Mededeling

Collapse
No announcement yet.

virus in besturingsgeheugen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus in besturingsgeheugen

    Hallo,

    gisteren kreeg ik op mijn pc plots meldingen van avast dat er een virus gevonden was. Ik verplaatste dit naar de kluis maar bleef meldingen krijgen. Wanneer ik een antivirusscan wou uitvoeren kreeg ik tijdens de geheugencontrole een venster met daarin iets over een virus in het besturingsgeheugen en de vraag of ik opnieuw wou opstarten zodat avast dit kon zoeken voor windows zou worden opgestart.
    Ik heb dit gedaan en hij vond twee virussen welke ik verwijderd heb. Daarna startte windows op maar rechts onderaan verscheen een vakje over een inkomend bericht van een virus dat gedetecteerd was. Vanaf dan kon ik niets meer doen, ook geen ALT+CTRL+DEL. Heb dn pc herstart in veilige modus maar wanneer ik dan een virusscan wou doen kreeg ik weer die melding over een virus in het besturingsgeheugen en of ik wou herstarten. Opnieuw herstart, weer twee virussen verwijderd. Nu starte windows wel normaal maar kreeg ik weer enekel virusmeldingen.
    Heb dan een hijackthis logje gemaakt en vlak daarna liep ie weer vast.

    Ik werk nu ff vanop andere pc. Hieronder vindt u mijn log.
    Ik hoop dat iemand mij kan helpen, heb de pc dringend terug nodig.

    Alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:17:06, on 21/04/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\PnkBstrA.exe
    C:\WINDOWS\System32\PnkBstrB.exe
    C:\Program Files\SCIA\keygen\Lmgrd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SCIA\keygen\SCIA.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
    C:\WINDOWS\System32\HotfixQ0306270.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
    O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
    O4 - HKLM\..\Run: [eyt] C:\DOCUME~1\sven\LOCALS~1\Temp\eyt.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [advap32] "C:\Documents and Settings\sven\Bureaublad\.//..//win.exe" /r
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
    O23 - Service: SCIA - Macrovision Corporation - C:\Program Files\SCIA\keygen\Lmgrd.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 7512 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.

    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Dit zijn de logfiles van RVAXO en DSS


      ---RVAXO.exe Updated: 2008-04-21---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\WLCtrl32.dll

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------






      Deckard's System Scanner v20071014.68
      Run by sven on 2008-04-21 13:47:55
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 3 Restore Point(s) --
      3: 2008-04-21 11:47:59 UTC - RP139 - Deckard's System Scanner Restore Point
      2: 2008-04-21 09:00:58 UTC - RP138 - Controlepunt van systeem
      1: 2008-04-21 07:33:34 UTC - RP137 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as sven.exe) ------------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:49:05, on 21/04/2008
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\System32\PnkBstrA.exe
      C:\WINDOWS\System32\PnkBstrB.exe
      C:\Program Files\SCIA\keygen\Lmgrd.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\SCIA\keygen\SCIA.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
      C:\WINDOWS\System32\HotfixQ0306270.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Documents and Settings\sven\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\sven.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
      O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
      O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
      O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
      O23 - Service: SCIA - Macrovision Corporation - C:\Program Files\SCIA\keygen\Lmgrd.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

      --
      End of file - 7258 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20070827-152403-472 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      backup-20070827-152403-693 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abonem.com
      backup-20070827-152403-737 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      backup-20070827-152403-775 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abonem.com

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
      R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
      R3 PLFF (USB Flash Disk Driver) - c:\windows\system32\drivers\plff.sys <Not Verified; Prolific Technology Inc.; Prolific Flash Disk>
      R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

      S0 Bhn52 - c:\windows\system32\drivers\bhn52.sys (file missing)
      S0 Djp52 - c:\windows\system32\drivers\djp52.sys (file missing)
      S0 Hot63 - c:\windows\system32\drivers\hot63.sys (file missing)
      S0 Jpv85 - c:\windows\system32\drivers\jpv85.sys (file missing)
      S0 Nta51 - c:\windows\system32\drivers\nta51.sys (file missing)
      S0 Pvc28 - c:\windows\system32\drivers\pvc28.sys (file missing)
      S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
      S2 s264545.sys - c:\windows\system32\s264545.sys (file missing)
      S3 Nsy38 - c:\windows\system32\drivers\nsy38.sys
      S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
      R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
      R2 SCIA - c:\program files\scia\keygen\lmgrd.exe <Not Verified; Macrovision Corporation; >


