINU1188.EXE-2D6F2449.pf
C:\WINDOWS\system32\pac.txt

Folders Found:
C:\Program Files\Adzgalore Games Collection
C:\WINDOWS\system32\UpMedia
C:\Temp\1cb

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

main.txt:

Deckard's System Scanner v20071014.68
Run by Guus on 2008-04-19 17:28:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
8: 2008-04-19 15:28:19 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-04-19 01:51:15 UTC - RP7 - Installed UltraMon
6: 2008-04-18 23:07:17 UTC - RP6 - Removed Java(TM) SE Runtime Environment 6 Update 1
5: 2008-04-18 23:02:37 UTC - RP5 - Removed Java(TM) SE Runtime Environment 6
4: 2008-04-18 22:56:17 UTC - RP4 - Removed Java(TM) 6 Update 5

-- First Restore Point --
1: 2008-04-18 20:54:32 UTC - RP1 - Installed SUPERAntiSpyware Free Edition

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.37 GiB (less than 15%) free.

-- HijackThis (run as Guus.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:10, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\windows\system32\pmropn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
c:\windows\system32\jswnw64q.exe
C:\WINDOWS\system32\tcnttkdn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Guus\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Guus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: gooochi browser optimizer - {25fb5b49-809a-280f-07bb-a611642a20b3} - C:\WINDOWS\system32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll (file missing)
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: (no name) - {91E6B6C7-217B-487D-B454-0006A85750A6} - C:\WINDOWS\system32\nnnljgGw.dll
O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\ssqOIArR.dll
O2 - BHO: cpmsky browser optimizer - {fd60fddf-3531-e435-8281-c58e1a5395d8} - C:\WINDOWS\system32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{50-0A-A5-53-DW}] c:\windows\system32\jswnw64q.exe DWram
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Guus\lsass.exe
O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [e0450afc] rundll32.exe "C:\WINDOWS\system32\rokfxifj.dll",b
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcnttkdn.exe DWram
O4 - HKLM\..\Run: [BMe3763960] Rundll32.exe "C:\WINDOWS\system32\khmitslp.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: back to normal.lnk = ?
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcnttkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64q.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098994388031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O20 - Winlogon Notify: ssqOIArR - C:\WINDOWS\SYSTEM32\ssqOIArR.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9691 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071006-211159-182 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071006-211159-271 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071006-211159-441 O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071006-211159-587 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
backup-20071006-211159-661 O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071006-211159-836 O4 - Startup: system.exe
backup-20071006-211159-876 O20 - AppInit_DLLs: C:\WINDOWS\system32\cmcache.dat
backup-20071007-133252-446 O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071007-133252-478 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071007-133252-656 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071007-133252-729 O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071007-133252-745 O20 - AppInit_DLLs: C:\WINDOWS\system32\cmcache.dat
backup-20071007-133252-841 O4 - Global Startup: autorun.exe
backup-20071007-133252-874 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
backup-20071008-162529-320 O4 - Startup: system.exe
backup-20071008-162529-489 O20 - AppInit_DLLs: C:\WINDOWS\system32\cmcache.dat
backup-20071008-162529-598 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071008-162529-686 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
backup-20071008-162529-695 O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
backup-20071008-162529-727 O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
backup-20071008-162529-728 O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071008-162529-861 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071008-162529-904 O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071008-162529-920 O4 - Global Startup: info.exe
backup-20071008-162529-989 O4 - Global Startup: autorun.exe
backup-20071008-162529-994 O4 - Startup: info.exe
backup-20071009-003410-162 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071009-003410-168 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
backup-20071009-003410-435 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20071009-003410-440 O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071009-003410-463 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
backup-20071009-003410-617 O4 - Global Startup: autorun.exe
backup-20071009-003410-660 O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
backup-20071009-003410-831 O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
backup-20071009-003410-835 O4 - Startup: system.exe
backup-20080419-012302-189 O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
backup-20080419-012302-366 O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
backup-20080419-012302-552 O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
backup-20080419-012302-658 O15 - Trusted Zone: http://click.getmirar.com (HKLM)
backup-20080419-012302-878 O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 UltraMonUtility (UltraMon Utility Driver) - c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys <Not Verified; Realtime Soft; UltraMon>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys <Not Verified; Realtime Soft; UltraMon>

