Mededeling

Collapse
No announcement yet.

Rare meldingen IE en adwaremeldingen /bufferoverrunmeldingen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Rare meldingen IE en adwaremeldingen /bufferoverrunmeldingen

    Hele vreemde Bedoelingen ik weet niet wat ik er mee aanmoet.
    Heb hitmanpro geprobeerd en resulteerd in niets.
    pop-ups van media2. mediafileshare ed.

    heb er schoon genoeg van mijn internet is zo traag als wat kan sommige paginas slecht of niet openen. etc... wie kan mij helpen.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:33:38, on 13-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [2c389243] rundll32.exe "C:\WINDOWS\system32\pxadeqlr.dll",b
    O4 - HKLM\..\Run: [BM2f0ba1df] Rundll32.exe "C:\WINDOWS\system32\veghkvso.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karen071082.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://petervdbogaard.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

    --
    End of file - 5592 bytes

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Comment


    • #3
      logfiles 2

      Hierbij de 2 gevraagde log files



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:23:21, on 13-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      C:\WINDOWS\system32\AutoExNT.Exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PSIService.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Mixer.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wuauclt.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: {2b075c6c-046f-35ea-26d4-f18a8079a6ac} - {ca6a9708-a81f-4d62-ae53-f640c6c570b2} - C:\WINDOWS\system32\sxfgcmav.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karen071082.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://petervdbogaard.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

      --
      End of file - 5745 bytes



      Malwarebytes' Anti-Malware 1.12
      Database versie: 744

      Scan type: Snelle Scan
      Objecten gescand: 38661
      Verstreken tijd: 6 minute(s), 42 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 3
      Registersleutels geïnfecteerd: 24
      Registerwaarden geïnfecteerd: 3
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 1
      Bestanden geïnfecteerd: 13

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\byXRkiHx.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\pxadeqlr.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\jkkHYpmm.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad838d26-0637-4526-9981-c9d4cd35a898} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{ad838d26-0637-4526-9981-c9d4cd35a898} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\errorhelper.errorhelperbho (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\errorhelper.errorhelperbho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\anonystat.anonystatbho (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\anonystat.anonystatbho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhypmm (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c389243 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2f0ba1df (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Delete on reboot.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrkihx -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxrkihx -> Delete on reboot.

      Mappen geïnfecteerd:
      C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\byXRkiHx.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\xHikRXyb.ini (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\xHikRXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pxadeqlr.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\rlqedaxp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\Registry Defender\Help.chm (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
      C:\Program Files\Registry Defender\INSTALL.LOG (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
      C:\Program Files\Registry Defender\install.sss (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
      C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\veghkvso.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tuvSkLDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jkkHYpmm.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\yaywxYOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

      Comment


      • #4
        Start Hijackthis en vink alleen de volgende regel aan:
        O2 - BHO: {2b075c6c-046f-35ea-26d4-f18a8079a6ac} - {ca6a9708-a81f-4d62-ae53-f640c6c570b2} - C:\WINDOWS\system32\sxfgcmav.dll
        Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

        Comment


        • #5
          Rvaxo log bestand

          Hierbij het log bestand van Rvaxo zoals gevraagd

          ---RVAXO.exe Updated: 2008-05-10---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\BM2f0ba1df.xml
          C:\WINDOWS\BM2f0ba1df.txt
          C:\WINDOWS\system32\xHikRXyb.ini2
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\cookies.ini
          C:\WINDOWS\system32\clkcnt.txt

          Folders Found:
          C:\Program Files\AntiSpywareMaster
          C:\Program Files\Common Files\SchijfBewaker
          C:\Documents and Settings\All Users\Application Data\SchijfBewaker
          C:\WINDOWS\system32\UpMedia
          C:\Documents and Settings\All Users\Application Data\SalesMonitor
          C:\Documents and Settings\Peter\Application Data\BedreigingsMonitoor

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            Oorspronkelijk geplaatst door smeenk Bekijk Berichten
            Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

            Comment


            • #7
              2e log bestandje

              Sorry hier alsnog het 2e bestandje



              ======C:\WINDOWS====
              ----a-w 0 2008-05-13 21:45:06 C:\WINDOWS\0.log
              --s-a-w 2,048 2008-05-13 21:44:13 C:\WINDOWS\bootstat.dat
              ----a-w 47,086 2008-05-13 19:19:09 C:\WINDOWS\DPINST.LOG
              ----a-w 36,194 2008-05-13 16:52:19 C:\WINDOWS\KB944533-IE7.log
              ----a-w 202 2008-05-10 15:24:29 C:\WINDOWS\NeroDigital.ini
              ----a-w 362,658 2008-05-13 21:40:35 C:\WINDOWS\ntbtlog.txt
              ---ha-w 54,156 2008-04-11 18:11:26 C:\WINDOWS\QTFont.qfn
              ----a-w 32,636 2008-05-13 17:27:11 C:\WINDOWS\SchedLgU.Txt
              ----a-w 375 2008-05-12 17:04:42 C:\WINDOWS\setupact.log
              ----a-w 657,158 2008-05-04 19:14:01 C:\WINDOWS\setupapi.log
              ----a-w 227 2008-05-13 19:43:53 C:\WINDOWS\system.ini
              ----a-w 2,547 2008-05-12 21:59:22 C:\WINDOWS\unins000.dat
              ----a-w 691,545 2008-05-12 17:29:15 C:\WINDOWS\unins000.exe
              ----a-w 145,788 2008-05-13 16:52:18 C:\WINDOWS\updspapi.log
              ----a-w 159 2008-05-13 21:44:56 C:\WINDOWS\wiadebug.log
              ----a-w 49 2008-05-13 21:44:53 C:\WINDOWS\wiaservc.log
              ----a-w 904 2008-05-13 19:43:53 C:\WINDOWS\win.ini
              ----a-w 1,420,920 2008-05-13 21:46:04 C:\WINDOWS\WindowsUpdate.log
              ----a-w 57,135 2008-05-10 16:58:53 C:\WINDOWS\wmsetup.log

              Entries: 19 (17)
              Directories: 0 Files: 19
              Bytes: 3,511,787 Blocks: 6,866
              ======C:\WINDOWS\system32=====
              ------w 372,736 2008-05-13 21:18:32 C:\WINDOWS\System32\byXRkiHx.dll
              ------w 59,904 2008-05-13 21:18:32 C:\WINDOWS\System32\jkkHYpmm.dll
              ----a-w 38,853 2008-04-28 10:02:07 C:\WINDOWS\System32\LVCOMSX.LOG
              --sh--w 1,505,430 2008-05-12 17:12:32 C:\WINDOWS\System32\maplhihs.ini
              ----a-w 76,866 2008-04-15 21:07:45 C:\WINDOWS\System32\perfc009.dat
              ----a-w 98,344 2008-04-15 21:07:45 C:\WINDOWS\System32\perfc013.dat
              ----a-w 453,756 2008-04-15 21:07:45 C:\WINDOWS\System32\perfh009.dat
              ----a-w 523,810 2008-04-15 21:07:45 C:\WINDOWS\System32\perfh013.dat
              ----a-w 1,121,766 2008-04-15 21:07:45 C:\WINDOWS\System32\PerfStringBackup.INI
              ------w 115,712 2008-05-13 21:18:32 C:\WINDOWS\System32\pxadeqlr.dll
              ----a-w 2,048 2008-05-12 21:49:05 C:\WINDOWS\System32\rjovsqix.exe
              ----a-w 818,420 2008-05-10 10:18:24 C:\WINDOWS\System32\RVAXO.bat
              ----a-w 2,048 2008-05-11 18:03:26 C:\WINDOWS\System32\svkwtehv.exe
              ----a-w 2,228 2008-05-11 18:00:03 C:\WINDOWS\System32\wpa.dbl
              --sha-w 531,474 2008-05-13 21:19:09 C:\WINDOWS\System32\xHikRXyb.ini

              Entries: 15 (13)
              Directories: 0 Files: 15
              Bytes: 5,723,395 Blocks: 11,185
              ======C:\WINDOWS\system32\drivers=====
              ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
              ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys

              Entries: 2 (2)
              Directories: 0 Files: 2
              Bytes: 42,912 Blocks: 84
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              --sh--w 194 2008-05-13 19:43:53 C:\boot.ini
              ----a-w 701 2008-05-13 17:33:01 C:\firstrun6.log
              --sha-w 804,818,944 2008-05-13 21:44:08 C:\hiberfil.sys
              --sha-w 1,207,123,968 2008-05-13 21:44:06 C:\pagefile.sys
              ----a-w 836 2008-05-13 21:54:15 C:\RVAXO-results.log
              ----a-w 3,436 2008-05-13 21:54:16 C:\RVAXO-Vfind.log