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
      Description: NVIDIA nForce MCP Networking Controller
      Device ID: PCI\VEN_10DE&DEV_00D6&SUBSYS_80A71043&REV_A5\3&267A616A&0&28
      Manufacturer: Nvidia
      Name: NVIDIA nForce MCP Networking Controller
      PNP Device ID: PCI\VEN_10DE&DEV_00D6&SUBSYS_80A71043&REV_A5\3&267A616A&0&28
      Service: NVENET


      -- Files created between 2008-03-21 and 2008-04-21 -----------------------------

      2008-04-21 13:44:40 0 d-------- C:\RVAXO
      2008-04-21 12:04:53 0 --a------ C:\WINDOWS\System32\drivers\Bhn40.sys
      2008-04-19 18:54:55 11776 --a------ C:\Documents and Settings\sven\win.exe
      2008-04-10 18:37:32 85504 --a------ C:\noname.exe
      2008-04-03 11:54:03 83968 --a------ C:\Program Files\Gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
      2008-04-03 11:54:03 49152 --a------ C:\Program Files\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
      2008-04-03 11:54:02 24576 --a------ C:\Program Files\Optcom.exe <Not Verified; LINDO Systems Inc.; OptCom>
      2008-04-03 11:54:02 2482176 --a------ C:\Program Files\Lindow32.exe <Not Verified; LINDO Systems Inc; LINDO for Windows>
      2008-04-03 11:54:02 122880 --a------ C:\Program Files\Lindoreg.dll
      2008-04-03 11:54:02 69632 --a------ C:\Program Files\Lindolm.dll
      2008-04-03 11:54:02 147456 --a------ C:\Program Files\Lindoau.dll <Not Verified; ; AutoUpdate Dynamic Link Library>
      2008-04-03 11:54:02 302592 --a------ C:\Program Files\Gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
      2008-04-03 11:54:02 392192 --a------ C:\Program Files\Gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
      2008-04-03 11:54:01 0 d-------- C:\Program Files\Shell
      2008-04-03 11:54:01 0 d-------- C:\Program Files\Samples
      2008-04-03 11:54:01 0 d-------- C:\Program Files\Dll32
      2008-04-03 11:54:01 0 d-------- C:\Program Files\Delkeys
      2008-04-03 11:53:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
      2008-03-31 10:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
      2008-03-29 22:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-03-29 22:58:16 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
      2008-03-27 21:43:38 49152 --a------ C:\WINDOWS\System32\SNTI386.DLL
      2008-03-27 21:43:38 17920 --a------ C:\WINDOWS\System32\RNBOVDD.DLL
      2008-03-27 21:43:38 73216 --a------ C:\WINDOWS\System32\drivers\SENTINEL.SYS
      2008-03-27 21:43:37 0 d-------- C:\WINDOWS\System32\RNBOSENT
      2008-03-27 21:42:08 0 d-------- C:\GPS-X4
      2008-03-21 18:28:43 0 d-------- C:\Documents and Settings\sven\Application Data\Motive


      -- Find3M Report ---------------------------------------------------------------

      2008-04-21 13:31:02 798228 --a------ C:\WINDOWS\System32\RVAXO.bat
      2008-04-14 19:36:45 0 d-------- C:\Documents and Settings\sven\Application Data\LimeWire
      2008-04-10 18:35:03 5699 --a------ C:\noname.cmd
      2008-04-09 18:05:07 37336 --ah----- C:\Program Files\LINDO.GID
      2008-04-05 10:38:58 0 d-------- C:\Documents and Settings\sven\Application Data\Sonic
      2008-04-04 21:56:47 0 d-------- C:\Program Files\WarRock
      2008-04-03 11:54:15 9257 --a------ C:\Program Files\DeIsL1.isu
      2008-04-03 11:54:03 147 --a------ C:\Program Files\_DEISREG.ISR
      2008-03-31 10:23:16 0 d-------- C:\Documents and Settings\sven\Application Data\Adobe
      2008-03-31 10:18:48 0 d-------- C:\Program Files\Common Files\Adobe
      2008-03-30 10:33:32 443522 --a------ C:\WINDOWS\System32\perfh013.dat
      2008-03-30 10:33:32 70312 --a------ C:\WINDOWS\System32\perfc013.dat
      2008-03-29 18:19:00 83616 --a------ C:\Documents and Settings\sven\Application Data\GDIPFONTCACHEV1.DAT
      2008-03-20 16:17:22 0 d-------- C:\Program Files\MSECache
      2008-03-07 12:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-03-07 12:07:31 0 d-------- C:\Program Files\EASEUS
      2008-03-06 13:45:23 0 d-------- C:\Program Files\LimeWire
      2008-02-25 15:01:55 0 d-------- C:\Documents and Settings\sven\Application Data\Microgaming
      2008-02-24 23:19:35 3688 --a------ C:\WINDOWS\System32\d3d9caps.dat


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
      "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 08:07]
      "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 03:58]
      "KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 21:02]
      "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 09:01]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42]
      "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [19/08/2003 03:56]
      "nwiz"="nwiz.exe" [19/08/2003 03:56 C:\WINDOWS\system32\nwiz.exe]
      "VTTimer"="VTTimer.exe"
      "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
      "AdslTaskBar"="stmctrl.dll" [28/04/2003 21:55 C:\WINDOWS\system32\stmctrl.dll]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/11/2003 21:00]
      "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [14/08/2003 20:11]
      "PS2"="C:\WINDOWS\system32\ps2.exe" [16/10/2002 17:57]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
      "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/11/2004 13:23]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
      "CORSAIR_PLUtil"="C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [11/11/2004 18:37]
      "PLFFAP"="C:\WINDOWS\System32\HotfixQ0306270.exe" [05/08/2003 10:43]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NVIEW"="nview.dll,nViewLoadHook"
      "Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [01/01/2003 13:55]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhm62.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn40.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn52.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Djp52.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gns84.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hot63.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpv85.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsy38.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nta51.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oub52.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pvc28.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbg84.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
      backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
      backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
      C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
      c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
      c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
      "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
      c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
      "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      "C:\Program Files\Messenger\msmsgs.exe" /background




      -- End of Deckard's System Scanner: finished at 2008-04-21 13:49:42 ------------







      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Home Edition (build 2600) SP 1.0
      Architecture: X86; Language: Dutch

      CPU 0: AMD Athlon(tm) 64 Processor 3000+
      Percentage of Memory in Use: 55%
      Physical Memory (total/avail): 511.3 MiB / 225.21 MiB
      Pagefile Memory (total/avail): 1250.9 MiB / 999.88 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1949.65 MiB

      A: is Removable (No Media)
      C: is Fixed (NTFS) - 144.52 GiB total, 107.4 GiB free.
      D: is Fixed (FAT32) - 4.51 GiB total, 0.78 GiB free.
      E: is CDROM (No Media)
      F: is CDROM (No Media)
      G: is Removable (No Media)
      H: is Removable (No Media)
      I: is Removable (No Media)
      J: is Removable (No Media)
      K: is Removable (FAT)

      \\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
      \PARTITION0 - Unknown - 4.52 GiB - D:
      \PARTITION1 (bootable) - Installable File System - 144.52 GiB - C:

      \\.\PHYSICALDRIVE3 -

      \\.\PHYSICALDRIVE5 -

      \\.\PHYSICALDRIVE2 -

      \\.\PHYSICALDRIVE4 -

      \\.\PHYSICALDRIVE1 - - 1921.84 MiB - 1 partition
      \PARTITION0 - 16-bits FAT - 1928 MiB - K:



      -- Security Center -------------------------------------------------------------

      AUOptions is disabled.
      AUState says computer has updates disabled.


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\sven\Application Data
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=BOVEN
      ComSpec=C:\WINDOWS\system32\cmd.exe
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\sven
      LOGONSERVER=\\BOVEN
      NUMBER_OF_PROCESSORS=1
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
      PROCESSOR_LEVEL=15
      PROCESSOR_REVISION=0408
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\sven\LOCALS~1\Temp
      TMP=C:\DOCUME~1\sven\LOCALS~1\Temp
      USERDOMAIN=BOVEN
      USERNAME=sven
      USERPROFILE=C:\Documents and Settings\sven
      windir=C:\WINDOWS


      -- User Profiles ---------------------------------------------------------------

      Eigenaar (admin)
      sven (admin)