S3 Amsmpu4p - c:\docume~1\guus\locals~1\temp\amsmpu4p.sys (file missing)
S3 catchme - c:\docume~1\guus\locals~1\temp\catchme.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\20.tmp (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-19 16:36:17 362 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-04-11 14:41:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 17:08:30 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 17:03:14 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-19 17:02:46 204167 --ahs---- C:\WINDOWS\system32\wGgjlnnn.ini2
2008-04-19 16:56:48 0 d-------- C:\RVAXO
2008-04-19 16:50:56 796146 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-19 16:50:56 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-19 15:03:57 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2008-04-19 15:03:57 1358156 --a------ C:\WINDOWS\system32\model.dat
2008-04-19 15:03:57 966656 --a------ C:\WINDOWS\system32\LDPackage.dll <Not Verified; ; LDPackag Dynamic Link Library>
2008-04-19 12:42:43 286720 --a------ C:\WINDOWS\system32\pmxf.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-04-19 12:41:33 87616 --a------ C:\WINDOWS\system32\rokfxifj.dll
2008-04-19 12:40:01 95296 --a------ C:\WINDOWS\system32\khmitslp.dll
2008-04-19 04:14:54 712704 --a------ C:\WINDOWS\system32\pmph.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-04-19 03:52:00 0 d-------- C:\Documents and Settings\Guus\Application Data\Realtime Soft
2008-04-19 03:51:21 0 d-------- C:\Program Files\Common Files\Realtime Soft
2008-04-19 03:51:18 0 d-------- C:\Program Files\UltraMon
2008-04-19 03:51:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-04-19 03:29:46 0 d-------- C:\Program Files\DVDlabPro2
2008-04-19 01:58:12 237568 --a------ C:\WINDOWS\system32\SolarWinds.scr
2008-04-19 01:58:12 6094848 --a------ C:\WINDOWS\system32\Skyrocket.scr
2008-04-19 01:58:12 229376 --a------ C:\WINDOWS\system32\Plasma.scr
2008-04-19 01:58:12 1908736 --a------ C:\WINDOWS\system32\Lattice.scr
2008-04-19 01:58:11 532480 --a------ C:\WINDOWS\system32\Hyperspace.scr
2008-04-19 01:58:11 18009 --a------ C:\WINDOWS\system32\GPL
2008-04-19 01:58:11 245760 --a------ C:\WINDOWS\system32\Flux.scr
2008-04-19 01:58:11 249856 --a------ C:\WINDOWS\system32\Flocks.scr
2008-04-19 01:58:11 237568 --a------ C:\WINDOWS\system32\FieldLines.scr
2008-04-19 01:58:11 450560 --a------ C:\WINDOWS\system32\Euphoria.scr
2008-04-19 01:58:11 274432 --a------ C:\WINDOWS\system32\Cyclone.scr
2008-04-19 01:54:58 483328 --a------ C:\WINDOWS\system32\Helios.scr
2008-04-19 00:18:43 0 d-------- C:\!KillBox
2008-04-19 00:15:23 37888 --a------ C:\WINDOWS\system32\ssqPigEU.dll
2008-04-18 23:41:01 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-04-18 22:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-18 22:54:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-18 22:54:36 0 d-------- C:\Documents and Settings\Guus\Application Data\SUPERAntiSpyware.com
2008-04-18 22:39:11 118784 --a------ C:\WINDOWS\system32\pmai.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-04-18 22:38:08 0 d-------- C:\Documents and Settings\Guus\music
2008-04-18 22:31:15 298315 --a------ C:\WINDOWS\system32\gside.exe
2008-04-18 22:30:37 49172 --a------ C:\WINDOWS\system32\jswnw64q.exe <Not Verified; ; Browser Driver>
2008-04-18 21:42:09 274432 --a------ C:\WINDOWS\system32\nnnljgGw.dll
2008-04-18 21:40:56 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-18 21:39:50 0 d-------- C:\Program Files\Silent Lake Screensaver
2008-04-18 21:37:22 200774 --a------ C:\WINDOWS\system32\tcnttkdn.exe
2008-04-18 21:37:20 403586 --a------ C:\WINDOWS\system32\g63.exe
2008-04-18 21:37:18 0 d--hs---- C:\WINDOWS\R3V1cw
2008-04-18 21:37:15 49168 --a------ C:\WINDOWS\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>
2008-04-18 21:37:11 0 d-------- C:\WINDOWS\system32\wTmp
2008-04-18 21:37:11 0 d-------- C:\WINDOWS\system32\le2
2008-04-18 21:37:11 0 d-------- C:\WINDOWS\system32\IBn
2008-04-18 21:37:09 0 d-------- C:\WINDOWS\system32\xcsDd18
2008-04-18 21:37:08 0 d-------- C:\Temp
2008-04-18 21:37:04 37888 --a------ C:\WINDOWS\system32\ssqOIArR.dll
2008-04-18 20:59:21 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-18 20:59:21 1609728 --a------ C:\WINDOWS\system32\pmropn.exe <Not Verified; PremierOpinion; PremierOpinion>
2008-04-18 20:59:21 368640 --a------ C:\WINDOWS\system32\pmls.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-04-18 20:41:12 89070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-18 20:41:12 88064 --a------ C:\WINDOWS\system32\cmcfg3.dll
2008-04-18 20:40:33 40713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe
2008-04-18 20:14:08 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-17 23:48:49 520192 --a------ C:\WINDOWS\system32\Holding Pattern Coach.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-04-17 23:48:49 0 d-------- C:\WINDOWS\system32\Holding Pattern Coach dir
2008-04-17 21:15:59 0 d------c- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-17 15:55:36 0 d---s---- C:\Program Files\FolderIcon
2008-04-17 15:36:14 0 d-------- C:\Program Files\GlobFX Technologies
2008-04-17 15:05:00 0 d-------- C:\Documents and Settings\Guus\Application Data\Vista Start Menu
2008-04-17 15:04:58 0 d-------- C:\Program Files\Vista Start Menu
2008-04-17 14:47:59 24575 --a------ C:\WINDOWS\system32\Pssetwinsyspios61.dat
2008-04-17 14:47:40 53248 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-04-17 14:47:37 0 d-------- C:\Program Files\IconCool Software
2008-04-17 14:42:00 94208 --a------ C:\WINDOWS\system32\HotFiles.dll <Not Verified; AirySoft; AirySoft SmartFileIcons Shell eXtension>
2008-04-11 17:46:26 334848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-04-05 14:29:28 0 d-------- C:\Program Files\Conduit
2008-04-04 19:02:10 0 d-------- C:\Documents and Settings\Guus\Application Data\Xfire
2008-04-04 19:02:00 0 d-------- C:\Program Files\Xfire
2008-04-04 18:27:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-03 21:02:46 0 d-------- C:\Program Files\Qlock
2008-04-02 14:53:19 0 d-------- C:\Program Files\Graphmatica
2008-03-27 17:35:26 333824 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll

-- Find3M Report ---------------------------------------------------------------

2008-04-19 17:07:36 0 d-------- C:\Program Files\Common Files
2008-04-19 16:39:12 374 --a------ C:\Documents and Settings\Guus\Application Data\internaldb6334.dat
2008-04-19 16:24:47 555 --a------ C:\Documents and Settings\Guus\Application Data\internaldb8467.dat
2008-04-19 16:24:46 18432 --a------ C:\Documents and Settings\Guus\Application Data\internaldb41.dat
2008-04-19 01:15:53 0 d-------- C:\Documents and Settings\Guus\Application Data\Sun
2008-04-19 01:04:14 0 d-------- C:\Program Files\Java
2008-04-18 22:54:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 22:39:01 0 d-------- C:\Program Files\LimeWire
2008-04-18 22:28:43 0 d-------- C:\Documents and Settings\Guus\Application Data\Azureus
2008-04-18 11:21:09 0 d-------- C:\Documents and Settings\Guus\Application Data\ChessBase
2008-04-17 22:32:58 442004 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-17 22:32:58 69380 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-02 17:39:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-02 17:39:06 0 d-------- C:\Program Files\EASY COMPUTING
2008-02-06 19:21:56 233472 --a------ C:\WINDOWS\system32\nsvB.dll
2008-01-30 17:47:38 139264 --a------ C:\WINDOWS\MirarDownloader_876260.exe <Not Verified; Mirar; Mirar Downloader Setup>
2008-01-30 17:47:34 363980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25fb5b49-809a-280f-07bb-a611642a20b3}]
C:\WINDOWS\system32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
11/04/2008 17:46 334848 --a------ C:\WINDOWS\system32\myss_sb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91E6B6C7-217B-487D-B454-0006A85750A6}]
18/04/2008 21:42 274432 --a------ C:\WINDOWS\system32\nnnljgGw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9506910A-0F94-4ea1-B567-7070428B8B2B}]
27/03/2008 17:35 333824 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
18/04/2008 21:37 37888 --a------ C:\WINDOWS\system32\ssqOIArR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd60fddf-3531-e435-8281-c58e1a5395d8}]
C:\WINDOWS\system32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [28/02/2005 17:46]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [17/08/2003 23:33]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [09/07/2001 12:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [08/06/2005 12:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22]
"nwiz"="nwiz.exe" [22/10/2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [10/12/2002 02:19]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 12:22]
"{50-0A-A5-53-DW}"="c:\windows\system32\jswnw64q.exe" [18/04/2008 22:30]
"LSA Shellu"="C:\Documents and Settings\Guus\lsass.exe"

"PremierOpinion"="c:\windows\system32\pmropn.exe" [18/04/2008 22:34]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [12/10/2006 21:27]
"e0450afc"="C:\WINDOWS\system32\rokfxifj.dll" [19/04/2008 12:41]
"ExploreUpdSched"="C:\WINDOWS\system32\tcnttkdn.exe" [18/04/2008 21:37]
"BMe3763960"="C:\WINDOWS\system32\khmitslp.dll" [19/04/2008 12:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:03]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [11/04/2008 18:51]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]

C:\Documents and Settings\Guus\Menu Start\Programma's\Opstarten\
back to normal.lnk - C:\Documents and Settings\Guus\Application Data\Realtime Soft\UltraMon\Profiles\back to normal.umprofile [19/04/2008 4:42:59]
Deewoo.lnk - C:\WINDOWS\system32\tcnttkdn.exe [18/04/2008 21:37:22]
DW_Start.lnk - C:\WINDOWS\system32\jswnw64q.exe [18/04/2008 22:30:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\ssqOIArR.dll [18/04/2008 21:37 37888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll 19/04/2008 00:17 368640 C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOIArR]
ssqOIArR.dll 18/04/2008 21:37 37888 C:\WINDOWS\system32\ssqOIArR.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\pmai.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnljgGw

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-04-19 17:30:21 ------------

**Saara** · 19-04-08, 17:35

extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 511.53 MiB / 164.59 MiB
Pagefile Memory (total/avail): 1250.15 MiB / 836.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 3.37 GiB free.
D: is Fixed (NTFS) - 35.46 GiB total, 6.63 GiB free.
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 76.33 GiB total, 72.92 GiB free.
H: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 - Installable File System - 76.33 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD800BB-00DKA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 35.46 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Norton AntiVirus v2004 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*

isabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Guus\\Local Settings\\Temp\\~osA.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Guus\\Local Settings\\Temp\\~osA.tmp\\ossproxy.exe:*:Enabled

ssproxy.exe"
"c:\\windows\\system32\\pmropn.exe"="c:\\windows\\system32\\pmropn.exe:*:Enabled

mropn.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Guus\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-2PF5PQTUGE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Guus
LOGONSERVER=\\HOME-2PF5PQTUGE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Guus\LOCALS~1\Temp
TMP=C:\DOCUME~1\Guus\LOCALS~1\Temp
ULTRAMON_LANGDIR=C:\Program Files\UltraMon\Resources\en
USERDOMAIN=HOME-2PF5PQTUGE
USERNAME=Guus
USERPROFILE=C:\Documents and Settings\Guus
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Guus (admin)
Robbe Guus (new local, admin)
Administrator (admin)
Gast (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\Easy Computing\Architect 3D\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFF5DEE7-8107-436B-9726-7573458FE6AE}\Setup.exe" -l0x9
ActiveDolls --> MsiExec.exe /I{E601665F-7D55-4983-AA72-43551164FC03}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adult Xonix --> C:\WINDOWS\UnGins.exe "C:\Adult Xonix\install.log"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ChessBase TrueType Fonts --> "Remove.exe" /U:"Remove.log"
Deewoo Network Manager removal --> C:\WINDOWS\system32\tcnttkdn.exe -UPop
Desktop --> MsiExec.exe /I{CDEBF9E7-BCEB-43A7-986C-E66377C28ABC}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD-lab PRO 2.5 --> "C:\Program Files\DVDlabPro2\unins000.exe"
EASY COMPUTINGs Toccata - partituurgenie --> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\EASY COMPUTING\TOCCATA\Uninst.isu"
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll-uninst.exe
Finale NotePad 2008 --> C:\Program Files\Finale NotePad 2008\uninstallNP.exe
FolderIcon XP 1.0 - MeaningData.com --> "C:\Program Files\FolderIcon\uninstall.exe"
Fritz8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}\Setup.exe"
GlobFX Space Travel --> "C:\Program Files\GlobFX Technologies\SpaceTravel\Uninstall.exe"
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Graphmatica --> C:\Program Files\Graphmatica\uninstall.exe
Gun Metal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B26E49E2-9521-4677-95CB-63B117D84BD8}\setup.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holding Pattern Coach Screen Saver --> C:\WINDOWS\system32\Holding Pattern Coach.scr /u
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
hp deskjet 5550 series (Remove only) --> C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=5550 -huninstall
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> MsiExec.exe /X{0A28C610-EE06-4A33-BB56-A2155B524916}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000413-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "c:\documents and settings\guus\bureaublad\catanweb chat\mirc32.exe" -uninstall
Mozaik Screen Saver --> C:\WINDOWS\Mozaik.scr /u
Mozilla Firefox (1.0) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0 (en-US)"
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\mtbs.exe c
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MySidesearch Search Assistant Adzgalore --> C:\WINDOWS\system32\myss_sb_uninstall.exe
MySidesearch Search Assistant Bfinding --> C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Norton AntiVirus 2004 Professional --> MsiExec.exe /X{C6B28661-7910-442E-ADDD-72EAA8395380}
Norton AntiVirus 2004 Professional (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6B28661-7910-442E-ADDD-72EAA8395380}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Note ID 2.7 --> C:\Kba_Music\unins000.exe
NoteWorthy Composer --> C:\PROGRA~1\NOTEWO~1\Uninstal.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PremierOpinion --> C:\windows\system32\pmropn.exe -bootremove -uninst:PremierOpinion
Qlock Lite --> "C:\Program Files\Qlock\uninstall.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
River Past Screen Recorder Pro --> C:\WINDOWS\Screen Recorder Pro Uninstaller.exe
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snelzoeker Pocketwoordenboeken Engels --> C:\WINDOWS\ISUN0413.EXE -f"C:\VanDale\Snelzoeker Pocketwoordenboeken Engels\Uninst.isu" -c"C:\VanDale\Snelzoeker Pocketwoordenboeken Engels\vdssetup.dll"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
TrackerV3 4.20 --> C:\Program Files\TrackerV3\Uninstall.exe
UltraMon --> MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update voor Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Uptown Engine --> C:\WINDOWS\system32\UpMedia\uninstallSE.exe
Vista Start Menu --> C:\Program Files\Vista Start Menu\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Wijnkelder 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C131DFD-428F-4D25-A8F4-9B52FCC39D1D}\setup.exe" -l0x13
Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
X Codec Pack --> C:\Program Files\X Codec Pack\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XNtrix Screen Saver --> C:\WINDOWS\XNtrix.scr /u
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type18183 / Error
Event Submitted/Written: 04/19/2008 04:33:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16640, vastgelopen module: mshtml.dll, versie: 7.0.6000.16640, vastgelopen op: 0x0006770e.
Verwerken van mediaspecifieke gebeurtenis voor [iexplore.exe!ws!]

Event Record #/Type18181 / Error
Event Submitted/Written: 04/19/2008 04:33:18 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Microsoft Office 2000 Premium -- Fout 1706. Kan geen geldige bron vinden voor product Microsoft Office 2000 Premium. Windows Installer kan niet worden voortgezet.

Event Record #/Type18180 / Warning
Event Submitted/Written: 04/19/2008 04:27:42 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
De detectie van product {00000413-78E1-11D2-B60F-006097C998E7}, functie HTMLSourceEditing is mislukt tijdens het aanvragen van onderdeel {9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}

Event Record #/Type18179 / Warning
Event Submitted/Written: 04/19/2008 04:27:41 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
De detectie van product {00000413-78E1-11D2-B60F-006097C998E7}, functie HTMLSourceEditing, onderdeel {64B865F1-3885-11D2-9A9F-006097C4E452} is mislukt. De bron C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\BLDWIZMG.DLL bestaat niet.

Event Record #/Type18170 / Error
Event Submitted/Written: 04/19/2008 04:20:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Vastgelopen toepassing: WINWORD.EXE, versie: 9.0.0.2823, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type47887 / Error
Event Submitted/Written: 04/19/2008 04:50:29 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
De volgende opstartstuurprogramma's zijn niet geladen:
AFD
AVG Anti-Spyware Driver
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
prodrv06
RasAcd
Rdbss
SASDIFSV
SASKUTIL
SAVRTPEL
SYMTDI
Tcpip

Event Record #/Type47886 / Error
Event Submitted/Written: 04/19/2008 04:50:29 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Event Record #/Type47885 / Error
Event Submitted/Written: 04/19/2008 04:50:29 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De TCP/IP NetBIOS Helper-service is afhankelijk van de Omgeving voor AFD-netwerkondersteuning-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Event Record #/Type47884 / Error
Event Submitted/Written: 04/19/2008 04:50:29 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Event Record #/Type47883 / Error
Event Submitted/Written: 04/19/2008 04:50:29 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De DHCP Client-service is afhankelijk van de NetBT-service, die vanwege de volgende fout niet kan worden gestart:
%%31