              Entries: 6 (3)
              Directories: 0 Files: 6
              Bytes: 2,011,948,079 Blocks: 3,929,588
              ======C:\Documents and Settings\Peter\Application Data======
              ----a-w 603,312 2008-04-11 18:13:26 C:\Documents and Settings\Peter\Application Data\NMM-MetaData.db

              Entries: 1 (1)
              Directories: 0 Files: 1
              Bytes: 603,312 Blocks: 1,179
              ======C:\Documents and Settings\Peter======
              ----a-w 8,650,752 2008-05-13 21:43:18 C:\Documents and Settings\Peter\ntuser.dat
              ---ha-w 49,152 2008-05-13 21:54:08 C:\Documents and Settings\Peter\ntuser.dat.LOG
              --sh--w 288 2008-05-13 21:43:18 C:\Documents and Settings\Peter\ntuser.ini

              Entries: 3 (1)
              Directories: 0 Files: 3
              Bytes: 8,700,192 Blocks: 16,993
              ======C:\WINDOWS\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\System32\byXRkiHx.dll
                C:\WINDOWS\System32\jkkHYpmm.dll
                C:\WINDOWS\System32\maplhihs.ini
                C:\WINDOWS\System32\pxadeqlr.dll
                C:\WINDOWS\System32\rjovsqix.exe
                C:\WINDOWS\System32\svkwtehv.exe
                C:\WINDOWS\System32\xHikRXyb.ini) DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                Comment


                • #9
                  Deleting files
                  C:\WINDOWS\System32\byXRkiHx.dll deleted
                  C:\WINDOWS\System32\jkkHYpmm.dll deleted
                  C:\WINDOWS\System32\maplhihs.ini deleted
                  C:\WINDOWS\System32\pxadeqlr.dll deleted
                  C:\WINDOWS\System32\rjovsqix.exe deleted
                  C:\WINDOWS\System32\svkwtehv.exe deleted
                  C:\WINDOWS\System32\xHikRXyb.ini deleted

                  Comment


                  • #10
                    Mooie opruiming

                    Download Deckard's System Scanner naar je Bureaublad.
                    • Sluit alle toepassingen en vensters.
                    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
                    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
                    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

                    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
                    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
                    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
                    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

                    Comment


                    • #11
                      Deckard's System Scanner v20071014.68
                      Run by Peter on 2008-05-14 00:13:40
                      Computer is in Normal Mode.
                      --------------------------------------------------------------------------------

                      -- System Restore --------------------------------------------------------------

                      Successfully created a Deckard's System Scanner Restore Point.


                      -- Last 5 Restore Point(s) --
                      47: 2008-05-13 22:13:47 UTC - RP681 - Deckard's System Scanner Restore Point
                      46: 2008-05-13 19:13:56 UTC - RP680 - Installed Windows Live
                      45: 2008-05-13 19:13:22 UTC - RP679 - Geïnstalleerd: Windows Live installer
                      44: 2008-05-13 19:10:28 UTC - RP678 - Verwijderd: Windows Live Messenger
                      43: 2008-05-13 19:09:53 UTC - RP677 - Verwijderd: Windows Live installer


                      -- First Restore Point --
                      1: 2008-05-10 16:47:49 UTC - RP635 - Controlepunt van systeem


                      Backed up registry hives.
                      Performed disk cleanup.



                      -- HijackThis (run as Peter.exe) -----------------------------------------------

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 0:15:59, on 14-5-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                      C:\WINDOWS\Mixer.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\WINDOWS\system32\HPZipm12.exe
                      C:\Program Files\Skype\Phone\Skype.exe
                      C:\WINDOWS\system32\PSIService.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Skype\Plugin Manager\skypePM.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\WINDOWS\system32\LVComsX.exe
                      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                      C:\Program Files\Windows Live\Messenger\usnsvc.exe
                      C:\WINDOWS\system32\wscntfy.exe
                      C:\Documents and Settings\Peter\Bureaublad\dss.exe
                      C:\PROGRA~1\TRENDM~1\HIJACK~1\Peter.exe

                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                      O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karen071082.spaces.live.com//PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://petervdbogaard.spaces.live.com/PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
                      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
                      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                      O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
                      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                      O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
                      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

                      --
                      End of file - 5612 bytes

                      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                      backup-20080513-233229-142 O2 - BHO: {2b075c6c-046f-35ea-26d4-f18a8079a6ac} - {ca6a9708-a81f-4d62-ae53-f640c6c570b2} - C:\WINDOWS\system32\sxfgcmav.dll

                      -- File Associations -----------------------------------------------------------

                      .reg - regfile - shell\open\command - regedit.exe "%1" %*
                      .scr - scrfile - shell\open\command - "%1" %*


                      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                      R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
                      R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

                      S1 ikhfile (File Security Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhfile.sys (file missing)
                      S1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys (file missing)
                      S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
                      S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
                      S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>


                      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                      S2 AutoExNT - c:\windows\system32\autoexnt.exe
                      S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
                      S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


                      -- Device Manager: Disabled ----------------------------------------------------

                      No disabled devices found.


                      -- Files created between 2008-04-14 and 2008-05-14 -----------------------------

                      2008-05-13 23:52:59 0 d-------- C:\RVAXO
                      2008-05-13 23:48:36 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
                      2008-05-13 23:05:37 0 d-------- C:\Documents and Settings\Peter\Application Data\Malwarebytes
                      2008-05-13 23:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                      2008-05-13 23:05:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
                      2008-05-13 22:33:18 0 d-------- C:\Program Files\Trend Micro
                      2008-05-13 19:26:27 818420 --a------ C:\WINDOWS\system32\RVAXO.bat
                      2008-05-13 19:26:27 69632 --a------ C:\WINDOWS\system32\remove.exe
                      2008-05-12 23:59:21 691545 --a------ C:\WINDOWS\unins000.exe
                      2008-05-12 23:59:21 2547 --a------ C:\WINDOWS\unins000.dat
                      2008-05-12 19:27:06 0 d-------- C:\Program Files\Lavasoft
                      2008-05-12 19:23:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
                      2008-05-12 19:14:27 0 d-------- C:\Program Files\Hitman Pro
                      2008-05-12 18:28:49 0 d--hs---- C:\BedreigingsMonitoor


                      -- Find3M Report ---------------------------------------------------------------

                      2008-05-13 23:53:10 0 d-------- C:\Documents and Settings\Peter\Application Data\Skype
                      2008-05-13 21:17:27 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
                      2008-05-13 19:33:48 0 d-------- C:\Program Files\Common Files
                      2008-05-13 19:19:32 0 d-------- C:\Program Files\Java
                      2008-05-13 18:45:21 0 d-------- C:\Program Files\Apple Software Update
                      2008-05-12 19:29:55 0 d-------- C:\Documents and Settings\Peter\Application Data\Lavasoft
                      2008-05-12 18:15:14 0 d-------- C:\Program Files\SlySoft
                      2008-05-10 18:41:54 0 d-------- C:\Documents and Settings\Peter\Application Data\Azureus
                      2008-05-04 21:14:01 0 d-------- C:\Program Files\Windows Live Safety Center
                      2008-04-22 16:27:27 0 d-------- C:\Program Files\Azureus
                      2008-04-15 23:07:45 523810 --a------ C:\WINDOWS\system32\perfh013.dat
                      2008-04-15 23:07:45 98344 --a------ C:\WINDOWS\system32\perfc013.dat
                      2008-04-11 20:13:26 603312 --a------ C:\Documents and Settings\Peter\Application Data\NMM-MetaData.db
                      2008-03-21 19:24:25 0 d-------- C:\Program Files\MSN Messenger
                      2008-02-17 18:35:32 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


                      -- Registry Dump ---------------------------------------------------------------

                      *Note* empty entries & legit default entries are not shown


                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29-03-2008 19:37]
                      "C-Media Mixer"="Mixer.exe" [15-10-2002 19:00 C:\WINDOWS\mixer.exe]

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
                      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13-09-2007 13:31]

                      [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                      "Spyware Doctor"=

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
                      backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Photosmart Premier Snelstart.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk
                      backup=C:\WINDOWS\pss\HP Photosmart Premier Snelstart.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
                      path=C:\Documents and Settings\Peter\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
                      backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
                      "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                      "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
                      "C:\Program Files\D-Tools\daemon.exe" -lang 1033

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
                      "C:\Program Files\Hitman Pro\xphelper.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
                      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
                      C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
                      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                      "C:\Program Files\QuickTime\qttask.exe" -atboottime

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
                      C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                      "avast! Mail Scanner"=3 (0x3)


                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c208fa0-7b72-11da-be5f-00e07df7a10b}]
                      Auto\command- sxs.exe
                      AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe




                      -- End of Deckard's System Scanner: finished at 2008-05-14 00:16:29 ------------



                      Deckard's System Scanner v20071014.68
                      Extra logfile - please post this as an attachment with your post.
                      --------------------------------------------------------------------------------

                      -- System Information ----------------------------------------------------------

                      Microsoft Windows XP Professional (build 2600) SP 2.0
                      Architecture: X86; Language: Dutch

                      CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
                      Percentage of Memory in Use: 48%
                      Physical Memory (total/avail): 767.47 MiB / 396.44 MiB
                      Pagefile Memory (total/avail): 3028.41 MiB / 2689.14 MiB
                      Virtual Memory (total/avail): 2047.88 MiB / 1923 MiB

                      A: is Removable (Unformatted)
                      C: is Fixed (NTFS) - 19.53 GiB total, 5.57 GiB free.
                      D: is Fixed (NTFS) - 36.36 GiB total, 35.95 GiB free.
                      E: is CDROM (No Media)
                      F: is CDROM (No Media)
                      G: is Fixed (NTFS) - 152.66 GiB total, 57.39 GiB free.

                      \\.\PHYSICALDRIVE1 - Maxtor 6L160P0 - 152.66 GiB - 1 partition
                      \PARTITION0 - Installable File System - 152.66 GiB - G:

                      \\.\PHYSICALDRIVE0 - WDC WD600BB-00CAA1 - 55.9 GiB - 2 partitions
                      \PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
                      \PARTITION1 - Extended w/Extended Int 13 - 36.36 GiB - D:



                      -- Security Center -------------------------------------------------------------

                      AUOptions is set to notify before download.
                      Windows Internal Firewall is enabled.

                      AV: avast! antivirus 4.8.1169 [VPS 080513-0] v4.8.1169 (ALWIL Software) Disabled
                      AV: ESET NOD32 antivirus systeem 2.70 v2.70 (ESET, spol. s r.o.) Disabled Outdated

                      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
                      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

                      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                      "C:\\Program Files\\NGrab\\NGrab.exe"="C:\\Program Files\\NGrab\\NGrab.exe:*:Enabled:NGrab"
                      "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                      "C:\\Program Files\\MSN Messenger\\MSNP13Downgrader.exe"="C:\\Program Files\\MSN Messenger\\MSNP13Downgrader.exe:*:Enabled:MSNP13Downgrader"
                      "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
                      "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
                      "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
                      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
                      "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
                      "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


                      -- Environment Variables -------------------------------------------------------

                      ALLUSERSPROFILE=C:\Documents and Settings\All Users
                      APPDATA=C:\Documents and Settings\Peter\Application Data
                      CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
                      CLIENTNAME=Console
                      CommonProgramFiles=C:\Program Files\Common Files
                      COMPUTERNAME=COMPUTER1
                      ComSpec=C:\WINDOWS\system32\cmd.exe
                      FP_NO_HOST_CHECK=NO
                      HOMEDRIVE=C:
                      HOMEPATH=\Documents and Settings\Peter
                      LANG=nl
                      LOGONSERVER=\\COMPUTER1
                      NUMBER_OF_PROCESSORS=1
                      OS=Windows_NT
                      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3.5 Suite;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
                      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
                      PROCESSOR_ARCHITECTURE=x86
                      PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
                      PROCESSOR_LEVEL=15
                      PROCESSOR_REVISION=0204
                      ProgramFiles=C:\Program Files
                      PROMPT=$P$G
                      QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
                      SESSIONNAME=Console
                      SystemDrive=C:
                      SystemRoot=C:\WINDOWS
                      TEMP=C:\DOCUME~1\Peter\LOCALS~1\Temp
                      TMP=C:\DOCUME~1\Peter\LOCALS~1\Temp
                      USERDOMAIN=COMPUTER1
                      USERNAME=Peter
                      USERPROFILE=C:\Documents and Settings\Peter
                      windir=C:\WINDOWS


                      -- User Profiles ---------------------------------------------------------------

                      Peter (admin)


                      -- Add/Remove Programs ---------------------------------------------------------

                      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
                      Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
                      Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
                      Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
                      Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
                      Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
                      Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
                      Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
                      Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
                      Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
                      Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
                      Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
                      Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
                      AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
                      ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
                      ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
                      avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
                      Azureus --> C:\Program Files\Azureus\Uninstall.exe
                      Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
                      Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
                      Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
                      CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
                      CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
                      Compatibiliteitspakket voor het 2007 Microsoft Office system --> MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
                      Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
                      CuteFTP 6 Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}
                      HijackThis 2.0.2 --> "C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\2M3T4BP8\HijackThis.exe" /uninstall
                      Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
                      Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
                      HP Deskjet 5700 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 5700 Series
                      HP Document Viewer 6.1 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
                      HP Extended Capabilities 6.1 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
                      HP Imaging Device Functions 6.1 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
                      HP Photo and Imaging 1.0 - Scanjet 3500c Series --> MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
                      HP Photosmart Premier Software 6.1 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
                      HP PSC & OfficeJet 6.1.A --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
                      HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
                      HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
                      Hyves Kwekker 1.1b --> C:\Program Files\Hyves Kwekker\uninst.exe
                      J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
                      J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
                      Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
                      Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
                      K-Lite Codec Pack 3.5.3 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
                      Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x13 UNINSTALL
                      Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x13
                      Logitech QuickCam --> MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
                      Logitech® Camera-stuurprogramma --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
                      Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
                      Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
                      Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
                      Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
                      Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
                      MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
                      Nero 6 Enterprise Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
                      Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
                      NGrab Streamingserver --> MsiExec.exe /X{CB2D3647-18D2-4E06-8062-AF6224C5489E}
                      Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
                      Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
                      Nokia Map Loader --> MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
                      Nokia MTP driver --> MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}
                      Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
                      Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
                      Nokia Software Launcher --> MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
                      NTREGOPT 1.1j --> "C:\Program Files\NT Registry Optimizer\unins000.exe"
                      Paint Shop Pro 7 Try And Buy --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
                      PCI Audio Driver --> cmuninst.exe
                      Pinnacle PCTV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}\Setup.exe" -l0x13 -L0x13 UNINSTALL
                      Pinnacle TRex --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9313E9A6-03DF-11D5-88F8-005004361016}\setup.exe" -l0x9 UNINSTALL
                      PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
                      QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
                      Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
                      Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
                      Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
                      Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
                      Spyware Doctor 4.0 --> C:\Program Files\Spyware Doctor\unins000.exe
                      The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
                      Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
                      Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
                      WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
                      Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
                      Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
                      Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
                      Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
                      Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
                      Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
                      Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
                      Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
                      Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
                      Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
                      Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
                      Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
                      XML Paper Specification Shared Components Pack 1.0 -->


                      -- Application Event Log -------------------------------------------------------

                      Event Record #/Type3871 / Success
                      Event Submitted/Written: 05/13/2008 11:58:07 PM
                      Event ID/Source: 12001 / usnjsvc
                      Event Description:
                      The Messenger Sharing USN Journal Reader service started successfully.

                      Event Record #/Type3867 / Success
                      Event Submitted/Written: 05/13/2008 11:44:47 PM
                      Event ID/Source: 2570 / Adobe Active File Monitor 6.0
                      Event Description:
                      De service Adobe Active File Monitor is gestart.

                      Event Record #/Type3855 / Success
                      Event Submitted/Written: 05/13/2008 11:28:45 PM
                      Event ID/Source: 12001 / usnjsvc
                      Event Description:
                      The Messenger Sharing USN Journal Reader service started successfully.

                      Event Record #/Type3851 / Success
                      Event Submitted/Written: 05/13/2008 11:22:03 PM
                      Event ID/Source: 2570 / Adobe Active File Monitor 6.0
                      Event Description:
                      De service Adobe Active File Monitor is gestart.

                      Event Record #/Type3837 / Success
                      Event Submitted/Written: 05/13/2008 09:50:37 PM
                      Event ID/Source: 12001 / usnjsvc
                      Event Description:
                      The Messenger Sharing USN Journal Reader service started successfully.



                      -- Security Event Log ----------------------------------------------------------

                      No Errors/Warnings found.


                      -- System Event Log ------------------------------------------------------------

                      Event Record #/Type93833 / Error
                      Event Submitted/Written: 05/13/2008 11:45:09 PM
                      Event ID/Source: 7023 / Service Control Manager
                      Event Description:
                      De HID Input Service-service is gestopt met de volgende foutcode:
                      %%2.

                      Event Record #/Type93829 / Error
                      Event Submitted/Written: 05/13/2008 11:43:17 PM
                      Event ID/Source: 10005 / DCOM
                      Event Description:
                      DCOM kreeg foutmelding '%%1084' bij het starten van de EventSystem-service met de argumenten ''
                      om de server
                      {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

                      Event Record #/Type93828 / Error
                      Event Submitted/Written: 05/13/2008 11:42:59 PM
                      Event ID/Source: 10005 / DCOM
                      Event Description:
                      DCOM kreeg foutmelding '%%1084' bij het starten van de StiSvc-service met de argumenten ''
                      om de server
                      {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

                      Event Record #/Type93827 / Error
                      Event Submitted/Written: 05/13/2008 11:41:29 PM
                      Event ID/Source: 7026 / Service Control Manager
                      Event Description:
                      De volgende opstartstuurprogramma's zijn niet geladen:
                      Aavmker4
                      AFD
                      aswSP
                      aswTdi
                      Fips
                      intelppm
                      IPSec
                      MRxSmb
                      NetBIOS
                      NetBT
                      RasAcd
                      Rdbss
                      Tcpip

                      Event Record #/Type93826 / Error
                      Event Submitted/Written: 05/13/2008 11:41:29 PM
                      Event ID/Source: 7001 / Service Control Manager
                      Event Description:
                      De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service, die vanwege de volgende fout niet kan worden gestart:
                      %%31



                      -- End of Deckard's System Scanner: finished at 2008-05-14 00:16:29 ------------

                      Comment


                      • #12
                        Open een kladblokbestand.
                        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                        @ECHO OFF
                        IF EXIST log.txt DEL log.txt
                        ECHO Deleting folders>>log.txt
                        FOR %%g in (
                        C:\BedreigingsMonitoor) DO (
                        IF EXIST %%g (
                        ATTRIB -r -s -h %%g
                        RD /S /Q %%g
                        ATTRIB -r -s -h %%g\*.*
                        REN %%g\*.* *.NUCIA
                        IF EXIST %%g (
                        ECHO %%g not deleted>>log.txt
                        ) ELSE (
                        ECHO %%g deleted>>log.txt)
                        ) ELSE (
                        ECHO %%g not found>>log.txt))
                        START NOTEPAD.EXE log.txt

                        Ga naar Bestand - Opslaan als.
                        Bij "Opslaan in" kies je: Bureaublad
                        Bij "Bestandsnaam" zet je: del.bat
                        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                        Klik op de knop Opslaan.

                        Dubbelklik op del.bat en post het logje dat opent.

                        Comment


                        • #13
                          Deleting folders
                          C:\BedreigingsMonitoor deleted

                          Comment


                          • #14
                            Download ATF cleaner (mirror)(gemaakt door Atribune)

                            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                            Dubbelklik op ATF cleaner om het programma te starten.
                            Op het tabblad "Main", plaats je een vinkje bij Select All.
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook FireFox als browser hebt:
                            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook Opera als browser hebt:
                            Klik op tabblad "Opera", plaats een vinkje bij Select All.
                            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            Klik op de knop Empty Selected.
                            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                            Kijk hier hoe je je systeemherstel moet uitschakelen.
                            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                            Vertel of er nog problemen zijn.

                            Groeten smeenk

                            Comment


                            • #15
                              Bedankt

                              Bedankt Smeenk,

                              Ik weet niet wat ik moet zeggen.
                              Mijn internet is weer zoals het meot zijn.
                              Snel en zonder die vervelende pop-ups.
                              Mag ik alleen nog vragen wat voor opleiding je hebt gehad/ wat voor werk doe je?
                              En hoe kan ik jullie steunen in het helpen van mensen zoals ik??

                              In een woord gezegd fantastisch!!!!!!!!
                              een echte aanrader

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X