Mededeling

Collapse
No announcement yet.

Popups van beveiligingsprogramma's ?

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Popups van beveiligingsprogramma's ?

    Hallo,

    Op de laptop van mijn oom verschijnt de ene popup na de andere van veiligheidsagenten en monitorprogramma's etc.

    Na scannen blijkt er een cocktail van virussen op te staan.

    Waar wil je beginnen ?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:36:18, on 16-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ControlSkype 1.4\CSkype.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\APPS\Powercinema\PCMService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\APPS\SMP\SmpSys.exe
    C:\APPS\skype\phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\apps\skype\phone\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seniorweb.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: {032b6fc5-a414-b6ba-4264-81efb324ac23} - {32ca423b-fe18-4624-ab6b-414a5cf6b230} - C:\WINDOWS\system32\rilkhlpl.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: PBNLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - C:\WINDOWS\system32\pbnlv2.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5E332ABB-BF21-4BE1-AB85-4EC89E1E279E} - C:\WINDOWS\system32\cbXPiFYr.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {98A91536-D062-444C-BE44-11997B04F424} - C:\WINDOWS\system32\hgGxXOGW.dll (file missing)
    O2 - BHO: (no name) - {9EC0198F-B053-4656-81F2-BA4E491882DC} - C:\WINDOWS\system32\rqRJYqnN.dll (file missing)
    O2 - BHO: (no name) - {D66CC762-A739-4EBF-84E2-CF818186D70C} - C:\WINDOWS\system32\tuvussPI.dll (file missing)
    O2 - BHO: (no name) - {D7CEA4A4-4088-4C87-A8E6-EC27ECD38BB2} - C:\WINDOWS\system32\vtUOFYRl.dll (file missing)
    O2 - BHO: (no name) - {F8AE9911-8B3F-4B36-B5DE-FF342AEC9BB0} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O3 - Toolbar: PBNLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - C:\WINDOWS\system32\pbnlv2.dll (file missing)
    O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ControlSkype] C:\Program Files\ControlSkype 1.4\CSkype.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [b4d576c8] rundll32.exe "C:\WINDOWS\system32\nvhgxqjs.dll",sitypnow
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [BMb7e64554] Rundll32.exe "C:\WINDOWS\system32\lkigswnx.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: iifcabb - iifcabb.dll (file missing)
    O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)
    O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

    --
    End of file - 10320 bytes
    Labels: Geen
    • Citaat
  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    O2 - BHO: {032b6fc5-a414-b6ba-4264-81efb324ac23} - {32ca423b-fe18-4624-ab6b-414a5cf6b230} - C:\WINDOWS\system32\rilkhlpl.dll (file missing)
    O2 - BHO: PBNLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - C:\WINDOWS\system32\pbnlv2.dll (file missing)
    O2 - BHO: (no name) - {5E332ABB-BF21-4BE1-AB85-4EC89E1E279E} - C:\WINDOWS\system32\cbXPiFYr.dll (file missing)
    O2 - BHO: (no name) - {98A91536-D062-444C-BE44-11997B04F424} - C:\WINDOWS\system32\hgGxXOGW.dll (file missing)
    O2 - BHO: (no name) - {9EC0198F-B053-4656-81F2-BA4E491882DC} - C:\WINDOWS\system32\rqRJYqnN.dll (file missing)
    O2 - BHO: (no name) - {D66CC762-A739-4EBF-84E2-CF818186D70C} - C:\WINDOWS\system32\tuvussPI.dll (file missing)
    O2 - BHO: (no name) - {D7CEA4A4-4088-4C87-A8E6-EC27ECD38BB2} - C:\WINDOWS\system32\vtUOFYRl.dll (file missing)
    O2 - BHO: (no name) - {F8AE9911-8B3F-4B36-B5DE-FF342AEC9BB0} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O3 - Toolbar: PBNLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - C:\WINDOWS\system32\pbnlv2.dll (file missing)
    O4 - HKLM\..\Run: [b4d576c8] rundll32.exe "C:\WINDOWS\system32\nvhgxqjs.dll",sitypnow
    O4 - HKLM\..\Run: [BMb7e64554] Rundll32.exe "C:\WINDOWS\system32\lkigswnx.dll",s
    O20 - Winlogon Notify: iifcabb - iifcabb.dll (file missing)
    O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)
    O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing)
    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      ---RVAXO.exe Updated: 2008-04-16---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\ppqss.ini
      C:\WINDOWS\system32\IPssuvut.ini2
      C:\WINDOWS\system32\lRYFOUtv.ini2
      C:\WINDOWS\system32\NnqYJRqr.ini2
      C:\WINDOWS\system32\rYFiPXbc.ini2
      C:\WINDOWS\system32\WGOXxGgh.ini2
      C:\WINDOWS\system32\gjkkj.bak1
      C:\WINDOWS\system32\ppqss.bak1
      C:\WINDOWS\system32\gjkkj.bak2
      C:\WINDOWS\system32\ppqss.bak2
      C:\Documents and Settings\laptop\err.log
      C:\Documents and Settings\laptop\ResErrors.log
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\system32\mcrh.tmp

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Deckard's System Scanner v20071014.68
      Run by laptop on 2008-04-16 16:27:15
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      21: 2008-04-16 14:27:20 UTC - RP69 - Deckard's System Scanner Restore Point
      20: 2008-04-15 21:30:26 UTC - RP68 - Installed AVG 8.0
      19: 2008-04-15 21:15:41 UTC - RP67 - Installed Ad-Aware 2007
      18: 2008-04-15 19:29:26 UTC - RP66 - Software Distribution Service 3.0
      17: 2008-04-15 19:27:38 UTC - RP65 - Installed Java(TM) 6 Update 5


      -- First Restore Point --
      1: 2008-01-30 16:30:37 UTC - RP49 - Software Distribution Service 3.0


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as laptop.exe) ----------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:28:19, on 16-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\PROGRA~1\AVG\AVG8\avgam.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ControlSkype 1.4\CSkype.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
      C:\APPS\Powercinema\PCMService.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\APPS\SMP\SmpSys.exe
      C:\APPS\skype\phone\Skype.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\apps\skype\phone\Plugin Manager\skypePM.exe
      C:\Documents and Settings\laptop\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\laptop.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seniorweb.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ControlSkype] C:\Program Files\ControlSkype 1.4\CSkype.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
      O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
      O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
      O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: avgrsstx.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

      --
      End of file - 9045 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080416-161508-231 O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing)
      backup-20080416-161508-266 O2 - BHO: (no name) - {D7CEA4A4-4088-4C87-A8E6-EC27ECD38BB2} - C:\WINDOWS\system32\vtUOFYRl.dll (file missing)
      backup-20080416-161508-419 O4 - HKLM\..\Run: [BMb7e64554] Rundll32.exe "C:\WINDOWS\system32\lkigswnx.dll",s
      backup-20080416-161508-426 O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)
      backup-20080416-161508-581 O2 - BHO: (no name) - {5E332ABB-BF21-4BE1-AB85-4EC89E1E279E} - C:\WINDOWS\system32\cbXPiFYr.dll (file missing)
      backup-20080416-161508-613 O2 - BHO: (no name) - {D66CC762-A739-4EBF-84E2-CF818186D70C} - C:\WINDOWS\system32\tuvussPI.dll (file missing)
      backup-20080416-161508-682 O4 - HKLM\..\Run: [b4d576c8] rundll32.exe "C:\WINDOWS\system32\nvhgxqjs.dll",sitypnow
      backup-20080416-161508-790 O2 - BHO: (no name) - {9EC0198F-B053-4656-81F2-BA4E491882DC} - C:\WINDOWS\system32\rqRJYqnN.dll (file missing)
      backup-20080416-161508-801 O2 - BHO: PBNLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - C:\WINDOWS\system32\pbnlv2.dll (file missing)
      backup-20080416-161508-928 O3 - Toolbar: PBNLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - C:\WINDOWS\system32\pbnlv2.dll (file missing)
      backup-20080416-161508-934 O2 - BHO: (no name) - {F8AE9911-8B3F-4B36-B5DE-FF342AEC9BB0} - C:\WINDOWS\system32\ssqpp.dll (file missing)
      backup-20080416-161508-943 O20 - Winlogon Notify: iifcabb - iifcabb.dll (file missing)
      backup-20080416-161508-946 O2 - BHO: {032b6fc5-a414-b6ba-4264-81efb324ac23} - {32ca423b-fe18-4624-ab6b-414a5cf6b230} - C:\WINDOWS\system32\rilkhlpl.dll (file missing)
      backup-20080416-161508-976 O2 - BHO: (no name) - {98A91536-D062-444C-BE44-11997B04F424} - C:\WINDOWS\system32\hgGxXOGW.dll (file missing)

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R2 MyPort - c:\windows\system32\drivers\myport.sys


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
      R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
      R2 CyberLink Media Library Service - "c:\apps\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
      R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-03-16 and 2008-04-16 -----------------------------

      2008-04-16 16:23:30 0 d-------- C:\RVAXO
      2008-04-16 16:21:41 791214 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-04-16 16:21:41 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-04-16 15:36:07 0 d-------- C:\Program Files\Trend Micro
      2008-04-16 11:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-16 10:35:52 0 d--h----- C:\$AVG8.VAULT$
      2008-04-15 23:30:52 0 d-------- C:\WINDOWS\system32\drivers\Avg
      2008-04-15 23:30:37 0 d-------- C:\Program Files\AVG
      2008-04-15 23:30:37 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
      2008-04-15 23:15:45 0 d-------- C:\Program Files\Lavasoft
      2008-04-15 23:15:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-04-15 23:14:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-15 23:00:48 0 d-------- C:\WINDOWS\system32\LogFiles
      2008-04-15 22:39:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-04-15 22:39:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-04-15 22:23:41 0 d-------- C:\Program Files\PCPitstop
      2008-04-15 21:00:49 0 d-------- C:\Program Files\Dynamic Toolbar
      2008-04-14 20:26:14 0 d-------- C:\Program Files\Panda Security
      2008-04-14 19:48:00 0 d-------- C:\Documents and Settings\laptop\.housecall6.6
      2008-04-10 18:30:34 0 d-------- C:\3d20e04e73d4671a48451bb6bf13
      2008-04-09 17:01:27 0 d-------- C:\Program Files\Common Files\Adobe
      2008-04-09 17:01:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
      2008-03-27 16:47:55 0 d-------- C:\Documents and Settings\laptop\Application Data\Help


      -- Find3M Report ---------------------------------------------------------------

      2008-04-16 16:26:45 0 d-------- C:\Documents and Settings\laptop\Application Data\Skype
      2008-04-15 23:14:57 0 d-------- C:\Program Files\Common Files
      2008-04-15 21:28:57 0 d-------- C:\Program Files\Java
      2008-04-15 16:20:30 0 d-------- C:\Program Files\Google
      2008-04-14 16:02:08 472384 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-04-14 16:02:08 83658 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-04-09 17:38:21 0 d-------- C:\Documents and Settings\laptop\Application Data\AdobeUM
      2008-03-27 15:57:08 0 d-------- C:\Documents and Settings\laptop\Application Data\Adobe
      2008-03-05 20:04:36 0 d-------- C:\Program Files\Belastingdienst


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 14:00]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 14:00]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 14:00]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16-06-2006 16:22]
      "ControlSkype"="C:\Program Files\ControlSkype 1.4\CSkype.exe" [09-06-2006 09:53]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [14-08-2006 14:39]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [14-08-2006 14:41]
      "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [14-08-2006 14:38]
      "AGRSMMSG"="AGRSMMSG.exe" [06-12-2004 11:00 C:\WINDOWS\AGRSMMSG.exe]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
      "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20-10-2005 06:15]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27-07-2004 16:50]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27-07-2004 16:50]
      "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [26-11-2004 11:43]
      "PCMService"="c:\APPS\Powercinema\PCMService.exe" [23-02-2006 12:08]
      "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [15-04-2008 23:30]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 18:24]
      "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [08-12-2005 16:39]
      "Skype"="C:\APPS\skype\phone\Skype.exe" [30-03-2007 13:38]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30-03-2006 16:45]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 22:05:26]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 22:05:26]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "appinit_dlls"=avgrsstx.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"




      -- End of Deckard's System Scanner: finished at 2008-04-16 16:28:47 ------------


      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Home Edition (build 2600) SP 2.0
      Architecture: X86; Language: Dutch

      CPU 0: Genuine Intel(R) CPU T2250 @ 1.73GHz
      CPU 1: Genuine Intel(R) CPU T2250 @ 1.73GHz
      Percentage of Memory in Use: 45%
      Physical Memory (total/avail): 1014.11 MiB / 552.71 MiB
      Pagefile Memory (total/avail): 2437.11 MiB / 2033.52 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1931.8 MiB

      C: is Fixed (NTFS) - 103.97 GiB total, 93.96 GiB free.
      D: is CDROM (No Media)

      \\.\PHYSICALDRIVE0 - ST9120822A - 111.79 GiB - 2 partitions
      \PARTITION0 - Unknown - 7.81 GiB
      \PARTITION1 (bootable) - Installable File System - 103.97 GiB - C:



      -- Security Center -------------------------------------------------------------

      AUOptions is scheduled to auto-install.
      Windows Internal Firewall is enabled.

      FirstRunDisabled is set.
      AntiVirusDisableNotify is set.

      FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
      AV: AVG Anti-Virus v8.0 (AVG Technologies)

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
      "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
      "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
      "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
      "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
      "C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\laptop\Application Data
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=108135100135
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\laptop
      LOGONSERVER=\\108135100135
      NUMBER_OF_PROCESSORS=2
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0e08
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      SESSIONNAME=Console
      SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\laptop\LOCALS~1\Temp
      TMP=C:\DOCUME~1\laptop\LOCALS~1\Temp
      USERDOMAIN=108135100135
      USERNAME=laptop
      USERPROFILE=C:\Documents and Settings\laptop
      windir=C:\WINDOWS


      -- User Profiles ---------------------------------------------------------------

      laptop (admin)


      -- Add/Remove Programs ---------------------------------------------------------

      --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
      --> agrsmdel
      --> C:\Program Files\Wanadoo\GLOBAL\Mstbr\uninst.exe
      --> C:\Program Files\Wanadoo\NL\Mnu\uninst.exe /F:IGOMNU.EXE /I:C:\WINDOWS\INF\MNU.INF
      --> C:\Program Files\Wanadoo\NL\Sgnup\uninst.exe /F:IGOSGNUP.EXE /I:C:\WINDOWS\INF\SGNUP.INF
      --> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
      --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
      --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
      --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
      --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x13
      --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x13
      --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x13
      --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x13 -remove -removeonly
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
      Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
      Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 7.0.9 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A70900000002}
      AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
      Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
      Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
      BisonCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\SETUP.exe" -l0x9
      ControlSkype --> "C:\Program Files\ControlSkype 1.4\unins000.exe"
      Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
      HijackThis 2.0.2 --> "C:\Documents and Settings\laptop\Local Settings\Temporary Internet Files\Content.IE5\I1MTW5K7\HijackThis.exe" /uninstall
      Hotfix voor Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
      Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
      Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
      J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
      Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
      Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
      Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
      KB898458: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
      KB923723: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
      Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}
      Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Packard Bell - Skype 3.1 --> "c:\apps\skype\phone\unins000.exe"
      Packard Bell Toolbar 1.0 --> "C:\Program Files\Dynamic Toolbar\unins000.exe"
      Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
      PCPitstop Panda AntiVirus Scan (remove only) --> C:\Program Files\PCPitstop\AV\Uninst.exe
      Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
      Skype add-on for IE --> rundll32 "c:\apps\skype\phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
      Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
      Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
      Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
      Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
      Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
      Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
      Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
      Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
      Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
      Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
      Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
      Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
      Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
      Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
      Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
      Update voor Windows XP (KB912945) --> "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
      Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
      Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
      Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
      Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
      Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
      Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
      Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
      Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
      Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
      Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
      Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
      Update voor Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
      Update voor Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
      Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type3278 / Warning
      Event Submitted/Written: 04/14/2008 04:02:10 PM
      Event ID/Source: 1020 / ASP.NET 2.0.50727.0
      Event Description:
      Het bijwerken van de IIS-metagegevens werd afgebroken, omdat ISS niet is geïnstalleerd of is uitgeschakeld op deze machine. Om ASP.NET te configureren om IIS te kunnen uitvoeren, moet u IIS installeren of inschakelen en APS.NET opnieuw aanmelden met behulp van aspnet_regiis.exe /i.

      Event Record #/Type3232 / Warning
      Event Submitted/Written: 04/10/2008 06:48:19 PM
      Event ID/Source: 1524 / Userenv
      Event Description:
      Windows kan het klassenregisterbestand niet uit het geheugen verwijderen omdat het momenteel door een andere toepassing of service wordt gebruikt. Het bestand wordt uit het geheugen verwijderd als het niet meer wordt gebruikt.

      Event Record #/Type3225 / Error
      Event Submitted/Written: 04/10/2008 06:31:46 PM
      Event ID/Source: 1015 / Winlogon
      Event Description:
      Het kritieke systeemproces C:\WINDOWS\system32\lsass.exe is mislukt. Statuscode: c0000005. De computer
      dient nu opnieuw te worden opgestart.

      Event Record #/Type3216 / Error
      Event Submitted/Written: 04/09/2008 04:58:42 PM
      Event ID/Source: 1004 / Application Error
      Event Description:
      Vastgelopen toepassing: lsass.exe, versie: 5.1.2600.2180, vastgelopen module: tuvussPI.dll, versie: 0.0.0.0, vastgelopen op: 0x00067958.
      Er is tijdens het maken van de resulterende PEAP-TLV als antwoord op de ontvangen PEAP-TLV een fout opgetreden (lsass.exe!ld!)

      Event Record #/Type3209 / Error
      Event Submitted/Written: 04/09/2008 04:56:04 PM
      Event ID/Source: 1015 / Winlogon
      Event Description:
      Het kritieke systeemproces C:\WINDOWS\system32\lsass.exe is mislukt. Statuscode: c0000005. De computer
      dient nu opnieuw te worden opgestart.



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type10367 / Error
      Event Submitted/Written: 04/16/2008 04:22:09 PM
      Event ID/Source: 7026 / Service Control Manager
      Event Description:
      De volgende opstartstuurprogramma's zijn niet geladen:
      AFD
      AvgLdx86
      AvgMfx86
      Fips
      intelppm
      IPSec
      MRxSmb
      NetBIOS
      NetBT
      RasAcd
      Rdbss
      Tcpip

      Event Record #/Type10366 / Error
      Event Submitted/Written: 04/16/2008 04:22:09 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service, die vanwege de volgende fout niet kan worden gestart:
      %%31

      Event Record #/Type10365 / Error
      Event Submitted/Written: 04/16/2008 04:22:09 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De TCP/IP NetBIOS Helper-service is afhankelijk van de AFD-service, die vanwege de volgende fout niet kan worden gestart:
      %%31

      Event Record #/Type10364 / Error
      Event Submitted/Written: 04/16/2008 04:22:09 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart:
      %%31

      Event Record #/Type10363 / Error
      Event Submitted/Written: 04/16/2008 04:22:09 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De DHCP Client-service is afhankelijk van de NetBios over Tcpip-service, die vanwege de volgende fout niet kan worden gestart:
      %%31



      -- End of Deckard's System Scanner: finished at 2008-04-16 16:28:47 ------------
      • Citaat

      Comment

      • #4
        Krijg je nog steeds popups?

        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht
        • Citaat

        Comment

        • #5
          Nee, de popups zijn verdwenen

          ======C:\WINDOWS====
          ----a-w 0 2008-04-17 08:49:14 C:\WINDOWS\0.log
          ----a-w 20,702 2008-04-16 08:34:54 C:\WINDOWS\BMb7e64554.txt
          ----a-w 101,101 2008-04-14 12:52:44 C:\WINDOWS\BMb7e64554.xml
          --s-a-w 2,048 2008-04-17 08:48:20 C:\WINDOWS\bootstat.dat
          ----a-w 293,927 2008-04-16 17:35:32 C:\WINDOWS\comsetup.log
          ----a-w 851,721 2008-04-16 17:35:32 C:\WINDOWS\FaxSetup.log
          ----a-w 30 2008-04-16 18:16:57 C:\WINDOWS\iedit.INI
          ----a-w 135,312 2008-04-16 17:35:32 C:\WINDOWS\iis6.log
          ----a-w 1,374 2008-04-16 17:35:01 C:\WINDOWS\imsins.BAK
          ----a-w 1,374 2008-04-16 17:35:32 C:\WINDOWS\imsins.log
          ----a-w 13,887 2008-04-16 17:35:32 C:\WINDOWS\KB926239.log
          ----a-w 19,988 2008-04-16 19:01:25 C:\WINDOWS\KB941569.log
          ----a-w 12,388 2008-04-10 16:36:38 C:\WINDOWS\KB941693.log
          ----a-w 15,847 2008-04-10 16:30:25 C:\WINDOWS\KB944338.log
          ----a-w 13,884 2008-04-10 16:29:53 C:\WINDOWS\KB945553.log
          ----a-w 32,884 2008-04-10 16:37:20 C:\WINDOWS\KB947864.log
          ----a-w 12,584 2008-04-10 16:36:29 C:\WINDOWS\KB948590.log
          ----a-w 6,171 2008-04-11 01:03:00 C:\WINDOWS\KB948881.log
          ----a-w 9,326 2008-04-16 17:35:01 C:\WINDOWS\MSCompPackV1.log
          ----a-w 43,324 2008-04-16 17:35:32 C:\WINDOWS\msgsocm.log
          ----a-w 273,588 2008-04-16 14:20:44 C:\WINDOWS\ntbtlog.txt
          ----a-w 177,962 2008-04-16 17:35:32 C:\WINDOWS\ntdtcsetup.log
          ----a-w 422,533 2008-04-16 17:35:32 C:\WINDOWS\ocgen.log
          ----a-w 53,577 2008-04-16 17:35:32 C:\WINDOWS\ocmsn.log
          ----a-w 32,544 2008-04-16 14:18:48 C:\WINDOWS\SchedLgU.Txt
          ----a-w 637,541 2008-04-16 19:13:06 C:\WINDOWS\setupapi.log
          ----a-w 50,558 2008-04-16 17:38:35 C:\WINDOWS\spupdsvc.log
          ----a-w 334,772 2008-04-16 17:35:32 C:\WINDOWS\tsoc.log
          ----a-w 51,324 2008-04-16 17:35:31 C:\WINDOWS\updspapi.log
          ----a-w 159 2008-04-17 08:49:03 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-04-17 08:49:03 C:\WINDOWS\wiaservc.log
          ----a-w 835 2008-04-16 17:35:55 C:\WINDOWS\win.ini
          ----a-w 1,647,715 2008-04-17 08:51:20 C:\WINDOWS\WindowsUpdate.log
          ----a-w 47,988 2008-04-16 17:34:14 C:\WINDOWS\WMFDist11.log
          ----a-w 35,320 2008-04-16 17:34:53 C:\WINDOWS\wmp11.log
          ----a-w 68,545 2008-04-16 17:44:12 C:\WINDOWS\wmsetup.log
          ----a-w 973 2008-04-16 17:36:07 C:\WINDOWS\wmsetup10.log
          ----a-w 316,640 2008-04-16 17:34:12 C:\WINDOWS\WMSysPr9.prx
          ----a-w 12,882 2008-04-16 17:33:34 C:\WINDOWS\Wudf01000Inst.log

          Entries: 39 (38)
          Directories: 0 Files: 39
          Bytes: 5,753,377 Blocks: 11,258
          ======C:\WINDOWS\system32=====
          ----a-w 16,832 2008-04-16 17:38:32 C:\WINDOWS\System32\amcompat.tlb
          ----a-w 0 2008-04-16 09:18:56 C:\WINDOWS\System32\clkcnt.txt
          ----a-w 298,848 2008-04-10 16:49:21 C:\WINDOWS\System32\FNTCACHE.DAT
          --sha-w 186,322 2008-04-09 14:56:53 C:\WINDOWS\System32\IPssuvut.ini
          ----a-w 6,242 2008-04-15 19:28:57 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          --sha-w 174,049 2008-04-16 09:57:02 C:\WINDOWS\System32\lRYFOUtv.ini
          ----a-w 19,836,024 2008-04-05 20:56:22 C:\WINDOWS\System32\MRT.exe
          --sha-w 180,318 2008-04-16 09:11:54 C:\WINDOWS\System32\NnqYJRqr.ini
          ----a-w 23,392 2008-04-16 17:38:32 C:\WINDOWS\System32\nscompat.tlb
          ----a-w 63,862 2008-04-14 14:02:08 C:\WINDOWS\System32\perfc009.dat
          ----a-w 83,658 2008-04-14 14:02:08 C:\WINDOWS\System32\perfc013.dat
          ----a-w 406,662 2008-04-14 14:02:08 C:\WINDOWS\System32\perfh009.dat
          ----a-w 472,384 2008-04-14 14:02:08 C:\WINDOWS\System32\perfh013.dat
          ----a-w 992,400 2008-04-14 14:02:08 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 791,214 2008-04-16 09:11:50 C:\WINDOWS\System32\RVAXO.bat
          --sha-w 177,463 2008-04-14 13:58:23 C:\WINDOWS\System32\rYFiPXbc.ini
          --sha-w 180,102 2008-04-10 16:32:35 C:\WINDOWS\System32\WGOXxGgh.ini
          ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
          ----a-w 1,158 2008-04-16 17:43:53 C:\WINDOWS\System32\wpa.dbl

          Entries: 19 (14)
          Directories: 0 Files: 19
          Bytes: 25,736,306 Blocks: 50,275
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 821,856 2008-04-16 17:23:59 C:\WINDOWS\System32\drivers\avg7core.sys
          ----a-w 4,224 2008-04-16 17:22:58 C:\WINDOWS\System32\drivers\avg7rsw.sys
          ----a-w 27,776 2008-04-16 17:22:58 C:\WINDOWS\System32\drivers\avg7rsxp.sys
          ----a-w 10,760 2008-04-16 17:24:04 C:\WINDOWS\System32\drivers\avgclean.sys
          ----a-w 26,952 2008-04-16 17:23:59 C:\WINDOWS\System32\drivers\avgmfx86.sys
          ----a-w 4,960 2008-04-16 17:22:59 C:\WINDOWS\System32\drivers\avgtdi.sys

          Entries: 6 (6)
          Directories: 0 Files: 6
          Bytes: 896,528 Blocks: 1,755
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          ----a-w 715 2008-04-16 14:22:16 C:\firstrun5.log
          --sha-w 1,063,440,384 2008-04-17 08:48:14 C:\hiberfil.sys
          --sha-w 1,595,052,032 2008-04-17 08:48:12 C:\pagefile.sys
          ----a-w 850 2008-04-16 14:23:36 C:\RVAXO-results.log
          ----a-w 850 2008-04-16 14:24:55 C:\RVAXO-results2.txt
          ----a-w 4,135 2008-04-16 14:25:05 C:\RVAXO-Vfind.log

          Entries: 6 (4)
          Directories: 0 Files: 6
          Bytes: 2,658,498,966 Blocks: 5,192,383
          ======C:\Documents and Settings\laptop\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\laptop======
          ---ha-w 3,145,728 2008-04-16 20:42:33 C:\Documents and Settings\laptop\NTUSER.DAT
          ---ha-w 32,768 2008-04-17 08:52:59 C:\Documents and Settings\laptop\ntuser.dat.LOG
          --sh--w 188 2008-04-16 20:42:09 C:\Documents and Settings\laptop\ntuser.ini

          Entries: 3 (0)
          Directories: 0 Files: 3
          Bytes: 3,178,684 Blocks: 6,209
          ======C:\WINDOWS\Downloaded Program Files====
          ----a-w 124,208 2008-03-25 16:13:04 C:\WINDOWS\Downloaded Program Files\as2stubie.dll

          Entries: 1 (1)
          Directories: 0 Files: 1
          Bytes: 124,208 Blocks: 243
          =============
          • Citaat

          Comment

          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\BMb7e64554.txt
            C:\WINDOWS\BMb7e64554.xml
            C:\WINDOWS\System32\clkcnt.txt
            C:\WINDOWS\System32\IPssuvut.ini
            C:\WINDOWS\System32\lRYFOUtv.ini
            C:\WINDOWS\System32\NnqYJRqr.ini
            C:\WINDOWS\System32\rYFiPXbc.ini
            C:\WINDOWS\System32\WGOXxGgh.ini
            "C:\WINDOWS\Downloaded Program Files\as2stubie.dll") DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.
            • Citaat

            Comment

            • #7
              Deleting files
              C:\WINDOWS\BMb7e64554.txt deleted
              C:\WINDOWS\BMb7e64554.xml deleted
              C:\WINDOWS\System32\clkcnt.txt deleted
              C:\WINDOWS\System32\IPssuvut.ini deleted
              C:\WINDOWS\System32\lRYFOUtv.ini deleted
              C:\WINDOWS\System32\NnqYJRqr.ini deleted
              C:\WINDOWS\System32\rYFiPXbc.ini deleted
              C:\WINDOWS\System32\WGOXxGgh.ini deleted
              "C:\WINDOWS\Downloaded Program Files\as2stubie.dll" deleted
              • Citaat

              Comment

              • #8
                Doe dit nog:

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Dan denk ik dat we klaar zijn
                • Citaat

                Comment

                • #9
                  Oké dan, onze dank is wederom enorm groot
                  Wat mij betreft kan dit topic dicht
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan hoor
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X