-- End of Deckard's System Scanner: finished at 2008-04-19 17:30:21 ------------

**smeenk** · 19-04-08, 18:42

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
RD /S /Q C:\WINDOWS\R3V1cw
RD /S /Q C:\PROGRA~1\TRENDM~1\HIJACK~1\backups
RD /S /Q C:\WINDOWS\system32\wTmp
RD /S /Q C:\WINDOWS\system32\le2
RD /S /Q C:\WINDOWS\system32\IBn
RD /S /Q C:\WINDOWS\system32\xcsDd18
RD /S /Q C:\!KillBox
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wGgjlnnn.ini2
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\LDPackage.dll
C:\WINDOWS\system32\pmxf.dll
C:\WINDOWS\system32\rokfxifj.dll
C:\WINDOWS\system32\khmitslp.dll
C:\WINDOWS\system32\pmph.dll
C:\!KillBox
C:\WINDOWS\system32\ssqPigEU.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\pmai.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jswnw64q.exe
C:\WINDOWS\system32\nnnljgGw.dll
C:\WINDOWS\system32\tcnttkdn.exe
C:\WINDOWS\system32\g63.exe
C:\WINDOWS\R3V1cw
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\wTmp
C:\WINDOWS\system32\le2
C:\WINDOWS\system32\IBn
C:\WINDOWS\system32\xcsDd18
C:\WINDOWS\system32\ssqOIArR.dll
C:\WINDOWS\system32\pmropn.exe
C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\cmcfg3.dll
C:\WINDOWS\system32\cpmsky-uninst.exe
C:\WINDOWS\system32\Pssetwinsyspios61.dat
C:\WINDOWS\system32\myss_sb.dll
C:\WINDOWS\system32\mysidesearch_sidebar.dll) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Herstart je computer en post ook een nieuw logje van Deckard's System Scanner

**Saara** · 19-04-08, 18:59

Beste Smeenk

is gebeurd

toen ik heropstartte kreeg ik volgende vensters:

- een SUPERAntiSpyware Update ballonetje (downloadde ik gisteren)

- Windows kan het volgende bestand niet openen:
Bestand: jswnw64q.exeNUCIA
Om dit bestand te kunnen openen, ...
Wat wilt u doen?
Het bijbehorende programma via het web opsporen
Het programma in een lijst selecteren

- Windows kan het volgende bestand niet openen.
Bestand: tcnttkdn.exeNUCIA

- Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\rokfixfj.dll
Kan opgegeven module niet vinden

- Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\khmitslp.dll
Kan opgegeven module niet vinden

Groetjes

log.txt:

Deleting files
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe deleted
C:\WINDOWS\system32\winpfz33.sys deleted
C:\WINDOWS\system32\wGgjlnnn.ini2 deleted
renamed to C:\WINDOWS\system32\silc_dll.dllNUCIA
C:\WINDOWS\system32\silc_dll.dll deleted
C:\WINDOWS\system32\model.dat deleted
C:\WINDOWS\system32\LDPackage.dll deleted
C:\WINDOWS\system32\pmxf.dll deleted
renamed to C:\WINDOWS\system32\rokfxifj.dllNUCIA
C:\WINDOWS\system32\rokfxifj.dll deleted
renamed to C:\WINDOWS\system32\khmitslp.dllNUCIA
C:\WINDOWS\system32\khmitslp.dll deleted
C:\WINDOWS\system32\pmph.dll deleted
C:\!KillBox not found
C:\WINDOWS\system32\ssqPigEU.dll deleted
C:\WINDOWS\system32\atmtd.dll deleted
renamed to C:\WINDOWS\system32\pmai.dllNUCIA
C:\WINDOWS\system32\pmai.dll deleted
C:\WINDOWS\system32\gside.exe deleted
renamed to C:\WINDOWS\system32\jswnw64q.exeNUCIA
C:\WINDOWS\system32\jswnw64q.exe deleted
C:\WINDOWS\system32\nnnljgGw.dll not deleted
renamed to C:\WINDOWS\system32\tcnttkdn.exeNUCIA
C:\WINDOWS\system32\tcnttkdn.exe deleted
C:\WINDOWS\system32\g63.exe deleted
C:\WINDOWS\R3V1cw not found
C:\WINDOWS\system32\rwwnw64d.exe deleted
C:\WINDOWS\system32\wTmp not found
C:\WINDOWS\system32\le2 not found
C:\WINDOWS\system32\IBn not found
C:\WINDOWS\system32\xcsDd18 not found
C:\WINDOWS\system32\ssqOIArR.dll not deleted
renamed to C:\WINDOWS\system32\pmropn.exeNUCIA
C:\WINDOWS\system32\pmropn.exe deleted
renamed to C:\WINDOWS\system32\pmls.dllNUCIA
C:\WINDOWS\system32\pmls.dll deleted
C:\WINDOWS\system32\myss_sb_uninstall.exe deleted
C:\WINDOWS\system32\cmcfg3.dll deleted
C:\WINDOWS\system32\cpmsky-uninst.exe deleted
C:\WINDOWS\system32\Pssetwinsyspios61.dat deleted
renamed to C:\WINDOWS\system32\myss_sb.dllNUCIA
C:\WINDOWS\system32\myss_sb.dll deleted
renamed to C:\WINDOWS\system32\mysidesearch_sidebar.dllNUCIA
C:\WINDOWS\system32\mysidesearch_sidebar.dll deleted

main.txt:

Deckard's System Scanner v20071014.68
Run by Guus on 2008-04-19 18:54:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.36 GiB (less than 15%) free.