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
      --> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
      --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
      Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E}
      Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN0413.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
      Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
      ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x13
      ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
      ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
      µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
      Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
      avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
      BeWAN ADSL modem --> rundll32.exe stmcfg32.dll,Uninstall
      BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
      Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
      Corsair Flash Voyager Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41FC7856-55A1-41A6-94B1-15A1E3C050B8}\Setup.exe" -l0x9
      DIR2HTML (remove only) --> "C:\Program Files\DIR2HTML\uninstal.exe"
      DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
      DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      EASEUS Deleted File Recovery 2.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{865A8951-8D9A-46CB-84A2-3D67BA38B923}\setup.exe" -l0x9 -removeonly
      Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
      Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
      HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      HotFix Q0306270 -->
      Hotfix voor DirectX - KB825116 --> C:\WINDOWS\$NtUninstallKB825116$\spuninst\spuninst.exe
      HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
      HP foto- en beeldbewerking 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
      HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
      HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
      HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
      HPIZ311 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
      Hydromantis GPS-X 4.0 --> C:\WINDOWS\IsUninst.exe -fC:\GPS-X4\Uninst.isu
      Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
      Internet Explorer Q828750 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q828750.inf
      InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
      Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
      Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
      Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
      Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
      KBD --> C:\HP\KBD\KBD.EXE uninstalled
      Lexmark 7100 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxbxUNST.EXE -NOLICENSE
      LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
      LINDO 6.1 --> C:\WINDOWS\uninst.exe -f"c:\program files\DeIsL1.isu" -c"c:\program files\_ISREG32.DLL"
      MAGIX music maker 11 e-version (US) --> C:\MAGIX\mm11_e-version\instslct.exe
      Mechanical Desktop 2005 --> MsiExec.exe /I{5783F2D7-0313-0409-0002-0060B0CE6BBA}
      Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
      Microsoft Office XP Professional --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0050048383C9}
      Microsoft Visio Professional 2002 SR-1 [NLD] --> MsiExec.exe /I{90510413-6D54-11D4-BEE3-00C04F990354}
      Microsoft Word 2002 --> MsiExec.exe /I{911B0413-6000-11D3-8CFE-0050048383C9}
      Microsoft Works 7.0 --> MsiExec.exe /I{A29D0501-02A2-48DD-BC1B-09B27406FE9B}
      Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
      Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
      Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
      NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
      Noble Poker --> "C:\Poker\Noble Poker\_SetupPoker.exe" /uninstall
      Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
      NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
      NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
      Outlook Express Update Q330994 --> C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
      Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
      PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
      PunkBuster Services --> C:\WINDOWS\System32\pbsvc.exe -u
      Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
      Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
      RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      SCIA ESA PT --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54556F60-1B2C-4A3E-A486-32A633039212} /l1043
      Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
      Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
      Soulseek Client 152 --> C:\WINDOWS\UnGins.exe "C:\Program Files\Soulseek\install.log"
      Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      SubSync --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SubSync\ST6UNST.LOG"
      Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
      Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
      TypeFaster Typing Tutor --> "C:\Program Files\TypeFaster\uninstall.exe"
      Unibet Poker --> C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\UNWISE.EXE C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\INSTALL.LOG
      Unreal Tournament 2004 Demo --> C:\UT2004Demo\System\Setup.exe uninstall "UT2004-Demo"
      WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
      WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
      WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type5740 / Error
      Event Submitted/Written: 04/21/2008 01:41:14 PM
      Event ID/Source: 8193 / VSS
      Event Description:
      Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.

      Event Record #/Type5739 / Error
      Event Submitted/Written: 04/21/2008 01:41:14 PM
      Event ID/Source: 4609 / EventSystem
      Event Description:
      Het COM+-gebeurtenissysteem heeft bij de interne verwerking een ongeldige resultaatcode gevonden. HRESULT is 8007043C voor regel 44 van d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Neem contact op met Microsoft Productondersteuning om dit te melden.

      Event Record #/Type5737 / Error
      Event Submitted/Written: 04/21/2008 00:06:48 PM
      Event ID/Source: 8193 / VSS
      Event Description:
      Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.

      Event Record #/Type5736 / Error
      Event Submitted/Written: 04/21/2008 00:06:48 PM
      Event ID/Source: 4609 / EventSystem
      Event Description:
      Het COM+-gebeurtenissysteem heeft bij de interne verwerking een ongeldige resultaatcode gevonden. HRESULT is 8007043C voor regel 44 van d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Neem contact op met Microsoft Productondersteuning om dit te melden.

      Event Record #/Type5732 / Error
      Event Submitted/Written: 04/21/2008 09:29:45 AM
      Event ID/Source: 8193 / VSS
      Event Description:
      Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type62677 / Error
      Event Submitted/Written: 04/21/2008 01:46:05 PM
      Event ID/Source: 7000 / Service Control Manager
      Event Description:
      De DS1410D-service kan vanwege de volgende fout niet worden gestart:
      %%2

      Event Record #/Type62674 / Error
      Event Submitted/Written: 04/21/2008 01:42:44 PM
      Event ID/Source: 7026 / Service Control Manager
      Event Description:
      De volgende opstartstuurprogramma's zijn niet geladen:
      Aavmker4
      aswSP
      aswTdi
      Fips
      IPSec
      MRxSmb
      NetBIOS
      NetBT
      Processor
      RasAcd
      Rdbss
      Tcpip

      Event Record #/Type62673 / Error
      Event Submitted/Written: 04/21/2008 01:42:44 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service, die vanwege de volgende fout niet kan worden gestart:
      %%31

      Event Record #/Type62672 / Error
      Event Submitted/Written: 04/21/2008 01:42:44 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart:
      %%31

      Event Record #/Type62671 / Error
      Event Submitted/Written: 04/21/2008 01:42:44 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De DHCP Client-service is afhankelijk van de NetBT-service, die vanwege de volgende fout niet kan worden gestart:
      %%31



      -- End of Deckard's System Scanner: finished at 2008-04-21 13:49:42 ------------

      Comment


      • #4
        Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
        Unzip het.
        Start het programma door op avenger.exe te klikken.
        In het venster "Input Script here", plak je het volgende (vetgedrukte):


        Files to delete:
        C:\WINDOWS\system32\WLCtrl32.dll
        C:\WINDOWS\System32\drivers\Bhn40.sys
        C:\Documents and Settings\sven\win.exe
        C:\noname.exe


        Klik daarna op de knop "Execute".
        Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
        Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

        Post ook een nieuw logje van Deckard's System Scanner

        Comment


        • #5
          Na het uitvoeren van avenger en het herstarten kreeg ik wel een boodschap over een of andere driver die niet kon worden gevonden. Ik hoop dat dit normaal is? Hieronder vindt u de logfiles.



          Logfile of The Avenger Version 2.0, (c) by Swandog46
          http://swandog46.geekstogo.com

          Platform: Windows XP

          *******************

          Script file opened successfully.
          Script file read successfully.

          Backups directory opened successfully at C:\Avenger

          *******************

          Beginning to process script file:

          Rootkit scan active.
          No rootkits found!


          Error: file "C:\WINDOWS\system32\WLCtrl32.dll" not found!
          Deletion of file "C:\WINDOWS\system32\WLCtrl32.dll" failed!
          Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
          --> the object does not exist


          Error: file "C:\WINDOWS\System32\drivers\Bhn40.sys" not found!
          Deletion of file "C:\WINDOWS\System32\drivers\Bhn40.sys" failed!
          Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
          --> the object does not exist

          File "C:\Documents and Settings\sven\win.exe" deleted successfully.
          File "C:\noname.exe" deleted successfully.

          Completed script processing.

          *******************

          Finished! Terminate.








          Deckard's System Scanner v20071014.68
          Run by sven on 2008-04-21 19:47:38
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------



          -- HijackThis (run as sven.exe) ------------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:47:44, on 21/04/2008
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\WINDOWS\system32\IoctlSvc.exe
          C:\WINDOWS\System32\PnkBstrA.exe
          C:\WINDOWS\System32\PnkBstrB.exe
          C:\Program Files\SCIA\keygen\Lmgrd.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\SCIA\keygen\SCIA.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\windows\system\hpsysdrv.exe
          C:\WINDOWS\System32\hphmon05.exe
          C:\HP\KBD\KBD.EXE
          C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\Multimedia Card Reader\shwicon2k.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
          C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
          C:\WINDOWS\System32\HotfixQ0306270.exe
          C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
          C:\Documents and Settings\sven\Bureaublad\dss.exe
          C:\PROGRA~1\TRENDM~1\HIJACK~1\sven.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
          O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
          O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
          O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
          O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
          O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
          O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
          O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
          O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
          O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
          O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
          O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
          O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
          O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
          O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
          O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
          O23 - Service: SCIA - Macrovision Corporation - C:\Program Files\SCIA\keygen\Lmgrd.exe
          O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

          --
          End of file - 7258 bytes

          -- Files created between 2008-03-21 and 2008-04-21 -----------------------------

          2008-04-21 13:44:40 0 d-------- C:\RVAXO
          2008-04-03 11:54:03 83968 --a------ C:\Program Files\Gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
          2008-04-03 11:54:03 49152 --a------ C:\Program Files\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
          2008-04-03 11:54:02 24576 --a------ C:\Program Files\Optcom.exe <Not Verified; LINDO Systems Inc.; OptCom>
          2008-04-03 11:54:02 2482176 --a------ C:\Program Files\Lindow32.exe <Not Verified; LINDO Systems Inc; LINDO for Windows>
          2008-04-03 11:54:02 122880 --a------ C:\Program Files\Lindoreg.dll
          2008-04-03 11:54:02 69632 --a------ C:\Program Files\Lindolm.dll
          2008-04-03 11:54:02 147456 --a------ C:\Program Files\Lindoau.dll <Not Verified; ; AutoUpdate Dynamic Link Library>
          2008-04-03 11:54:02 302592 --a------ C:\Program Files\Gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
          2008-04-03 11:54:02 392192 --a------ C:\Program Files\Gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
          2008-04-03 11:54:01 0 d-------- C:\Program Files\Shell
          2008-04-03 11:54:01 0 d-------- C:\Program Files\Samples
          2008-04-03 11:54:01 0 d-------- C:\Program Files\Dll32
          2008-04-03 11:54:01 0 d-------- C:\Program Files\Delkeys
          2008-04-03 11:53:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
          2008-03-31 10:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
          2008-03-29 22:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
          2008-03-29 22:58:16 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
          2008-03-27 21:43:38 49152 --a------ C:\WINDOWS\System32\SNTI386.DLL
          2008-03-27 21:43:38 17920 --a------ C:\WINDOWS\System32\RNBOVDD.DLL
          2008-03-27 21:43:38 73216 --a------ C:\WINDOWS\System32\drivers\SENTINEL.SYS
          2008-03-27 21:43:37 0 d-------- C:\WINDOWS\System32\RNBOSENT
          2008-03-27 21:42:08 0 d-------- C:\GPS-X4
          2008-03-21 18:28:43 0 d-------- C:\Documents and Settings\sven\Application Data\Motive


          -- Find3M Report ---------------------------------------------------------------

          2008-04-21 13:31:02 798228 --a------ C:\WINDOWS\System32\RVAXO.bat
          2008-04-14 19:36:45 0 d-------- C:\Documents and Settings\sven\Application Data\LimeWire
          2008-04-10 18:35:03 5699 --a------ C:\noname.cmd
          2008-04-09 18:05:07 37336 --ah----- C:\Program Files\LINDO.GID
          2008-04-05 10:38:58 0 d-------- C:\Documents and Settings\sven\Application Data\Sonic
          2008-04-04 21:56:47 0 d-------- C:\Program Files\WarRock
          2008-04-03 11:54:15 9257 --a------ C:\Program Files\DeIsL1.isu
          2008-04-03 11:54:03 147 --a------ C:\Program Files\_DEISREG.ISR
          2008-03-31 10:23:16 0 d-------- C:\Documents and Settings\sven\Application Data\Adobe
          2008-03-31 10:18:48 0 d-------- C:\Program Files\Common Files\Adobe
          2008-03-30 10:33:32 443522 --a------ C:\WINDOWS\System32\perfh013.dat
          2008-03-30 10:33:32 70312 --a------ C:\WINDOWS\System32\perfc013.dat
          2008-03-29 18:19:00 83616 --a------ C:\Documents and Settings\sven\Application Data\GDIPFONTCACHEV1.DAT
          2008-03-20 16:17:22 0 d-------- C:\Program Files\MSECache
          2008-03-07 12:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
          2008-03-07 12:07:31 0 d-------- C:\Program Files\EASEUS
          2008-03-06 13:45:23 0 d-------- C:\Program Files\LimeWire
          2008-02-25 15:01:55 0 d-------- C:\Documents and Settings\sven\Application Data\Microgaming
          2008-02-24 23:19:35 3688 --a------ C:\WINDOWS\System32\d3d9caps.dat


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
          "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 08:07]
          "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 03:58]
          "KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 21:02]
          "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 09:01]
          "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42]
          "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [19/08/2003 03:56]
          "nwiz"="nwiz.exe" [19/08/2003 03:56 C:\WINDOWS\system32\nwiz.exe]
          "VTTimer"="VTTimer.exe"
          "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
          "AdslTaskBar"="stmctrl.dll" [28/04/2003 21:55 C:\WINDOWS\system32\stmctrl.dll]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/11/2003 21:00]
          "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [14/08/2003 20:11]
          "PS2"="C:\WINDOWS\system32\ps2.exe" [16/10/2002 17:57]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
          "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/11/2004 13:23]
          "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
          "CORSAIR_PLUtil"="C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [11/11/2004 18:37]
          "PLFFAP"="C:\WINDOWS\System32\HotfixQ0306270.exe" [05/08/2003 10:43]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NVIEW"="nview.dll,nViewLoadHook"
          "Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [01/01/2003 13:55]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhm62.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn40.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn52.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Djp52.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gns84.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hot63.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpv85.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsy38.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nta51.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oub52.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pvc28.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbg84.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
          backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
          backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
          C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
          c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
          c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
          "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
          c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
          "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
          "C:\Program Files\Messenger\msmsgs.exe" /background




          -- End of Deckard's System Scanner: finished at 2008-04-21 19:48:04 ------------

          Comment


          • #6
            1) Open een kladblokbestand.
            2) Kopieer onderstaande code in dit kladblokbestand.
            3) Ga naar Bestand - Opslaan als.
            -Bij "Opslaan in" kies je: Bureaublad
            -Bij "Bestandsnaam" zet je: fix.reg
            -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            -Klik op de knop Opslaan.
            Code:
            REGEDIT4
            
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhm62.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn40.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn52.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Djp52.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gns84.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hot63.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpv85.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsy38.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nta51.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oub52.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pvc28.sys]
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbg84.sys]
            4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.


            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            Bhn52
            SC DELETE Djp52
            SC DELETE Hot63
            SC DELETE Jpv85
            SC DELETE Nta51
            SC DELETE Pvc28
            SC DELETE DS1410D
            SC DELETE s264545.sys
            SC DELETE Nsy38
            SC DELETE Sunkfiltp

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post een nieuw logje van Deckard's System Scanner.
            Groeten smeenk

            Comment


            • #7
              Deckard's System Scanner v20071014.68
              Run by sven on 2008-04-22 08:06:47
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------



              -- HijackThis (run as sven.exe) ------------------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 8:06:54, on 22/04/2008
              Platform: Windows XP SP1 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\System32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              C:\Program Files\Alwil Software\Avast4\ashServ.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\WINDOWS\system32\IoctlSvc.exe
              C:\WINDOWS\System32\PnkBstrA.exe
              C:\WINDOWS\System32\PnkBstrB.exe
              C:\Program Files\SCIA\keygen\Lmgrd.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\SCIA\keygen\SCIA.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              C:\windows\system\hpsysdrv.exe
              C:\WINDOWS\System32\hphmon05.exe
              C:\HP\KBD\KBD.EXE
              C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              C:\Program Files\Multimedia Card Reader\shwicon2k.exe
              C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
              C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
              C:\WINDOWS\System32\HotfixQ0306270.exe
              C:\WINDOWS\System32\CMMON32.EXE
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
              C:\Documents and Settings\sven\Bureaublad\dss.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\sven.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
              O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
              O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
              O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
              O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
              O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
              O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
              O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
              O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
              O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
              O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
              O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
              O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
              O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
              O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
              O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{0378ED68-4066-45A0-A3E7-937BECEBDB58}: NameServer = 193.190.198.2 193.190.198.2
              O17 - HKLM\System\CS1\Services\Tcpip\..\{0378ED68-4066-45A0-A3E7-937BECEBDB58}: NameServer = 193.190.198.2 193.190.198.2
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
              O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
              O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
              O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
              O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
              O23 - Service: SCIA - Macrovision Corporation - C:\Program Files\SCIA\keygen\Lmgrd.exe
              O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

              --
              End of file - 7439 bytes

              -- Files created between 2008-03-22 and 2008-04-22 -----------------------------

              2008-04-21 13:44:40 0 d-------- C:\RVAXO
              2008-04-03 11:54:03 83968 --a------ C:\Program Files\Gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
              2008-04-03 11:54:03 49152 --a------ C:\Program Files\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
              2008-04-03 11:54:02 24576 --a------ C:\Program Files\Optcom.exe <Not Verified; LINDO Systems Inc.; OptCom>
              2008-04-03 11:54:02 2482176 --a------ C:\Program Files\Lindow32.exe <Not Verified; LINDO Systems Inc; LINDO for Windows>
              2008-04-03 11:54:02 122880 --a------ C:\Program Files\Lindoreg.dll
              2008-04-03 11:54:02 69632 --a------ C:\Program Files\Lindolm.dll
              2008-04-03 11:54:02 147456 --a------ C:\Program Files\Lindoau.dll <Not Verified; ; AutoUpdate Dynamic Link Library>
              2008-04-03 11:54:02 302592 --a------ C:\Program Files\Gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
              2008-04-03 11:54:02 392192 --a------ C:\Program Files\Gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
              2008-04-03 11:54:01 0 d-------- C:\Program Files\Shell
              2008-04-03 11:54:01 0 d-------- C:\Program Files\Samples
              2008-04-03 11:54:01 0 d-------- C:\Program Files\Dll32
              2008-04-03 11:54:01 0 d-------- C:\Program Files\Delkeys
              2008-04-03 11:53:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
              2008-03-31 10:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
              2008-03-29 22:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
              2008-03-29 22:58:16 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
              2008-03-27 21:43:38 49152 --a------ C:\WINDOWS\System32\SNTI386.DLL
              2008-03-27 21:43:38 17920 --a------ C:\WINDOWS\System32\RNBOVDD.DLL
              2008-03-27 21:43:38 73216 --a------ C:\WINDOWS\System32\drivers\SENTINEL.SYS
              2008-03-27 21:43:37 0 d-------- C:\WINDOWS\System32\RNBOSENT
              2008-03-27 21:42:08 0 d-------- C:\GPS-X4


              -- Find3M Report ---------------------------------------------------------------

              2008-04-21 13:31:02 798228 --a------ C:\WINDOWS\System32\RVAXO.bat
              2008-04-14 19:36:45 0 d-------- C:\Documents and Settings\sven\Application Data\LimeWire
              2008-04-10 18:35:03 5699 --a------ C:\noname.cmd
              2008-04-09 18:05:07 37336 --ah----- C:\Program Files\LINDO.GID
              2008-04-05 10:38:58 0 d-------- C:\Documents and Settings\sven\Application Data\Sonic
              2008-04-04 21:56:47 0 d-------- C:\Program Files\WarRock
              2008-04-03 11:54:15 9257 --a------ C:\Program Files\DeIsL1.isu
              2008-04-03 11:54:03 147 --a------ C:\Program Files\_DEISREG.ISR
              2008-03-31 10:23:16 0 d-------- C:\Documents and Settings\sven\Application Data\Adobe
              2008-03-31 10:18:48 0 d-------- C:\Program Files\Common Files\Adobe
              2008-03-30 10:33:32 443522 --a------ C:\WINDOWS\System32\perfh013.dat
              2008-03-30 10:33:32 70312 --a------ C:\WINDOWS\System32\perfc013.dat
              2008-03-29 18:19:00 83616 --a------ C:\Documents and Settings\sven\Application Data\GDIPFONTCACHEV1.DAT
              2008-03-21 18:28:43 0 d-------- C:\Documents and Settings\sven\Application Data\Motive
              2008-03-20 16:17:22 0 d-------- C:\Program Files\MSECache
              2008-03-07 12:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
              2008-03-07 12:07:31 0 d-------- C:\Program Files\EASEUS
              2008-03-06 13:45:23 0 d-------- C:\Program Files\LimeWire
              2008-02-25 15:01:55 0 d-------- C:\Documents and Settings\sven\Application Data\Microgaming
              2008-02-24 23:19:35 3688 --a------ C:\WINDOWS\System32\d3d9caps.dat


              -- Registry Dump ---------------------------------------------------------------

              *Note* empty entries & legit default entries are not shown


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
              "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 08:07]
              "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 03:58]
              "KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 21:02]
              "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 09:01]
              "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42]
              "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [19/08/2003 03:56]
              "nwiz"="nwiz.exe" [19/08/2003 03:56 C:\WINDOWS\system32\nwiz.exe]
              "VTTimer"="VTTimer.exe"
              "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
              "AdslTaskBar"="stmctrl.dll" [28/04/2003 21:55 C:\WINDOWS\system32\stmctrl.dll]
              "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/11/2003 21:00]
              "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [14/08/2003 20:11]
              "PS2"="C:\WINDOWS\system32\ps2.exe" [16/10/2002 17:57]
              "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
              "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/11/2004 13:23]
              "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
              "CORSAIR_PLUtil"="C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [11/11/2004 18:37]
              "PLFFAP"="C:\WINDOWS\System32\HotfixQ0306270.exe" [05/08/2003 10:43]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "NVIEW"="nview.dll,nViewLoadHook"
              "Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [01/01/2003 13:55]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
              @="Service"

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
              path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
              backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
              path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
              backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
              C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
              c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
              c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
              "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
              c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
              "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
              "C:\Program Files\Messenger\msmsgs.exe" /background




              -- End of Deckard's System Scanner: finished at 2008-04-22 08:07:10 ------------

              Comment


              • #8
                Het ziet er schoon uit nu

                Het lijkt goed gegaan te zijn

                Doe dit nog:

                Download Java Runtime Environment (JRE) 6u6.
                • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 6".
                • Klik op de "Download" knop aan de rechterkant.
                • Vink aan: "Accept License Agreement", en klik op Continue.
                • De pagina zal herladen.
                • Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 6 en bewaar het op je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Verder mag je alle gebruikte programma's verwijderen

                Comment


                • #9
                  All right!! Alles loopt blijkbaar weer perfect

                  Super hard bedankt!

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X