Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Start de computer in veilige modus.
• Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

• Sluit alle toepassingen en vensters.
• Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
• Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
• Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

Dit zijn de logfiles van RVAXO en DSS


---RVAXO.exe Updated: 2008-04-21---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\WLCtrl32.dll

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------






Deckard's System Scanner v20071014.68
Run by sven on 2008-04-21 13:47:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-21 11:47:59 UTC - RP139 - Deckard's System Scanner Restore Point
2: 2008-04-21 09:00:58 UTC - RP138 - Controlepunt van systeem
1: 2008-04-21 07:33:34 UTC - RP137 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as sven.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:05, on 21/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\SCIA\keygen\Lmgrd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SCIA\keygen\SCIA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Documents and Settings\sven\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\sven.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SCIA - Macrovision Corporation - C:\Program Files\SCIA\keygen\Lmgrd.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7258 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070827-152403-472 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070827-152403-693 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abonem.com
backup-20070827-152403-737 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070827-152403-775 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abonem.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 PLFF (USB Flash Disk Driver) - c:\windows\system32\drivers\plff.sys <Not Verified; Prolific Technology Inc.; Prolific Flash Disk>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S0 Bhn52 - c:\windows\system32\drivers\bhn52.sys (file missing)
S0 Djp52 - c:\windows\system32\drivers\djp52.sys (file missing)
S0 Hot63 - c:\windows\system32\drivers\hot63.sys (file missing)
S0 Jpv85 - c:\windows\system32\drivers\jpv85.sys (file missing)
S0 Nta51 - c:\windows\system32\drivers\nta51.sys (file missing)
S0 Pvc28 - c:\windows\system32\drivers\pvc28.sys (file missing)
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S2 s264545.sys - c:\windows\system32\s264545.sys (file missing)
S3 Nsy38 - c:\windows\system32\drivers\nsy38.sys
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 SCIA - c:\program files\scia\keygen\lmgrd.exe <Not Verified; Macrovision Corporation; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce MCP Networking Controller
Device ID: PCI\VEN_10DE&DEV_00D6&SUBSYS_80A71043&REV_A5\3&267A616A&0&28
Manufacturer: Nvidia
Name: NVIDIA nForce MCP Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_00D6&SUBSYS_80A71043&REV_A5\3&267A616A&0&28
Service: NVENET


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 13:44:40 0 d-------- C:\RVAXO
2008-04-21 12:04:53 0 --a------ C:\WINDOWS\System32\drivers\Bhn40.sys
2008-04-19 18:54:55 11776 --a------ C:\Documents and Settings\sven\win.exe
2008-04-10 18:37:32 85504 --a------ C:\noname.exe
2008-04-03 11:54:03 83968 --a------ C:\Program Files\Gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-03 11:54:03 49152 --a------ C:\Program Files\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
2008-04-03 11:54:02 24576 --a------ C:\Program Files\Optcom.exe <Not Verified; LINDO Systems Inc.; OptCom>
2008-04-03 11:54:02 2482176 --a------ C:\Program Files\Lindow32.exe <Not Verified; LINDO Systems Inc; LINDO for Windows>
2008-04-03 11:54:02 122880 --a------ C:\Program Files\Lindoreg.dll
2008-04-03 11:54:02 69632 --a------ C:\Program Files\Lindolm.dll
2008-04-03 11:54:02 147456 --a------ C:\Program Files\Lindoau.dll <Not Verified; ; AutoUpdate Dynamic Link Library>
2008-04-03 11:54:02 302592 --a------ C:\Program Files\Gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
2008-04-03 11:54:02 392192 --a------ C:\Program Files\Gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-03 11:54:01 0 d-------- C:\Program Files\Shell
2008-04-03 11:54:01 0 d-------- C:\Program Files\Samples
2008-04-03 11:54:01 0 d-------- C:\Program Files\Dll32
2008-04-03 11:54:01 0 d-------- C:\Program Files\Delkeys
2008-04-03 11:53:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-03-31 10:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-29 22:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 22:58:16 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-03-27 21:43:38 49152 --a------ C:\WINDOWS\System32\SNTI386.DLL
2008-03-27 21:43:38 17920 --a------ C:\WINDOWS\System32\RNBOVDD.DLL
2008-03-27 21:43:38 73216 --a------ C:\WINDOWS\System32\drivers\SENTINEL.SYS
2008-03-27 21:43:37 0 d-------- C:\WINDOWS\System32\RNBOSENT
2008-03-27 21:42:08 0 d-------- C:\GPS-X4
2008-03-21 18:28:43 0 d-------- C:\Documents and Settings\sven\Application Data\Motive


-- Find3M Report ---------------------------------------------------------------

2008-04-21 13:31:02 798228 --a------ C:\WINDOWS\System32\RVAXO.bat
2008-04-14 19:36:45 0 d-------- C:\Documents and Settings\sven\Application Data\LimeWire
2008-04-10 18:35:03 5699 --a------ C:\noname.cmd
2008-04-09 18:05:07 37336 --ah----- C:\Program Files\LINDO.GID
2008-04-05 10:38:58 0 d-------- C:\Documents and Settings\sven\Application Data\Sonic
2008-04-04 21:56:47 0 d-------- C:\Program Files\WarRock
2008-04-03 11:54:15 9257 --a------ C:\Program Files\DeIsL1.isu
2008-04-03 11:54:03 147 --a------ C:\Program Files\_DEISREG.ISR
2008-03-31 10:23:16 0 d-------- C:\Documents and Settings\sven\Application Data\Adobe
2008-03-31 10:18:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 10:33:32 443522 --a------ C:\WINDOWS\System32\perfh013.dat
2008-03-30 10:33:32 70312 --a------ C:\WINDOWS\System32\perfc013.dat
2008-03-29 18:19:00 83616 --a------ C:\Documents and Settings\sven\Application Data\GDIPFONTCACHEV1.DAT
2008-03-20 16:17:22 0 d-------- C:\Program Files\MSECache
2008-03-07 12:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 12:07:31 0 d-------- C:\Program Files\EASEUS
2008-03-06 13:45:23 0 d-------- C:\Program Files\LimeWire
2008-02-25 15:01:55 0 d-------- C:\Documents and Settings\sven\Application Data\Microgaming
2008-02-24 23:19:35 3688 --a------ C:\WINDOWS\System32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 08:07]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 03:58]
"KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 21:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 09:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [19/08/2003 03:56]
"nwiz"="nwiz.exe" [19/08/2003 03:56 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe"
"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AdslTaskBar"="stmctrl.dll" [28/04/2003 21:55 C:\WINDOWS\system32\stmctrl.dll]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/11/2003 21:00]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [14/08/2003 20:11]
"PS2"="C:\WINDOWS\system32\ps2.exe" [16/10/2002 17:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/11/2004 13:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"CORSAIR_PLUtil"="C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [11/11/2004 18:37]
"PLFFAP"="C:\WINDOWS\System32\HotfixQ0306270.exe" [05/08/2003 10:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook"
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [01/01/2003 13:55]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhm62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Djp52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gns84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hot63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpv85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsy38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nta51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oub52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pvc28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbg84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 7100 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
"C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background




-- End of Deckard's System Scanner: finished at 2008-04-21 13:49:42 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: Dutch

CPU 0: AMD Athlon(tm) 64 Processor 3000+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 511.3 MiB / 225.21 MiB
Pagefile Memory (total/avail): 1250.9 MiB / 999.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.65 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.52 GiB total, 107.4 GiB free.
D: is Fixed (FAT32) - 4.51 GiB total, 0.78 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.52 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.52 GiB - C:

\\.\PHYSICALDRIVE3 -

\\.\PHYSICALDRIVE5 -

\\.\PHYSICALDRIVE2 -

\\.\PHYSICALDRIVE4 -

\\.\PHYSICALDRIVE1 - - 1921.84 MiB - 1 partition
\PARTITION0 - 16-bits FAT - 1928 MiB - K:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sven\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOVEN
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sven
LOGONSERVER=\\BOVEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0408
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\sven\LOCALS~1\Temp
TMP=C:\DOCUME~1\sven\LOCALS~1\Temp
USERDOMAIN=BOVEN
USERNAME=sven
USERPROFILE=C:\Documents and Settings\sven
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Eigenaar (admin)
sven (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN0413.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x13
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BeWAN ADSL modem --> rundll32.exe stmcfg32.dll,Uninstall
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corsair Flash Voyager Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41FC7856-55A1-41A6-94B1-15A1E3C050B8}\Setup.exe" -l0x9
DIR2HTML (remove only) --> "C:\Program Files\DIR2HTML\uninstal.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EASEUS Deleted File Recovery 2.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{865A8951-8D9A-46CB-84A2-3D67BA38B923}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HotFix Q0306270 -->
Hotfix voor DirectX - KB825116 --> C:\WINDOWS\$NtUninstallKB825116$\spuninst\spuninst.exe
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP foto- en beeldbewerking 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HPIZ311 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
Hydromantis GPS-X 4.0 --> C:\WINDOWS\IsUninst.exe -fC:\GPS-X4\Uninst.isu
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Q828750 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q828750.inf
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lexmark 7100 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxbxUNST.EXE -NOLICENSE
LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
LINDO 6.1 --> C:\WINDOWS\uninst.exe -f"c:\program files\DeIsL1.isu" -c"c:\program files\_ISREG32.DLL"
MAGIX music maker 11 e-version (US) --> C:\MAGIX\mm11_e-version\instslct.exe
Mechanical Desktop 2005 --> MsiExec.exe /I{5783F2D7-0313-0409-0002-0060B0CE6BBA}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Office XP Professional --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0050048383C9}
Microsoft Visio Professional 2002 SR-1 [NLD] --> MsiExec.exe /I{90510413-6D54-11D4-BEE3-00C04F990354}
Microsoft Word 2002 --> MsiExec.exe /I{911B0413-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{A29D0501-02A2-48DD-BC1B-09B27406FE9B}
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Noble Poker --> "C:\Poker\Noble Poker\_SetupPoker.exe" /uninstall
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Outlook Express Update Q330994 --> C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PunkBuster Services --> C:\WINDOWS\System32\pbsvc.exe -u
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SCIA ESA PT --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54556F60-1B2C-4A3E-A486-32A633039212} /l1043
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Soulseek Client 152 --> C:\WINDOWS\UnGins.exe "C:\Program Files\Soulseek\install.log"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SubSync --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SubSync\ST6UNST.LOG"
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TypeFaster Typing Tutor --> "C:\Program Files\TypeFaster\uninstall.exe"
Unibet Poker --> C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\UNWISE.EXE C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\INSTALL.LOG
Unreal Tournament 2004 Demo --> C:\UT2004Demo\System\Setup.exe uninstall "UT2004-Demo"
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type5740 / Error
Event Submitted/Written: 04/21/2008 01:41:14 PM
Event ID/Source: 8193 / VSS
Event Description:
Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type5739 / Error
Event Submitted/Written: 04/21/2008 01:41:14 PM
Event ID/Source: 4609 / EventSystem
Event Description:
Het COM+-gebeurtenissysteem heeft bij de interne verwerking een ongeldige resultaatcode gevonden. HRESULT is 8007043C voor regel 44 van d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Neem contact op met Microsoft Productondersteuning om dit te melden.

Event Record #/Type5737 / Error
Event Submitted/Written: 04/21/2008 00:06:48 PM
Event ID/Source: 8193 / VSS
Event Description:
Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type5736 / Error
Event Submitted/Written: 04/21/2008 00:06:48 PM
Event ID/Source: 4609 / EventSystem
Event Description:
Het COM+-gebeurtenissysteem heeft bij de interne verwerking een ongeldige resultaatcode gevonden. HRESULT is 8007043C voor regel 44 van d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Neem contact op met Microsoft Productondersteuning om dit te melden.

Event Record #/Type5732 / Error
Event Submitted/Written: 04/21/2008 09:29:45 AM
Event ID/Source: 8193 / VSS
Event Description:
Fout van de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance. hr = 0x80040206.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type62677 / Error
Event Submitted/Written: 04/21/2008 01:46:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
De DS1410D-service kan vanwege de volgende fout niet worden gestart:
%%2

Event Record #/Type62674 / Error
Event Submitted/Written: 04/21/2008 01:42:44 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
De volgende opstartstuurprogramma's zijn niet geladen:
Aavmker4
aswSP
aswTdi
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip

Event Record #/Type62673 / Error
Event Submitted/Written: 04/21/2008 01:42:44 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Event Record #/Type62672 / Error
Event Submitted/Written: 04/21/2008 01:42:44 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Event Record #/Type62671 / Error
Event Submitted/Written: 04/21/2008 01:42:44 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
De DHCP Client-service is afhankelijk van de NetBT-service, die vanwege de volgende fout niet kan worden gestart:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-21 13:49:42 ------------

Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
Unzip het.
Start het programma door op avenger.exe te klikken.
In het venster "Input Script here", plak je het volgende (vetgedrukte):


Files to delete:
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\System32\drivers\Bhn40.sys
C:\Documents and Settings\sven\win.exe
C:\noname.exe

Klik daarna op de knop "Execute".
Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

Post ook een nieuw logje van Deckard's System Scanner

Na het uitvoeren van avenger en het herstarten kreeg ik wel een boodschap over een of andere driver die niet kon worden gevonden. Ik hoop dat dit normaal is? Hieronder vindt u de logfiles.



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\WLCtrl32.dll" not found!
Deletion of file "C:\WINDOWS\system32\WLCtrl32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\drivers\Bhn40.sys" not found!
Deletion of file "C:\WINDOWS\System32\drivers\Bhn40.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\sven\win.exe" deleted successfully.
File "C:\noname.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.








Deckard's System Scanner v20071014.68
Run by sven on 2008-04-21 19:47:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as sven.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:44, on 21/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\SCIA\keygen\Lmgrd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SCIA\keygen\SCIA.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Documents and Settings\sven\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\sven.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SCIA - Macrovision Corporation - C:\Program Files\SCIA\keygen\Lmgrd.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7258 bytes

-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 13:44:40 0 d-------- C:\RVAXO
2008-04-03 11:54:03 83968 --a------ C:\Program Files\Gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-03 11:54:03 49152 --a------ C:\Program Files\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
2008-04-03 11:54:02 24576 --a------ C:\Program Files\Optcom.exe <Not Verified; LINDO Systems Inc.; OptCom>
2008-04-03 11:54:02 2482176 --a------ C:\Program Files\Lindow32.exe <Not Verified; LINDO Systems Inc; LINDO for Windows>
2008-04-03 11:54:02 122880 --a------ C:\Program Files\Lindoreg.dll
2008-04-03 11:54:02 69632 --a------ C:\Program Files\Lindolm.dll
2008-04-03 11:54:02 147456 --a------ C:\Program Files\Lindoau.dll <Not Verified; ; AutoUpdate Dynamic Link Library>
2008-04-03 11:54:02 302592 --a------ C:\Program Files\Gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
2008-04-03 11:54:02 392192 --a------ C:\Program Files\Gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-03 11:54:01 0 d-------- C:\Program Files\Shell
2008-04-03 11:54:01 0 d-------- C:\Program Files\Samples
2008-04-03 11:54:01 0 d-------- C:\Program Files\Dll32
2008-04-03 11:54:01 0 d-------- C:\Program Files\Delkeys
2008-04-03 11:53:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-03-31 10:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-29 22:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 22:58:16 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-03-27 21:43:38 49152 --a------ C:\WINDOWS\System32\SNTI386.DLL
2008-03-27 21:43:38 17920 --a------ C:\WINDOWS\System32\RNBOVDD.DLL
2008-03-27 21:43:38 73216 --a------ C:\WINDOWS\System32\drivers\SENTINEL.SYS
2008-03-27 21:43:37 0 d-------- C:\WINDOWS\System32\RNBOSENT
2008-03-27 21:42:08 0 d-------- C:\GPS-X4
2008-03-21 18:28:43 0 d-------- C:\Documents and Settings\sven\Application Data\Motive


-- Find3M Report ---------------------------------------------------------------

2008-04-21 13:31:02 798228 --a------ C:\WINDOWS\System32\RVAXO.bat
2008-04-14 19:36:45 0 d-------- C:\Documents and Settings\sven\Application Data\LimeWire
2008-04-10 18:35:03 5699 --a------ C:\noname.cmd
2008-04-09 18:05:07 37336 --ah----- C:\Program Files\LINDO.GID
2008-04-05 10:38:58 0 d-------- C:\Documents and Settings\sven\Application Data\Sonic
2008-04-04 21:56:47 0 d-------- C:\Program Files\WarRock
2008-04-03 11:54:15 9257 --a------ C:\Program Files\DeIsL1.isu
2008-04-03 11:54:03 147 --a------ C:\Program Files\_DEISREG.ISR
2008-03-31 10:23:16 0 d-------- C:\Documents and Settings\sven\Application Data\Adobe
2008-03-31 10:18:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 10:33:32 443522 --a------ C:\WINDOWS\System32\perfh013.dat
2008-03-30 10:33:32 70312 --a------ C:\WINDOWS\System32\perfc013.dat
2008-03-29 18:19:00 83616 --a------ C:\Documents and Settings\sven\Application Data\GDIPFONTCACHEV1.DAT
2008-03-20 16:17:22 0 d-------- C:\Program Files\MSECache
2008-03-07 12:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 12:07:31 0 d-------- C:\Program Files\EASEUS
2008-03-06 13:45:23 0 d-------- C:\Program Files\LimeWire
2008-02-25 15:01:55 0 d-------- C:\Documents and Settings\sven\Application Data\Microgaming
2008-02-24 23:19:35 3688 --a------ C:\WINDOWS\System32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 08:07]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 03:58]
"KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 21:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 09:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [19/08/2003 03:56]
"nwiz"="nwiz.exe" [19/08/2003 03:56 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe"
"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AdslTaskBar"="stmctrl.dll" [28/04/2003 21:55 C:\WINDOWS\system32\stmctrl.dll]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/11/2003 21:00]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [14/08/2003 20:11]
"PS2"="C:\WINDOWS\system32\ps2.exe" [16/10/2002 17:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/11/2004 13:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"CORSAIR_PLUtil"="C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [11/11/2004 18:37]
"PLFFAP"="C:\WINDOWS\System32\HotfixQ0306270.exe" [05/08/2003 10:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook"
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [01/01/2003 13:55]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhm62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bhn52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Djp52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gns84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hot63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpv85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nsy38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nta51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oub52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pvc28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbg84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 7100 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
"C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background




-- End of Deckard's System Scanner: finished at 2008-04-21 19:48:04 ------------

1) Open een kladblokbestand.
2) Kopieer onderstaande code in dit kladblokbestand.
3) Ga naar Bestand - Opslaan als.
-Bij "Opslaan in" kies je: Bureaublad
-Bij "Bestandsnaam" zet je: fix.reg
-Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
-Klik op de knop Opslaan. 4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.


Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
Bhn52
SC DELETE Djp52
SC DELETE Hot63
SC DELETE Jpv85
SC DELETE Nta51
SC DELETE Pvc28
SC DELETE DS1410D
SC DELETE s264545.sys
SC DELETE Nsy38
SC DELETE Sunkfiltp

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post een nieuw logje van Deckard's System Scanner.
Groeten smeenk

Deckard's System Scanner v20071014.68
Run by sven on 2008-04-22 08:06:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as sven.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:54, on 22/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\Program Files\SCIA\keygen\Lmgrd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SCIA\keygen\SCIA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\WINDOWS\System32\CMMON32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\sven\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\sven.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0378ED68-4066-45A0-A3E7-937BECEBDB58}: NameServer = 193.190.198.2 193.190.198.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0378ED68-4066-45A0-A3E7-937BECEBDB58}: NameServer = 193.190.198.2 193.190.198.2
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SCIA - Macrovision Corporation - C:\Program Files\SCIA\keygen\Lmgrd.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7439 bytes

-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-21 13:44:40 0 d-------- C:\RVAXO
2008-04-03 11:54:03 83968 --a------ C:\Program Files\Gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-03 11:54:03 49152 --a------ C:\Program Files\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
2008-04-03 11:54:02 24576 --a------ C:\Program Files\Optcom.exe <Not Verified; LINDO Systems Inc.; OptCom>
2008-04-03 11:54:02 2482176 --a------ C:\Program Files\Lindow32.exe <Not Verified; LINDO Systems Inc; LINDO for Windows>
2008-04-03 11:54:02 122880 --a------ C:\Program Files\Lindoreg.dll
2008-04-03 11:54:02 69632 --a------ C:\Program Files\Lindolm.dll
2008-04-03 11:54:02 147456 --a------ C:\Program Files\Lindoau.dll <Not Verified; ; AutoUpdate Dynamic Link Library>
2008-04-03 11:54:02 302592 --a------ C:\Program Files\Gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
2008-04-03 11:54:02 392192 --a------ C:\Program Files\Gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-03 11:54:01 0 d-------- C:\Program Files\Shell
2008-04-03 11:54:01 0 d-------- C:\Program Files\Samples
2008-04-03 11:54:01 0 d-------- C:\Program Files\Dll32
2008-04-03 11:54:01 0 d-------- C:\Program Files\Delkeys
2008-04-03 11:53:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-03-31 10:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-29 22:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 22:58:16 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-03-27 21:43:38 49152 --a------ C:\WINDOWS\System32\SNTI386.DLL
2008-03-27 21:43:38 17920 --a------ C:\WINDOWS\System32\RNBOVDD.DLL
2008-03-27 21:43:38 73216 --a------ C:\WINDOWS\System32\drivers\SENTINEL.SYS
2008-03-27 21:43:37 0 d-------- C:\WINDOWS\System32\RNBOSENT
2008-03-27 21:42:08 0 d-------- C:\GPS-X4


-- Find3M Report ---------------------------------------------------------------

2008-04-21 13:31:02 798228 --a------ C:\WINDOWS\System32\RVAXO.bat
2008-04-14 19:36:45 0 d-------- C:\Documents and Settings\sven\Application Data\LimeWire
2008-04-10 18:35:03 5699 --a------ C:\noname.cmd
2008-04-09 18:05:07 37336 --ah----- C:\Program Files\LINDO.GID
2008-04-05 10:38:58 0 d-------- C:\Documents and Settings\sven\Application Data\Sonic
2008-04-04 21:56:47 0 d-------- C:\Program Files\WarRock
2008-04-03 11:54:15 9257 --a------ C:\Program Files\DeIsL1.isu
2008-04-03 11:54:03 147 --a------ C:\Program Files\_DEISREG.ISR
2008-03-31 10:23:16 0 d-------- C:\Documents and Settings\sven\Application Data\Adobe
2008-03-31 10:18:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 10:33:32 443522 --a------ C:\WINDOWS\System32\perfh013.dat
2008-03-30 10:33:32 70312 --a------ C:\WINDOWS\System32\perfc013.dat
2008-03-29 18:19:00 83616 --a------ C:\Documents and Settings\sven\Application Data\GDIPFONTCACHEV1.DAT
2008-03-21 18:28:43 0 d-------- C:\Documents and Settings\sven\Application Data\Motive
2008-03-20 16:17:22 0 d-------- C:\Program Files\MSECache
2008-03-07 12:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 12:07:31 0 d-------- C:\Program Files\EASEUS
2008-03-06 13:45:23 0 d-------- C:\Program Files\LimeWire
2008-02-25 15:01:55 0 d-------- C:\Documents and Settings\sven\Application Data\Microgaming
2008-02-24 23:19:35 3688 --a------ C:\WINDOWS\System32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 08:07]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [23/05/2003 03:58]
"KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 21:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 09:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [19/08/2003 03:56]
"nwiz"="nwiz.exe" [19/08/2003 03:56 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe"
"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AdslTaskBar"="stmctrl.dll" [28/04/2003 21:55 C:\WINDOWS\system32\stmctrl.dll]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/11/2003 21:00]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [14/08/2003 20:11]
"PS2"="C:\WINDOWS\system32\ps2.exe" [16/10/2002 17:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/11/2004 13:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"CORSAIR_PLUtil"="C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [11/11/2004 18:37]
"PLFFAP"="C:\WINDOWS\System32\HotfixQ0306270.exe" [05/08/2003 10:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook"
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [01/01/2003 13:55]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 10:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 7100 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbxmon.exe]
"C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background




-- End of Deckard's System Scanner: finished at 2008-04-22 08:07:10 ------------

Het ziet er schoon uit nu

Het lijkt goed gegaan te zijn

Doe dit nog:

Download Java Runtime Environment (JRE) 6u6.

• Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 6".
• Klik op de "Download" knop aan de rechterkant.
• Vink aan: "Accept License Agreement", en klik op Continue.
• De pagina zal herladen.
• Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 6 en bewaar het op je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Verder mag je alle gebruikte programma's verwijderen

All right!! Alles loopt blijkbaar weer perfect

Super hard bedankt!

Graag gedaan hoor