-- HijackThis (run as Guus.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:57, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows NT\Bureau-accessoires\wordpad.exe
C:\Documents and Settings\Guus\Bureaublad\nucia laatst april 2008\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Guus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: gooochi browser optimizer - {25fb5b49-809a-280f-07bb-a611642a20b3} - C:\WINDOWS\system32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll (file missing)
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll (file missing)
O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll (file missing)
O2 - BHO: (no name) - {EA3EA461-D0A1-4DD1-A7C1-CA61A19584B7} - C:\WINDOWS\system32\nnnljgGw.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\ssqOIArR.dll
O2 - BHO: cpmsky browser optimizer - {fd60fddf-3531-e435-8281-c58e1a5395d8} - C:\WINDOWS\system32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{50-0A-A5-53-DW}] c:\windows\system32\jswnw64q.exe DWram
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Guus\lsass.exe
O4 - HKLM\..\Run: [PremierOpinion] c:\windows\system32\pmropn.exe -boot
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [e0450afc] rundll32.exe "C:\WINDOWS\system32\rokfxifj.dll",b
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcnttkdn.exe DWram
O4 - HKLM\..\Run: [BMe3763960] Rundll32.exe "C:\WINDOWS\system32\khmitslp.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: back to normal.lnk = ?
O4 - Startup: Deewoo.lnk = ?
O4 - Startup: DW_Start.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098994388031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll (file missing)
O20 - Winlogon Notify: ssqOIArR - C:\WINDOWS\SYSTEM32\ssqOIArR.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9574 bytes

-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 18:47:16 207734 --ahs---- C:\WINDOWS\system32\wGgjlnnn.ini2
2008-04-19 16:56:48 0 d-------- C:\RVAXO
2008-04-19 16:50:56 796146 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-19 16:50:56 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-19 03:52:00 0 d-------- C:\Documents and Settings\Guus\Application Data\Realtime Soft
2008-04-19 03:51:21 0 d-------- C:\Program Files\Common Files\Realtime Soft
2008-04-19 03:51:18 0 d-------- C:\Program Files\UltraMon
2008-04-19 03:51:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-04-19 03:29:46 0 d-------- C:\Program Files\DVDlabPro2
2008-04-19 01:58:12 237568 --a------ C:\WINDOWS\system32\SolarWinds.scr
2008-04-19 01:58:12 6094848 --a------ C:\WINDOWS\system32\Skyrocket.scr
2008-04-19 01:58:12 229376 --a------ C:\WINDOWS\system32\Plasma.scr
2008-04-19 01:58:12 1908736 --a------ C:\WINDOWS\system32\Lattice.scr
2008-04-19 01:58:11 532480 --a------ C:\WINDOWS\system32\Hyperspace.scr
2008-04-19 01:58:11 18009 --a------ C:\WINDOWS\system32\GPL
2008-04-19 01:58:11 245760 --a------ C:\WINDOWS\system32\Flux.scr
2008-04-19 01:58:11 249856 --a------ C:\WINDOWS\system32\Flocks.scr
2008-04-19 01:58:11 237568 --a------ C:\WINDOWS\system32\FieldLines.scr
2008-04-19 01:58:11 450560 --a------ C:\WINDOWS\system32\Euphoria.scr
2008-04-19 01:58:11 274432 --a------ C:\WINDOWS\system32\Cyclone.scr
2008-04-19 01:54:58 483328 --a------ C:\WINDOWS\system32\Helios.scr
2008-04-18 22:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-18 22:54:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-18 22:54:36 0 d-------- C:\Documents and Settings\Guus\Application Data\SUPERAntiSpyware.com
2008-04-18 22:38:08 0 d-------- C:\Documents and Settings\Guus\music
2008-04-18 21:42:09 274432 --a------ C:\WINDOWS\system32\nnnljgGw.dll
2008-04-18 21:40:56 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-18 21:39:50 0 d-------- C:\Program Files\Silent Lake Screensaver
2008-04-18 21:37:08 0 d-------- C:\Temp
2008-04-18 21:37:04 37888 --a------ C:\WINDOWS\system32\ssqOIArR.dll
2008-04-18 20:59:21 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-18 20:14:08 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-17 23:48:49 520192 --a------ C:\WINDOWS\system32\Holding Pattern Coach.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-04-17 23:48:49 0 d-------- C:\WINDOWS\system32\Holding Pattern Coach dir
2008-04-17 21:15:59 0 d------c- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-17 15:55:36 0 d---s---- C:\Program Files\FolderIcon
2008-04-17 15:36:14 0 d-------- C:\Program Files\GlobFX Technologies
2008-04-17 15:05:00 0 d-------- C:\Documents and Settings\Guus\Application Data\Vista Start Menu
2008-04-17 15:04:58 0 d-------- C:\Program Files\Vista Start Menu
2008-04-17 14:47:40 53248 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-04-17 14:47:37 0 d-------- C:\Program Files\IconCool Software
2008-04-17 14:42:00 94208 --a------ C:\WINDOWS\system32\HotFiles.dll <Not Verified; AirySoft; AirySoft SmartFileIcons Shell eXtension>
2008-04-05 14:29:28 0 d-------- C:\Program Files\Conduit
2008-04-04 19:02:10 0 d-------- C:\Documents and Settings\Guus\Application Data\Xfire
2008-04-04 19:02:00 0 d-------- C:\Program Files\Xfire
2008-04-04 18:27:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-03 21:02:46 0 d-------- C:\Program Files\Qlock
2008-04-02 14:53:19 0 d-------- C:\Program Files\Graphmatica

-- Find3M Report ---------------------------------------------------------------

2008-04-19 18:49:47 0 d-------- C:\Program Files\Common Files
2008-04-19 16:39:12 374 --a------ C:\Documents and Settings\Guus\Application Data\internaldb6334.dat
2008-04-19 16:24:47 555 --a------ C:\Documents and Settings\Guus\Application Data\internaldb8467.dat
2008-04-19 16:24:46 18432 --a------ C:\Documents and Settings\Guus\Application Data\internaldb41.dat
2008-04-19 01:15:53 0 d-------- C:\Documents and Settings\Guus\Application Data\Sun
2008-04-19 01:04:14 0 d-------- C:\Program Files\Java
2008-04-18 22:54:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 22:39:01 0 d-------- C:\Program Files\LimeWire
2008-04-18 22:28:43 0 d-------- C:\Documents and Settings\Guus\Application Data\Azureus
2008-04-18 11:21:09 0 d-------- C:\Documents and Settings\Guus\Application Data\ChessBase
2008-04-17 22:32:58 442004 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-17 22:32:58 69380 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-02 17:39:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-02 17:39:06 0 d-------- C:\Program Files\EASY COMPUTING
2008-02-06 19:21:56 233472 --a------ C:\WINDOWS\system32\nsvB.dll
2008-01-30 17:47:38 139264 --a------ C:\WINDOWS\MirarDownloader_876260.exe <Not Verified; Mirar; Mirar Downloader Setup>
2008-01-30 17:47:34 363980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25fb5b49-809a-280f-07bb-a611642a20b3}]
C:\WINDOWS\system32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
C:\WINDOWS\system32\myss_sb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9506910A-0F94-4ea1-B567-7070428B8B2B}]
C:\WINDOWS\system32\mysidesearch_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA3EA461-D0A1-4DD1-A7C1-CA61A19584B7}]
18/04/2008 21:42 274432 --a------ C:\WINDOWS\system32\nnnljgGw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
18/04/2008 21:37 37888 --a------ C:\WINDOWS\system32\ssqOIArR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd60fddf-3531-e435-8281-c58e1a5395d8}]
C:\WINDOWS\system32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [28/02/2005 17:46]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [17/08/2003 23:33]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [09/07/2001 12:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [08/06/2005 12:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22]
"nwiz"="nwiz.exe" [22/10/2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [10/12/2002 02:19]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 12:22]
"{50-0A-A5-53-DW}"="c:\windows\system32\jswnw64q.exe"

"LSA Shellu"="C:\Documents and Settings\Guus\lsass.exe"

"PremierOpinion"="c:\windows\system32\pmropn.exe"

"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [12/10/2006 21:27]
"e0450afc"="C:\WINDOWS\system32\rokfxifj.dll"

"ExploreUpdSched"="C:\WINDOWS\system32\tcnttkdn.exe"

"BMe3763960"="C:\WINDOWS\system32\khmitslp.dll"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:03]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [11/04/2008 18:51]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]

C:\Documents and Settings\Guus\Menu Start\Programma's\Opstarten\
back to normal.lnk - C:\Documents and Settings\Guus\Application Data\Realtime Soft\UltraMon\Profiles\back to normal.umprofile [19/04/2008 4:42:59]
Deewoo.lnk - C:\WINDOWS\system32\tcnttkdn.exeNUCIA [18/04/2008 21:37:22]
DW_Start.lnk - C:\WINDOWS\system32\jswnw64q.exeNUCIA [18/04/2008 22:30:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\ssqOIArR.dll [18/04/2008 21:37 37888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOIArR]
ssqOIArR.dll 18/04/2008 21:37 37888 C:\WINDOWS\system32\ssqOIArR.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\pmai.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnljgGw

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-04-19 18:55:39 ------------

**smeenk** · 19-04-08, 19:01

Dubbelklik del.bat nog maar een keer en post het nieuwe logje van del.bat

**Saara** · 19-04-08, 19:02

Misschien dat ik je ook best laat weten dat ik enkele dagen geleden,

niet enkel m'n geluidskaart vervangde (fx 5200 -> fx 6200),
maar ook een extra ROM-kaart, een USB2-kaart, een hardeschijf 80GB-kaart en een DVD-WR-driver liet plaatsen.

Hoop dat m'n pc dit alles en de 2 schermen aankan.

Vele groetjes, Saara

**Saara** · 19-04-08, 19:03

del.bat:

Deleting files
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe not found
C:\WINDOWS\system32\winpfz33.sys not found
C:\WINDOWS\system32\wGgjlnnn.ini2 deleted
C:\WINDOWS\system32\silc_dll.dll not found
C:\WINDOWS\system32\model.dat not found
C:\WINDOWS\system32\LDPackage.dll not found
C:\WINDOWS\system32\pmxf.dll not found
C:\WINDOWS\system32\rokfxifj.dll not found
C:\WINDOWS\system32\khmitslp.dll not found
C:\WINDOWS\system32\pmph.dll not found
C:\!KillBox not found
C:\WINDOWS\system32\ssqPigEU.dll not found
C:\WINDOWS\system32\atmtd.dll not found
C:\WINDOWS\system32\pmai.dll not found
C:\WINDOWS\system32\gside.exe not found
C:\WINDOWS\system32\jswnw64q.exe not found
C:\WINDOWS\system32\nnnljgGw.dll not deleted
C:\WINDOWS\system32\tcnttkdn.exe not found
C:\WINDOWS\system32\g63.exe not found
C:\WINDOWS\R3V1cw not found
C:\WINDOWS\system32\rwwnw64d.exe not found
C:\WINDOWS\system32\wTmp not found
C:\WINDOWS\system32\le2 not found
C:\WINDOWS\system32\IBn not found
C:\WINDOWS\system32\xcsDd18 not found
C:\WINDOWS\system32\ssqOIArR.dll not deleted
C:\WINDOWS\system32\pmropn.exe not found
C:\WINDOWS\system32\pmls.dll not found
C:\WINDOWS\system32\myss_sb_uninstall.exe not found
C:\WINDOWS\system32\cmcfg3.dll not found
C:\WINDOWS\system32\cpmsky-uninst.exe not found
C:\WINDOWS\system32\Pssetwinsyspios61.dat not found
C:\WINDOWS\system32\myss_sb.dll not found
C:\WINDOWS\system32\mysidesearch_sidebar.dll not found

**smeenk** · 19-04-08, 19:13

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\BMe3763960.txt
C:\WINDOWS\BMe3763960.xml
C:\WINDOWS\system32\wGgjlnnn.ini2
C:\WINDOWS\system32\wGgjlnnn.ini
C:\WINDOWS\system32\nnnljgGw.dll
C:\WINDOWS\system32\ssqOIArR.dll
C:\WINDOWS\system32\HotFiles.dll
C:\WINDOWS\system32\nsvB.dll
C:\WINDOWS\MirarDownloader_876260.exe
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Probeer del.bat eens in veilige modus.
Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Herstart je computer en post ook een nieuw logje van Hijackthis.

**Saara** · 19-04-08, 19:36

Beste Smeenk

Na heropstarten kreeg ik volgende vensters:

- Uitvoeren als
Met welke gebruikersaccount wilt u dit programma uitvoeren?
Huidige gebruiker (Home..)
Deze gebruiker

- RUNDLL
Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\khmitslp.dll
Kn opgegeven module niet vinden

- RUNDLL
Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\rokfixfj.dll
Kn opgegeven module niet vinden

log.txt:

Deleting files
C:\WINDOWS\BMe3763960.txt deleted
C:\WINDOWS\BMe3763960.xml deleted
C:\WINDOWS\system32\wGgjlnnn.ini2 deleted
C:\WINDOWS\system32\wGgjlnnn.ini deleted
C:\WINDOWS\system32\nnnljgGw.dll not deleted
C:\WINDOWS\system32\ssqOIArR.dll not deleted
C:\WINDOWS\system32\HotFiles.dll deleted
C:\WINDOWS\system32\nsvB.dll deleted
C:\WINDOWS\MirarDownloader_876260.exe deleted
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe deleted

na heropstart wou ik hijackthis uitvoeren, maar wist niet zeker wat ik hiervoor moest openen, heb runMe.cmd gedaan, hopelijk de juiste:

---RVAXO.exe Updated: 2008-04-19---first run---
Uninstallers:

Files found:
C:\WINDOWS\BMe3763960.xml
C:\WINDOWS\BMe3763960.txt
C:\WINDOWS\system32\wGgjlnnn.ini2
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\System32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll
C:\WINDOWS\System32\{8f763f05-f654-e070-eef7-39ba6eb1ca60}.dll-uninst.exe
C:\WINDOWS\System32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll
C:\WINDOWS\System32\{94f4b153-7c3e-b693-d343-df8ee4c1e4aa}.dll-uninst.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\WinNB58.dll
C:\Documents and Settings\Guus\lsass.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\Prefetch\MROFINU1000106.EXE-32DF0342.pf
C:\WINDOWS\Prefetch\MROFINU1188.EXE-2D6F2449.pf
C:\WINDOWS\system32\pac.txt

Folders Found:
C:\Program Files\Adzgalore Games Collection
C:\WINDOWS\system32\UpMedia
C:\Temp\1cb

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\zxdnt3d.cfg

--------------RVAXO.exe finished----------------

**smeenk** · 19-04-08, 19:42

Je hebt RVAXO opnieuw uitgevoerd, deze mag je wel verwijderen, dit doe je door de map RVAXO op je bureaublad te openen en Uninstall.cmd te dubbelklikken.

Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
Unzip het.
Start het programma door op avenger.exe te klikken.
In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\system32\wGgjlnnn.ini2
C:\WINDOWS\system32\wGgjlnnn.ini
C:\WINDOWS\system32\nnnljgGw.dll
C:\WINDOWS\system32\ssqOIArR.dll

Klik daarna op de knop "Execute".
Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

Als Avenger een foutmelding geeft, gewoon opnieuw proberen.
Post als het gelukt is, ook een nieuw logje van Hijackthis

**Saara** · 19-04-08, 20:08

Hallo!

volgende vensters kwamen na heropstart:

- RUNDLL
Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\khmitslp.dll
Kn opgegeven module niet vinden

- RUNDLL
Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\rokfixfj.dll
Kn opgegeven module niet vinden

Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\pskt.ini" deleted successfully.
File "C:\WINDOWS\system32\zxdnt3d.cfg" deleted successfully.
File "C:\WINDOWS\system32\wGgjlnnn.ini2" deleted successfully.
File "C:\WINDOWS\system32\wGgjlnnn.ini" deleted successfully.
File "C:\WINDOWS\system32\nnnljgGw.dll" deleted successfully.
File "C:\WINDOWS\system32\ssqOIArR.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ik denk niet dat ik hijackthis heb?

toen ik het probeerde downloaden, kreeg ik opnieuw:

http://www.trendsecure.com/portal/en...error_page/404

vele groetjes, Saara

Mededeling

nieuwe videokaart vertraagt alles

nieuwe videokaart vertraagt alles

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment