Mededeling

**smeenk** · 17-05-08, 11:51

Start Hijackthis en vink alleen de volgende regels aan:
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll (file missing)
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll (file missing)
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll (file missing)
O2 - BHO: (no name) - {4E0399BE-F3EF-4461-9B0F-452F4119617E} - C:\WINDOWS\system32\ssqolijg.dll (file missing)
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: (no name) - {6DC2D282-D414-435E-8A26-FF3C23AC36EF} - C:\WINDOWS\system32\vtuvtstt.dll (file missing)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsc8.dll (file missing)
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\WINDOWS\system32\rlai.dll,avgrsstx.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O20 - Winlogon Notify: vtuvtstt - vtuvtstt.dll (file missing)
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

**bawa** · 17-05-08, 12:41

Ziehier het door u gevraagde log file :

---RVAXO.exe Updated: 2008-05-16---first run---
Uninstallers:

Files found:
C:\WINDOWS\BMa71dd0be.txt

Folders Found:
C:\WINDOWS\system32\bharebio05
C:\Program Files\PlayMP3z
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowserAdvisor
C:\Temp\wdlw14

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

**smeenk** · 17-05-08, 12:44

Oorspronkelijk geplaatst door smeenk Bekijk Berichten

Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

**bawa** · 18-05-08, 08:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:31, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ScanSuite\SDetect.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fcvdendereh.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0813&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SurfingAdvisor - {08111E97-AB7D-B099-1D3F-F88F47E13432} - C:\Program Files\SurfingAdvisor\SurfingAdvisor-2.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {6DC2D282-D414-435E-8A26-FF3C23AC36EF} - C:\WINDOWS\system32\vtuvtstt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Scannerdetector.lnk = C:\Program Files\ScanSuite\SDetect.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/DDD%20Pool/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\WINDOWS\system32\rlai.dll,avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8334 bytes

**smeenk** · 18-05-08, 09:29

Ga naar Start - Uitvoeren en geef hier de volgende vetgedrukte regel in:
start notepad C:\RVAXO-Vfind.log
Druk op OK.

Een logje zal openen, post de inhoud in je volgende bericht.
Lukt dit niet, kijk dan op je C-schijf of je RVAXO-Vfind.log vinden kan

**bawa** · 18-05-08, 11:13

======C:\WINDOWS====
----a-w 0 2008-05-17 10:48:18 C:\WINDOWS\0.log
--s-a-w 2,048 2008-05-17 10:43:47 C:\WINDOWS\bootstat.dat
----a-w 339,450 2008-05-16 15:57:06 C:\WINDOWS\comsetup.log
----a-w 2,134 2008-05-14 17:56:31 C:\WINDOWS\DAASINST.LOG
----a-w 533 2008-05-15 17:12:16 C:\WINDOWS\daasunin.LOG
----a-w 987,113 2008-05-16 15:57:04 C:\WINDOWS\FaxSetup.log
----a-w 13,407 2008-05-14 17:56:43 C:\WINDOWS\FSASWINS.LOG
----a-w 24,178 2008-05-14 18:16:50 C:\WINDOWS\FSASWSIN.log
----a-w 1,767 2008-05-14 18:16:51 C:\WINDOWS\FSASWUNI.LOG
----a-w 8,054 2008-05-14 17:57:17 C:\WINDOWS\FSAVCSIN.LOG
----a-w 49,784 2008-05-14 17:56:42 C:\WINDOWS\FSAVINST.LOG
----a-w 60,324 2008-05-14 18:16:43 C:\WINDOWS\fsavunin.log
----a-w 4,791 2008-05-15 17:12:06 C:\WINDOWS\fsbwinst.log
----a-w 179,725 2008-05-14 17:54:27 C:\WINDOWS\FSDEPH.log
----a-w 1,981 2008-05-14 17:57:13 C:\WINDOWS\fsdginst.log
----a-w 1,227 2008-05-15 17:12:16 C:\WINDOWS\fsdgunst.log
----a-w 458 2008-05-14 18:16:53 C:\WINDOWS\FSGUIINS.LOG
----a-w 5,791,127 2008-05-14 17:57:24 C:\WINDOWS\FSISU.log
----a-w 17,588 2008-05-14 17:57:22 C:\WINDOWS\fsmainst.log
----a-w 2,841 2008-05-15 17:12:15 C:\WINDOWS\fsmaunin.log
----a-w 160,387 2008-05-14 17:57:22 C:\WINDOWS\FSPROD.log
----a-w 2,913 2008-05-14 17:54:14 C:\WINDOWS\FSPRODRM.LOG
----a-w 6,269 2008-05-14 17:56:50 C:\WINDOWS\FSPSINST.LOG
----a-w 2,232 2008-05-14 18:16:20 C:\WINDOWS\FSPSUNI.LOG
----a-w 8,747 2008-05-14 17:56:56 C:\WINDOWS\fsrif.log
----a-w 1,024,610 2008-05-14 17:57:22 C:\WINDOWS\FSSETUP.log
----a-w 2,962,054 2008-05-14 17:57:24 C:\WINDOWS\FSSFM.log
----a-w 459,790 2008-05-14 17:54:14 C:\WINDOWS\FSSGSUP.LOG
----a-w 2,594,900 2008-05-14 17:57:22 C:\WINDOWS\FSSGUI.log
----a-w 5,736 2008-05-14 17:57:22 C:\WINDOWS\FSSYSUPD.LOG
----a-w 480 2008-05-14 18:16:51 C:\WINDOWS\fstnbins.LOG
----a-w 24,675 2008-05-14 18:15:51 C:\WINDOWS\fwesinst.log
----a-w 16,871 2008-05-14 18:15:53 C:\WINDOWS\fwinst.log
----a-w 578 2008-05-14 18:16:55 C:\WINDOWS\HELPINST.LOG
----a-w 157,159 2008-05-16 15:57:06 C:\WINDOWS\iis6.log
----a-w 1,374 2008-04-15 15:13:45 C:\WINDOWS\imsins.BAK
----a-w 1,374 2008-05-16 15:57:06 C:\WINDOWS\imsins.log
----a-w 21,485 2008-04-15 15:13:34 C:\WINDOWS\KB941693.log
----a-w 14,184 2008-04-15 15:05:54 C:\WINDOWS\KB945553.log
----a-w 22,177 2008-04-15 15:13:08 C:\WINDOWS\KB947864-IE7.log
----a-w 14,537 2008-04-15 15:09:57 C:\WINDOWS\KB948590.log
----a-w 15,847 2008-04-15 15:13:45 C:\WINDOWS\KB948881.log
----a-w 15,136 2008-05-16 15:57:06 C:\WINDOWS\KB950749.log
----a-w 45 2008-04-19 07:56:35 C:\WINDOWS\magix.ini
----a-w 217 2008-05-14 17:57:22 C:\WINDOWS\MEHInst.log
----a-w 50 2008-05-14 17:54:19 C:\WINDOWS\MEHUnIn.log
----a-w 6,147 2008-04-16 17:49:04 C:\WINDOWS\mgxoschk.ini
----a-w 49,736 2008-05-16 15:57:04 C:\WINDOWS\msgsocm.log
----a-w 205,534 2008-05-16 15:57:06 C:\WINDOWS\ntdtcsetup.log
----a-w 471,976 2008-05-16 15:57:04 C:\WINDOWS\ocgen.log
----a-w 58,208 2008-05-16 15:57:06 C:\WINDOWS\ocmsn.log
----a-w 6,614 2008-05-14 17:57:14 C:\WINDOWS\pmsuinst.log
----a-w 1,272 2008-05-15 17:12:13 C:\WINDOWS\pmsuunst.log
----a-w 3,010 2008-05-14 17:53:28 C:\WINDOWS\Q-Klez.log
----a-w 623,268 2008-05-14 17:57:24 C:\WINDOWS\RunSetup.log
----a-w 32,594 2008-05-17 10:24:16 C:\WINDOWS\SchedLgU.Txt
----a-w 203,177 2008-05-16 15:57:04 C:\WINDOWS\setupapi.log
----a-w 227 2008-05-17 10:33:54 C:\WINDOWS\system.ini
----a-w 384,015 2008-05-16 15:57:06 C:\WINDOWS\tsoc.log
----a-w 298 2008-04-11 08:26:22 C:\WINDOWS\TWAIN.LOG
----a-w 4 2008-04-11 08:26:11 C:\WINDOWS\Twain001.Mtx
----a-w 156 2008-04-11 08:25:53 C:\WINDOWS\Twunk001.MTX
----a-w 123,490 2008-04-15 15:11:35 C:\WINDOWS\updspapi.log
----a-w 159 2008-05-17 10:45:17 C:\WINDOWS\wiadebug.log
----a-w 50 2008-05-17 10:44:53 C:\WINDOWS\wiaservc.log
----a-w 1,114 2008-05-17 10:33:54 C:\WINDOWS\win.ini
----a-w 1,281,068 2008-05-17 10:45:51 C:\WINDOWS\WindowsUpdate.log
----a-w 216,297 2008-05-13 16:06:00 C:\WINDOWS\wmsetup.log

Entries: 68 (67)
Directories: 0 Files: 68
Bytes: 18,690,771 Blocks: 36,542
======C:\WINDOWS\system32=====
----a-w 16,832 2008-04-21 15:01:10 C:\WINDOWS\System32\amcompat.tlb
----a-w 10,520 2008-05-15 17:26:12 C:\WINDOWS\System32\avgrsstx.dll
----a-w 2,845 2008-05-14 17:48:00 C:\WINDOWS\System32\config.nt
----a-w 260,640 2008-04-24 16:54:24 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
----a-w 303 2008-04-15 15:08:54 C:\WINDOWS\System32\MRT.INI
----a-w 23,392 2008-04-21 15:01:10 C:\WINDOWS\System32\nscompat.tlb
----a-w 822,165 2008-05-16 05:10:02 C:\WINDOWS\System32\RVAXO.bat
--sh--w 1,602,087 2008-04-15 14:45:25 C:\WINDOWS\System32\shschalg.ini
----a-w 1,158 2008-05-17 10:36:39 C:\WINDOWS\System32\wpa.dbl

Entries: 10 (9)
Directories: 0 Files: 10
Bytes: 19,603,806 Blocks: 38,294
======C:\WINDOWS\system32\drivers=====
----a-w 96,520 2008-05-15 17:26:07 C:\WINDOWS\System32\drivers\avgldx86.sys
----a-w 26,184 2008-05-15 17:26:01 C:\WINDOWS\System32\drivers\avgmfx86.sys

Entries: 2 (2)
Directories: 0 Files: 2
Bytes: 122,704 Blocks: 241
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 7,668 2008-04-21 15:09:29 C:\APIHook.log
--sha-r 211 2008-05-17 10:33:54 C:\boot.ini
----a-w 16,680 2008-04-21 15:07:44 C:\Detections.txt
----a-w 388 2008-05-17 10:28:38 C:\firstrun6.log
--sha-w 536,305,664 2008-05-17 10:43:46 C:\hiberfil.sys
--sha-w 805,306,368 2008-05-17 10:43:45 C:\pagefile.sys
----a-w 523 2008-05-17 10:51:04 C:\RVAXO-results.log
----a-w 6,494 2008-05-17 10:51:04 C:\RVAXO-Vfind.log
----a-w 4 2008-04-20 07:50:38 C:\timestmp.tmp

Entries: 9 (6)
Directories: 0 Files: 9
Bytes: 1,341,644,000 Blocks: 2,620,402
======C:\Documents and Settings\Bart Wauters\Application Data======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\Bart Wauters======
---ha-w 4,718,592 2008-05-17 10:43:01 C:\Documents and Settings\Bart Wauters\NTUSER.DAT
---ha-w 36,864 2008-05-17 10:50:59 C:\Documents and Settings\Bart Wauters\ntuser.dat.LOG
--sh--w 288 2008-05-17 10:42:54 C:\Documents and Settings\Bart Wauters\ntuser.ini

Entries: 3 (0)
Directories: 0 Files: 3
Bytes: 4,755,744 Blocks: 9,289
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

**smeenk** · 18-05-08, 11:19

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\shschalg.ini
"C:\Program Files\SurfingAdvisor") DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
RD /S /Q %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**bawa** · 18-05-08, 18:25

volgende log :

Deleting files
C:\WINDOWS\System32\shschalg.ini deleted
"C:\Program Files\SurfingAdvisor" deleted

**smeenk** · 18-05-08, 18:41

Start Hijackthis en vink alleen de volgende regels aan:
O2 - BHO: SurfingAdvisor - {08111E97-AB7D-B099-1D3F-F88F47E13432} - C:\Program Files\SurfingAdvisor\SurfingAdvisor-2.dll (file missing)
O2 - BHO: (no name) - {6DC2D282-D414-435E-8A26-FF3C23AC36EF} - C:\WINDOWS\system32\vtuvtstt.dll (file missing)
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Herstart je computer.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**bawa** · 18-05-08, 19:01

main txt :

Deckard's System Scanner v20071014.68
Run by Bart Wauters on 2008-05-18 18:58:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
33: 2008-05-18 16:58:26 UTC - RP149 - Deckard's System Scanner Restore Point
32: 2008-05-18 07:18:58 UTC - RP148 - Verwijderd PC SpeedScan Pro
31: 2008-05-18 07:14:31 UTC - RP147 - Geïnstalleerd PC SpeedScan Pro
30: 2008-05-17 09:33:10 UTC - RP146 - Uniblue RegistryBooster
29: 2008-05-16 18:58:10 UTC - RP145 - Installed AdwareBot

-- First Restore Point --
1: 2008-04-14 15:57:49 UTC - RP117 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Bart Wauters.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:13, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ScanSuite\SDetect.exe
C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Bart Wauters\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bart Wauters.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fcvdendereh.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0813&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Scannerdetector.lnk = C:\Program Files\ScanSuite\SDetect.exe
O4 - Global Startup: Ulead Acquire Fast.lnk = C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/DDD%20Pool/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\WINDOWS\system32\rlai.dll,avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8203 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080517-120001-155 O2 - BHO: (no name) - {4E0399BE-F3EF-4461-9B0F-452F4119617E} - C:\WINDOWS\system32\ssqolijg.dll (file missing)
backup-20080517-120001-175 O20 - Winlogon Notify: vtuvtstt - vtuvtstt.dll (file missing)
backup-20080517-120001-222 O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
backup-20080517-120001-294 O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsc8.dll (file missing)
backup-20080517-120001-297 O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
backup-20080517-120001-312 O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
backup-20080517-120001-429 O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
backup-20080517-120001-561 O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
backup-20080517-120001-607 O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll (file missing)
backup-20080517-120001-689 O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll (file missing)
backup-20080517-120001-760 O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll (file missing)
backup-20080517-120001-789 O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
backup-20080518-185048-200 O2 - BHO: (no name) - {6DC2D282-D414-435E-8A26-FF3C23AC36EF} - C:\WINDOWS\system32\vtuvtstt.dll (file missing)
backup-20080518-185048-627 O2 - BHO: SurfingAdvisor - {08111E97-AB7D-B099-1D3F-F88F47E13432} - C:\Program Files\SurfingAdvisor\SurfingAdvisor-2.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SMPLSCSI - c:\windows\system32\drivers\smplscsi.sys <Not Verified; OnSpec Electronic, Inc.; Microsoft® Windows(TM) Operating System>
R2 ONSIO - c:\windows\system32\drivers\onsio.sys

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Microtek SimpleSCSI Miniport Drivers
Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Manufacturer: Company
Name: Microtek SimpleSCSI Miniport Drivers
PNP Device ID: ROOT\SCSIADAPTER\SMPLSCSI.INF&SMPLSCSI
Service: SMPLSCSI

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 09:14:31 20480 --a------ C:\WINDOWS\system32\SysRestore.dll <Not Verified; Ascentive LLC; prjSysRestore>
2008-05-18 09:14:31 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
2008-05-17 12:50:44 0 d-------- C:\RVAXO
2008-05-17 12:18:36 822165 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-17 12:18:36 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-17 11:57:43 0 d-------- C:\WINDOWS\pss
2008-05-17 11:31:05 0 d-------- C:\Documents and Settings\Bart Wauters\Application Data\Uniblue
2008-05-17 11:24:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-17 11:24:05 0 d-------- C:\Program Files\Security Task Manager
2008-05-17 11:14:04 0 d-------- C:\Program Files\Trend Micro
2008-05-16 20:03:13 0 d-------- C:\Program Files\Lavasoft
2008-05-16 20:03:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 20:02:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 19:27:55 0 d--h----- C:\$AVG8.VAULT$
2008-05-15 19:25:55 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-15 19:25:55 0 d-------- C:\Documents and Settings\Bart Wauters\Application Data\AVGTOOLBAR
2008-05-15 19:25:42 0 d-------- C:\Program Files\AVG
2008-05-15 19:25:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-14 20:01:57 0 d-------- C:\Documents and Settings\Bart Wauters\Application Data\F-Secure
2008-05-14 19:53:29 0 d-------- C:\Program Files\F-Secure
2008-05-13 18:39:24 0 d-------- C:\Program Files\Alwil Software
2008-05-13 18:01:04 0 d-------- C:\Mijn muziek
2008-05-02 19:59:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-22 20:19:42 0 d-------- C:\Mixmania
2008-04-22 19:29:31 0 d-------- C:\Program Files\VirtualDJ
2008-04-21 17:42:09 0 d-------- C:\Documents and Settings\Bart Wauters\Application Data\WinRAR
2008-04-21 17:25:35 0 d-------- C:\Program Files\Soundman
2008-04-21 16:59:10 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

-- Find3M Report ---------------------------------------------------------------

2008-05-18 10:44:34 0 d-------- C:\Documents and Settings\Bart Wauters\Application Data\LimeWire
2008-05-18 10:22:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 20:02:29 0 d-------- C:\Program Files\Common Files
2008-05-01 14:36:36 0 d-------- C:\Program Files\Tennis Elbow 2006
2008-04-26 10:21:18 0 d-------- C:\Documents and Settings\Bart Wauters\Application Data\Adobe
2008-04-08 17:48:52 0 d-------- C:\Program Files\Carrot
2008-04-08 15:01:04 0 d-------- C:\Program Files\Icon Maker
2008-03-30 10:33:32 0 d-------- C:\Documents and Settings\Bart Wauters\Application Data\PowerChallenge
2008-03-30 10:06:32 364330 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-30 10:06:31 53418 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-14 16:16:56 286720 --a------ C:\WINDOWS\system32\rlxf.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2008-03-12 20:55:19 712704 --a------ C:\WINDOWS\system32\rlph.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
15/05/2008 19:25 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [15/05/2008 19:25 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk"

"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [14/12/2001 15:01]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [11/07/2000 22:14]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [29/08/2000 09:56]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [20/02/2002 12:40]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [24/07/2001 23:34]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [12/10/2001 15:45]
"AutoLogon"=""

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [20/12/2001 00:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [14/07/2003 22:34]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [15/05/2008 19:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:03]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [22/02/2005 08:56]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [29/04/2003 10:40]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/09/2007 19:00]
"@"=""

"BTCLiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [08/03/2004 13:50]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe"

"Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe"

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [12/07/2000 6:14:38]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
Scannerdetector.lnk - C:\Program Files\ScanSuite\SDetect.exe [12/06/2007 9:34:28]
Ulead Acquire Fast.lnk - C:\Program Files\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE [17/08/2007 20:33:52]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\WINDOWS\system32\rlai.dll,avgrsstx.dl l

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-05-18 19:00:00 ------------

EXTRA TXT KLADBLOK :

eckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: AMD Athlon(tm) XP 2200+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 511.39 MiB / 265.13 MiB
Pagefile Memory (total/avail): 1248.31 MiB / 993.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.04 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 52.97 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380020A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: F-Secure Anti-Virus Client Security 6.00 v6.00 (F-Secure Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Golden Fairway\\GoldenFairway.exe"="C:\\Program Files\\Golden Fairway\\GoldenFairway.exe:*:Enabled:Golden Fairway Application"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\Microsoft Games\\Golf '98\\msgolf98.exe"="C:\\Program Files\\Microsoft Games\\Golf '98\\msgolf98.exe:*:Enabled:Microsoft Golf '98"
"C:\\Program Files\\Common Files\\MAGIX Shared\\UPnPService\\UPnPService.exe"="C:\\Program Files\\Common Files\\MAGIX Shared\\UPnPService\\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MotoGP2 Demo\\motogp2_demo.exe"="C:\\Program Files\\MotoGP2 Demo\\motogp2_demo.exe:*:Enabled:motogp2_demo"
"C:\\WINDOWS\\Temp\\~osE.tmp\\ossproxy.exe"="C:\\WINDOWS\\Temp\\~osE.tmp\\ossproxy.exe:*:Enabled

ssproxy.exe"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bart Wauters\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CPQ12505183362
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bart Wauters
LOGONSERVER=\\CPQ12505183362
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BARTWA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BARTWA~1\LOCALS~1\Temp
USERDOMAIN=CPQ12505183362
USERNAME=Bart Wauters
USERPROFILE=C:\Documents and Settings\Bart Wauters
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Eigenaar (new local, admin)
Bart Wauters (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\uninst.exe -fc:\compaq\lutil\DeIsL1.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belote Expert --> C:\WINDOWS\system32\GKSUI16.EXE C:\Program Files\Spellekes\Belote Expert\UNINSTAL.DAT
Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Biliardo --> C:\Program Files\Spellekes\billiardo\Uninstall.exe "C:\Program Files\Spellekes\billiardo\install.log"
Cd 2 van Microsoft Office 2000 --> MsiExec.exe /I{00040413-78E1-11D2-B60F-006097C998E7}
Coloreal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\setup.exe"
dBpoweramp m4a Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpowerAMP Mp4 & AAC Decode Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp Windows Media Audio 10 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
dBpowerAMP WMA V9.1 Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
Easy Access Button Ondersteuning --> C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe
Firebird SQL Server - MAGIX Edition 2.0.0.1 (NL) --> C:\Program Files\MAGIX\Common\Database\uninstall.exe
Fx Icon 32 --> C:\PROGRA~1\ICONMA~1\UNWISE.EXE C:\PROGRA~1\ICONMA~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
hp deskjet 916c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 916c series
hp deskjet 916c series (Remove only) --> C:\Program Files\hp deskjet 916c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=916c -huninstall
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
MAGIX Music Manager 2007 8.1.1.98 (NL) --> C:\Program Files\MAGIX\Music_Manager_2007\instslct.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000413-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002 --> MsiExec.exe /I{911B0413-6000-11D3-8CFE-0050048383C9}
Microsoft Works 6.0 --> MsiExec.exe /I{EC8D0A07-438C-11D4-AE7F-00C04F324C16}
Microtek ScanSuite 1.2 --> C:\Program Files\ScanSuite\UnInstSS.exe" -f"C:\Program Files\ScanSuite\Uninst.isu"
Microtek ScanWizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17A7779A-D23F-11D3-8753-0050BABE1202}\setup.exe"
Microtek ScanWizard for Windows NT V2.54 --> C:\WINDOWS\UNINST.EXE -fC:\WINDOWS\Twain_32\Scanwiz\DeIsL4.isu
ModemXpert --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CB4FEE2-7F47-11D4-B6AD-00A0CC624550}\setup.exe" AnyText
MySidesearch Search Assistant Adzgalore --> C:\WINDOWS\system32\myss_sb_uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" ControlPanelAnyText
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvca.inf
Performance Center --> C:\Program Files\InstallShield Installation Information\{BB05BD70-4605-4829-93FC-AD80D8CC5B66}\setup.exe -runfromtemp -l0x0013 -removeonly
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
RelevantKnowledge --> c:\windows\system32\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
SurfingAdvisor --> C:\Program Files\SurfingAdvisor\uninstall.exe
Tennis Elbow 2006 1.0b --> C:\Program Files\Tennis Elbow 2006\uninst.exe
TORCS - The Open Racing Car Simulator 1.2.4 --> C:\Program Files\torcs\uninst.exe
Ulead Photo Assistant 1.0 --> C:\WINDOWS\Upa100.exe /f:upa100.inf
Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
UserBar Generator 1.2 --> "C:\Program Files\AmitySource\UserBar Generator 2.2\unins000.exe"
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
WildTangent Updater --> C:\WINDOWS\wt\updater\wcmdmgr.exe -uninstall wcmdmgr.exe
WildTangent Web Driver --> C:\WINDOWS\wt\updater\wcmdmgr.exe -uninstall wtwebdriver
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Messenger 5.1 --> MsiExec.exe /I{A433AE09-2126-4dad-9CBD-C1B05DC42787}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\Program Files\WinZip\WINZIP32.EXE /uninstall

-- Application Event Log -------------------------------------------------------

Event Record #/Type1945 / Error
Event Submitted/Written: 05/18/2008 10:35:24 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.16640, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Event Record #/Type1930 / Error
Event Submitted/Written: 05/17/2008 00:05:12 PM
Event ID/Source: 4614 / EventSystem
Event Description:
Het COM+-gebeurtenissysteem heeft een inconsistentie in de interne status aangetroffen. Er is bij verklaring GetLastError() == 122L een fout opgetreden op regel 201 van d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp. Neem contact op met Microsoft Productondersteuning om deze fout te melden.

Event Record #/Type1929 / Warning
Event Submitted/Written: 05/17/2008 00:05:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows kan het klassenregisterbestand niet uit het geheugen verwijderen omdat het momenteel door een andere toepassing of service wordt gebruikt. Het bestand wordt uit het geheugen verwijderd als het niet meer wordt gebruikt.

Event Record #/Type1926 / Error
Event Submitted/Written: 05/17/2008 11:24:53 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Vastgelopen toepassing: TaskMan.exe, versie: 1.7.4.0, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Event Record #/Type1922 / Error
Event Submitted/Written: 05/16/2008 08:58:08 PM
Event ID/Source: 11309 / MsiInstaller
Event Description:
Product: AdwareBot -- Error 1309. Error reading from file: C:\DOCUME~1\BARTWA~1\LOCALS~1\Temp\7zS8C.tmp\AdwareBot\AdwareBot.exe. System error 5. Verify that the file exists and that you can access it.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type18529 / Error
Event Submitted/Written: 05/18/2008 06:56:12 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
De AVG8 WatchDog-service is bij het starten vastgelopen.

Event Record #/Type18508 / Error
Event Submitted/Written: 05/18/2008 06:15:31 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
De AVG8 WatchDog-service is bij het starten vastgelopen.

Event Record #/Type18502 / Warning
Event Submitted/Written: 05/18/2008 10:39:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP heeft de beveiligingslimiet bereikt van het aantal gelijktijdige verbindingspogingen via TCP.

Event Record #/Type18484 / Error
Event Submitted/Written: 05/18/2008 10:19:23 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
De AVG8 WatchDog-service is bij het starten vastgelopen.

Event Record #/Type18446 / Warning
Event Submitted/Written: 05/18/2008 08:54:28 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP heeft de beveiligingslimiet bereikt van het aantal gelijktijdige verbindingspogingen via TCP.

-- End of Deckard's System Scanner: finished at 2008-05-18 19:00:00 ------------

**smeenk** · 18-05-08, 19:07

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\rlph.dll) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**bawa** · 18-05-08, 19:20

Deleting files
C:\WINDOWS\system32\rlxf.dll deleted
C:\WINDOWS\system32\rlph.dll deleted

**smeenk** · 18-05-08, 19:23

1) Open een klablokbestand.
2) Kopieer onderstaande code in dit kladblokbestand.
3) Ga naar Bestand - Opslaan als.
-Bij "Opslaan in" kies je: Bureaublad
-Bij "Bestandsnaam" zet je: look.bat
-Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
-Klik op de knop Opslaan.

Code:

regedit /e look.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows"
start notepad look.txt

4) Dubbelklik op de look.bat file en post de inhoud van look.txt dat dan geopend wordt

Groeten smeenk

**bawa** · 18-05-08, 19:52

Er komt niets voor in Look.txt

Mededeling

gzmrt.dll

gzmrt.dll

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment