Mededeling

Collapse
No announcement yet.

Is hier iets mis mee? ( nwprovau.dll )

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Is hier iets mis mee? ( nwprovau.dll )

    Hoi, ik heb het één en ander opgeschoond op mijn pc en gescand met Spybot Search & Destroy. De reden hiervoor was dat webpagina's nogal moeilijk geladen werden.

    Het gaat nu weer perfect. Ook heb ik Hijack-This laten scannen. Er waren 2 dingen die mij opvielen en de vraag is dan ook kan ik deze zonder meer verwijderen?

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Voor de volledigheid is hier de complete log. Zou iemand zo vriendelijk willen zijn om deze te bekijken of er nog iets niet correct is? Alvast hartelijk dank voor de moeite!

    Groet,
    HuBBy


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:51:44, on 19-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DirectUpdate v4\DUEngine.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.souverein-online.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193528325093
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: tmigrate32 - C:\WINDOWS\SYSTEM32\tmigrate32.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: DirectUpdate motor (DirectUpdate) - WildUP - C:\Program Files\DirectUpdate v4\DUEngine.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

    --
    End of file - 4827 bytes
    Labels: Geen
    • Citaat
  • #2
    Ga eens naar de volgende website:
    http://www.virustotal.com/


    Upload daar het volgende bestand en laat het door deze service scannen:
    C:\WINDOWS\SYSTEM32\tmigrate32.dll

    Wacht geduldig op het resultaat(duurt soms wat langer omdat deze veel gebruikt wordt )

    Kopieer het resultaat en post dat in je volgende bericht
    • Citaat

    Comment

    • #3
      Hier is de log van Virustotal,

      Antivirus Versie Laatst geüpdatet Resultaat
      AhnLab-V3 2008.4.19.0 2008.04.18 -
      AntiVir 7.8.0.8 2008.04.18 TR/Hijacker.Gen
      Authentium 4.93.8 2008.04.18 -
      Avast 4.8.1169.0 2008.04.18 -
      AVG 7.5.0.516 2008.04.18 Downloader.Small.60.AO
      BitDefender 7.2 2008.04.19 -
      CAT-QuickHeal 9.50 2008.04.19 -
      ClamAV 0.92.1 2008.04.19 -
      DrWeb 4.44.0.09170 2008.04.19 -
      eSafe 7.0.15.0 2008.04.17 -
      eTrust-Vet 31.3.5714 2008.04.19 -
      Ewido 4.0 2008.04.18 -
      F-Prot 4.4.2.54 2008.04.18 -
      F-Secure 6.70.13260.0 2008.04.19 Trojan.Win32.Agent.dwg
      FileAdvisor 1 2008.04.19 -
      Fortinet 3.14.0.0 2008.04.19 -
      Ikarus T3.1.1.26 2008.04.19 Virus.Trojan.Win32.Agent.dwg
      Kaspersky 7.0.0.125 2008.04.19 Trojan.Win32.Agent.dwg
      McAfee 5277 2008.04.18 -
      Microsoft 1.3408 2008.04.19 VirTool:Win32/Obfuscator.L
      NOD32v2 3040 2008.04.19 -
      Norman 5.80.02 2008.04.18 -
      Panda 9.0.0.4 2008.04.19 -
      Prevx1 V2 2008.04.19 -
      Rising 20.40.51.00 2008.04.19 Trojan.Win32.Undef.ete
      Sophos 4.28.0 2008.04.19 Sus/Behav-1021
      Sunbelt 3.0.1056.0 2008.04.17 -
      Symantec 10 2008.04.19 -
      TheHacker 6.2.92.284 2008.04.18 -
      VBA32 3.12.6.4 2008.04.16 -
      VirusBuster 4.3.26:9 2008.04.18 -
      Webwasher-Gateway 6.6.2 2008.04.18 Trojan.Hijacker.Gen
      Extra informatie
      File size: 8704 bytes
      MD5...: e5eddd2468f2bfecbb28c5f0041200ec
      SHA1..: 648966dd31ff2d66cdd235be620d0c4512b26a0c
      SHA256: 9427868ba7a8e8e993bd5c17fef87bc2308798f1e75182a629932ed57d587c3f
      SHA512: b53cc8f8a1af94cb80ed65ee6a7df4e73f1f99f1404f0c8633c0dca00987067c
      4364a6cb991be8c07676c531d31531606bb7609b1dc692a52f08425efa61ea20
      PEiD..: -
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x10009570
      timedatestamp.....: 0x4730c0e4 (Tue Nov 06 19:30:44 2007)
      machinetype.......: 0x14c (I386)

      ( 3 sections )
      name viradd virsiz rawdsiz ntrpy md5
      UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
      UPX1 0x8000 0x2000 0x1800 7.75 fd4dce061e27d99ef3a4c1a70105611e
      .rsrc 0xa000 0x1000 0x600 2.89 26d692c4ad8dfe2b6d72ec63be85dcc2

      ( 1 imports )
      > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree

      ( 1 exports )
      amih

      packers: UPX
      packers: UPX
      • Citaat

      Comment

      • #4
        Malware dus

        Zoek het bestand eens op met je verkenner:
        C:\WINDOWS\SYSTEM32\tmigrate32.dll
        Rechtsklik het en kies voor "Naam Wijzigen.."
        Verander de naam eens in: tmigrate32.bak

        Herstart daarna je computer en post een nieuw logje van Hijackthis
        • Citaat

        Comment

        • #5
          Hier is het nieuwe logje van HT,

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 12:30:00, on 19-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\DirectUpdate v4\DUEngine.exe
          C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          C:\WINDOWS\system32\oodag.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\UPHClean\uphclean.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\LVCOMSX.EXE
          C:\Program Files\Logitech\Video\LogiTray.exe
          C:\Program Files\ESET\ESET Smart Security\egui.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
          C:\Program Files\Logitech\Video\FxSvr2.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.souverein-online.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
          O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
          O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
          O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
          O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
          O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
          O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
          O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
          O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193528325093
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O20 - Winlogon Notify: tmigrate32 - tmigrate32.dll (file missing)
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: DirectUpdate motor (DirectUpdate) - WildUP - C:\Program Files\DirectUpdate v4\DUEngine.exe
          O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
          O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

          --
          End of file - 4782 bytes
          • Citaat

          Comment

          • #6
            Gelukt, zie ik

            Verwijder nu het volgende bestand:
            C:\WINDOWS\SYSTEM32\tmigrate32.bak

            En vink met Hijackthis de volgende regel aan:
            O20 - Winlogon Notify: tmigrate32 - tmigrate32.dll (file missing)
            Klik op de knop "Fix checked" om de geselecteerde regel te verwijderen.

            Doe nu het volgende:
            Download Deckard's System Scanner naar je Bureaublad.
            • Sluit alle toepassingen en vensters.
            • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
            • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
            • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

            Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
            - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
            Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
            Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
            • Citaat

            Comment

            • #7
              Hier is de main.txt van DSS,

              Deckard's System Scanner v20071014.68
              Run by Otto Souverein on 2008-04-19 13:32:10
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------

              -- System Restore --------------------------------------------------------------



              -- Last 5 Restore Point(s) --
              11: 2008-04-19 11:27:17 UTC - RP61 - Deckard's System Scanner Restore Point
              10: 2008-04-19 07:41:49 UTC - RP60 - Verwijderd: Windows Live installer
              9: 2008-04-18 21:10:10 UTC - RP59 - Removed Rhapsody Player Engine
              8: 2008-04-18 21:09:58 UTC - RP58 - Removed Rhapsody Player Engine
              7: 2008-04-15 19:24:13 UTC - RP57 - Controlepunt van systeem


              -- First Restore Point --
              1: 2008-04-13 12:15:14 UTC - RP51 - Geïnstalleerd: Windows Live installer


              Backed up registry hives.
              Performed disk cleanup.



              -- HijackThis (run as Otto Souverein.exe) --------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 13:34:31, on 19-4-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16640)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\DirectUpdate v4\DUEngine.exe
              C:\Program Files\ESET\ESET Smart Security\ekrn.exe
              C:\WINDOWS\system32\oodag.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\UPHClean\uphclean.exe
              C:\WINDOWS\system32\LVCOMSX.EXE
              C:\Program Files\Logitech\Video\LogiTray.exe
              C:\Program Files\ESET\ESET Smart Security\egui.exe
              C:\Program Files\Logitech\SetPoint\SetPoint.exe
              C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
              C:\Program Files\Logitech\Video\FxSvr2.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\Documents and Settings\Otto Souverein\Bureaublad\dss.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\Otto Souverein.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.souverein-online.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
              O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
              O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
              O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
              O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
              O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
              O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
              O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
              O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
              O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
              O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
              O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
              O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
              O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193528325093
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: DirectUpdate motor (DirectUpdate) - WildUP - C:\Program Files\DirectUpdate v4\DUEngine.exe
              O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
              O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
              O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

              --
              End of file - 4803 bytes

              -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

              backup-20071203-221503-401 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
              backup-20071208-170508-658 O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
              backup-20071222-144741-553 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
              backup-20080117-063722-646 O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
              backup-20080216-080629-675 O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
              backup-20080316-175027-181 O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
              backup-20080413-092905-332 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
              backup-20080419-113556-492 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
              backup-20080419-132311-791 O20 - Winlogon Notify: tmigrate32 - tmigrate32.dll (file missing)

              -- File Associations -----------------------------------------------------------

              All associations okay.


              -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

              R0 hptpro - c:\windows\system32\drivers\hptpro.sys <Not Verified; HighPoint Technologies, Inc.; HighPoint Filter Driver>
              R1 as6eio - c:\windows\system32\drivers\as6eio.sys
              R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
              R3 iComp (Python2 USB WDM Encoder) - c:\windows\system32\drivers\p2usbwdm.sys <Not Verified; Conexant Systems Inc.; USB Mpeg>
              R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

              S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


              -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

              R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

              S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


              -- Device Manager: Disabled ----------------------------------------------------

              No disabled devices found.


              -- Scheduled Tasks -------------------------------------------------------------

              2008-04-19 08:51:52 264 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


              -- Files created between 2008-03-19 and 2008-04-19 -----------------------------

              2008-04-19 13:12:22 0 dr-h----- C:\Documents and Settings\Otto Souverein\Onlangs geopend
              2008-04-19 07:43:14 0 d-------- C:\Program Files\Common Files\xing shared
              2008-04-19 07:43:02 0 d-------- C:\Program Files\Real
              2008-04-19 07:43:00 0 d-------- C:\Program Files\Common Files\Real
              2008-04-19 07:42:59 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\Real
              2008-04-19 07:12:25 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\Media Player Classic
              2008-04-15 22:14:15 0 d-------- C:\WINDOWS\system32\LogFiles
              2008-04-13 16:47:28 0 d--h----- C:\WINDOWS\PIF
              2008-04-13 14:15:16 0 d-------- C:\Program Files\Windows Live
              2008-04-12 18:22:54 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\Logitech
              2008-04-12 18:21:28 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\InstallShield
              2008-04-10 21:57:06 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
              2008-04-10 21:57:06 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
              2008-04-10 21:57:06 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
              2008-04-10 21:57:06 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
              2008-04-10 21:57:06 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
              2008-04-10 21:57:04 0 d-------- C:\Program Files\VSO
              2008-04-06 00:10:51 0 d-------- C:\Program Files\VirtualDub-1.7.8
              2008-04-06 00:01:05 0 d-------- C:\Program Files\PowerISO
              2008-04-03 17:46:34 0 d-------- C:\Program Files\QuickTime
              2008-03-30 14:29:41 0 d-------- C:\Program Files\SpacialAudio
              2008-03-29 00:41:36 0 d-------- C:\Program Files\Microsoft Silverlight
              2008-03-29 00:41:24 9175040 --a------ C:\Documents and Settings\Otto Souverein\ntuser.dat
              2008-03-28 07:01:17 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
              2008-03-28 07:01:16 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
              2008-03-28 07:01:16 0 d-------- C:\Program Files\Xvid
              2008-03-28 00:13:57 0 d-------- C:\Program Files\messpatch-g5-8513021018(www.mess.be)
              2008-03-27 23:38:45 0 d-------- C:\Program Files\CCleaner
              2008-03-25 23:02:16 0 d-------- C:\WINDOWS\system32\Adobe
              2008-03-22 21:33:09 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\MiniDm
              2008-03-22 21:22:37 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\IEPro
              2008-03-22 16:29:09 0 d-------- C:\Documents and Settings\Otto Souverein\DoctorWeb
              2008-03-22 15:53:27 68096 --a------ C:\WINDOWS\system32\zip.exe
              2008-03-22 15:53:27 98816 --a------ C:\WINDOWS\system32\sed.exe
              2008-03-22 15:53:27 80412 --a------ C:\WINDOWS\system32\grep.exe
              2008-03-22 15:53:27 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
              2008-03-22 15:02:57 0 --a------ C:\Documents and Settings\Otto Souverein\ipconfig


              -- Find3M Report ---------------------------------------------------------------

              2008-04-19 07:43:14 0 d-------- C:\Program Files\Common Files
              2008-04-19 06:49:18 0 d-------- C:\Program Files\eMule
              2008-04-17 06:44:40 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\Vso
              2008-04-15 22:56:27 0 d-------- C:\Program Files\TCPOptimizer
              2008-04-15 22:28:02 512410 --a------ C:\WINDOWS\system32\perfh013.dat
              2008-04-15 22:28:02 92052 --a------ C:\WINDOWS\system32\perfc013.dat
              2008-04-14 22:00:17 0 d-------- C:\Program Files\GameSpy Arcade
              2008-04-14 21:45:53 0 d-------- C:\Program Files\VisionGS BE
              2008-04-14 21:28:14 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\Skype
              2008-04-13 23:20:22 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
              2008-04-13 22:05:10 0 d-------- C:\Program Files\UnderCoverXP
              2008-04-13 16:12:31 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\uTorrent
              2008-04-13 15:51:35 668 --a------ C:\Documents and Settings\Otto Souverein\Application Data\vso_ts_preview.xml
              2008-04-12 18:21:51 0 d-------- C:\Program Files\Common Files\Logishrd
              2008-04-12 18:21:31 0 d--h----- C:\Program Files\InstallShield Installation Information
              2008-04-10 21:57:16 34 --a------ C:\Documents and Settings\Otto Souverein\Application Data\pcouffin.log
              2008-04-10 21:57:13 47360 --a------ C:\Documents and Settings\Otto Souverein\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
              2008-04-10 21:57:13 7887 --a------ C:\Documents and Settings\Otto Souverein\Application Data\pcouffin.cat
              2008-04-10 21:57:12 1144 --a------ C:\Documents and Settings\Otto Souverein\Application Data\pcouffin.inf
              2008-04-09 06:38:58 0 d-------- C:\Program Files\HTML Password Lock
              2008-04-08 22:14:18 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\OfficeUpdate12
              2008-04-06 00:23:16 0 d-------- C:\Program Files\Batchrun
              2008-03-29 02:11:56 0 d-------- C:\Program Files\AC3Filter
              2008-03-27 23:53:04 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\Adobe
              2008-03-27 23:34:53 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\Macromedia
              2008-03-27 23:21:04 0 d-------- C:\Program Files\xp-AntiSpy
              2008-03-23 01:11:07 0 d-------- C:\Program Files\DVDFab Platinum 4
              2008-03-16 09:10:39 0 d-------- C:\Program Files\Financieel
              2008-03-15 20:34:40 0 d-------- C:\Documents and Settings\Otto Souverein\Application Data\ESET
              2008-03-12 21:26:22 0 d-------- C:\Program Files\Common Files\Nero
              2008-03-02 09:26:06 0 d-------- C:\Program Files\uTorrent
              2008-03-02 06:20:54 0 d--h----- C:\Program Files\WindowsUpdate


              -- Registry Dump ---------------------------------------------------------------

              *Note* empty entries & legit default entries are not shown


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [28-03-2001 02:00]
              "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 02:17 C:\WINDOWS\KHALMNPR.Exe]
              "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 18:32]
              "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08-06-2005 16:24]
              "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08-06-2005 16:14]
              "DUControl"=""
              "AtiPTA"="atiptaxx.exe" [22-02-2006 03:05 C:\WINDOWS\system32\atiptaxx.exe]
              "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [11-05-2007 03:08]
              "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29-11-2007 02:17 C:\WINDOWS\KHALMNPR.Exe]
              "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [20-02-2008 11:06]

              C:\Documents and Settings\Otto Souverein\Menu Start\Programma's\Opstarten\
              ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20-10-2005 13:04:08]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12-4-2008 18:21:49]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "DisableTaskMgr"=0 (0x0)

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
              "disableregistrytools"=0 (0x0)
              "DisableTaskMgr"=0 (0x0)
              "NoDispAppearancePage"=0 (0x0)
              "NoColorChoice"=0 (0x0)
              "NoSizeChoice"=0 (0x0)
              "NoDispBackgroundPage"=0 (0x0)
              "NoDispScrSavPage"=0 (0x0)
              "NoDispCPL"=0 (0x0)
              "NoVisualStyleChoice"=0 (0x0)
              "NoDispSettingsPage"=0 (0x0)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "NoActiveDesktopChanges"=0 (0x0)

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
              "NoActiveDesktop"=0 (0x0)
              "NoSaveSettings"=0 (0x0)
              "NoThemesTab"=0 (0x0)
              "ForceActiveDesktopOn"=0 (0x0)
              "ClearRecentDocsOnExit"=1 (0x1)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
              c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 09-01-2008 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
              @=""

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
              C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
              "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
              C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
              "C:\Program Files\QuickTime\qttask.exe" -atboottime

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
              C:\WINDOWS\Updreg.exe




              -- End of Deckard's System Scanner: finished at 2008-04-19 13:35:42 ------------
              • Citaat

              Comment

              • #8
                En dit is de extra.txt van DSS,

                Deckard's System Scanner v20071014.68
                Extra logfile - please post this as an attachment with your post.
                --------------------------------------------------------------------------------

                -- System Information ----------------------------------------------------------

                Microsoft Windows XP Professional (build 2600) SP 2.0
                Architecture: X86; Language: Dutch

                CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
                Percentage of Memory in Use: 58%
                Physical Memory (total/avail): 511.01 MiB / 211.44 MiB
                Pagefile Memory (total/avail): 1505.59 MiB / 1265.75 MiB
                Virtual Memory (total/avail): 2047.88 MiB / 1928.53 MiB

                A: is Removable (No Media)
                C: is Fixed (NTFS) - 69.64 GiB total, 59.07 GiB free.
                D: is Fixed (NTFS) - 79.41 GiB total, 70.74 GiB free.
                E: is CDROM (No Media)
                F: is CDROM (No Media)
                H: is Removable (No Media)

                \\.\PHYSICALDRIVE0 - HPT37x RAID 0 Array SCSI Disk Device - 149.06 GiB - 2 partitions
                \PARTITION0 (bootable) - Installable File System - 69.64 GiB - C:
                \PARTITION1 - Extended w/Extended Int 13 - 79.41 GiB - D:

                \\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device



                -- Security Center -------------------------------------------------------------

                AUOptions is scheduled to auto-install.
                Windows Internal Firewall is disabled.

                FirstRunDisabled is set.

                FW: ESET Persoonlijke firewall v3.0.642.0 (ESET, spol. s r. o.)
                AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.) Disabled

                [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
                "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

                [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
                "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                "C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
                "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
                "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
                "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
                "D:\\Games\\Groove Games\\Land Of The Dead\\System\\UCC.exe"="D:\\Games\\Groove Games\\Land Of The Dead\\System\\UCC.exe:*:Enabled:UCC Application"
                "D:\\Games\\Groove Games\\Land Of The Dead\\System\\LOTD.exe"="D:\\Games\\Groove Games\\Land Of The Dead\\System\\LOTD.exe:*:Enabled:Land Of The Dead"
                "D:\\Games\\EA GAMES\\MOHAA\\MOHAA.exe"="D:\\Games\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
                "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
                "D:\\Games\\EA GAMES\\MOHAA\\MOHAA_server.exe"="D:\\Games\\EA GAMES\\MOHAA\\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
                "C:\\Program Files\\VisionGS BE\\visiongs.exe"="C:\\Program Files\\VisionGS BE\\visiongs.exe:*:Enabled:visiongs"
                "C:\\Program Files\\WWW File Share Pro\\WWWFileSharePro.exe"="C:\\Program Files\\WWW File Share Pro\\WWWFileSharePro.exe:*:Enabled:WWWFileSharePro"
                "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
                "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
                "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
                "C:\\Program Files\\Nero\\Nero8\\Nero Burning Rom\\nero.exe"="C:\\Program Files\\Nero\\Nero8\\Nero Burning Rom\\nero.exe:*:Enabled:Nero Express"
                "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
                "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"


                -- Environment Variables -------------------------------------------------------

                ALLUSERSPROFILE=C:\Documents and Settings\All Users
                APPDATA=C:\Documents and Settings\Otto Souverein\Application Data
                CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
                CLIENTNAME=Console
                CommonProgramFiles=C:\Program Files\Common Files
                COMPUTERNAME=OTTO-D29F508A59
                ComSpec=C:\WINDOWS\system32\cmd.exe
                FP_NO_HOST_CHECK=NO
                HOMEDRIVE=C:
                HOMEPATH=\Documents and Settings\Otto Souverein
                LOGONSERVER=\\OTTO-D29F508A59
                NUMBER_OF_PROCESSORS=1
                OS=Windows_NT
                Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
                PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
                PROCESSOR_ARCHITECTURE=x86
                PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
                PROCESSOR_LEVEL=15
                PROCESSOR_REVISION=0204
                ProgramFiles=C:\Program Files
                PROMPT=$P$G
                QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
                SESSIONNAME=Console
                SystemDrive=C:
                SystemRoot=C:\WINDOWS
                TEMP=C:\DOCUME~1\OTTOSO~1\LOCALS~1\Temp
                TMP=C:\DOCUME~1\OTTOSO~1\LOCALS~1\Temp
                USERDOMAIN=OTTO-D29F508A59
                USERNAME=Otto Souverein
                USERPROFILE=C:\Documents and Settings\Otto Souverein
                windir=C:\WINDOWS


                -- User Profiles ---------------------------------------------------------------

                Otto Souverein (admin)
                eMule_Secure


                -- Add/Remove Programs ---------------------------------------------------------

                --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
                --> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
                --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Diagnose2.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
                --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
                --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
                --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
                --> C:\WINDOWS\UNRecode.exe /UNINSTALL
                --> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
                --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
                2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
                AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
                Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
                Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
                Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
                Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
                ATI Display Driver (Omega 3.8.442) --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
                µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
                AttachmentOptions --> MsiExec.exe /I{C708C5C2-A170-48B8-A0A2-69C8E0935A28}
                Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
                Batchrun 4.1 --> C:\PROGRA~1\Batchrun\UNWISE.EXE C:\PROGRA~1\Batchrun\INSTALL.LOG
                Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
                Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
                Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
                Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x13 UNINST
                CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
                CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
                ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
                ConvertXtoDVD 3.0.0.9 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
                DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninstall.exe
                DH Shutdown 1 --> C:\Program Files\DHShutdown\Uninst.exe
                DirectUpdate --> "C:\Program Files\DirectUpdate v4\unins000.exe"
                DVDFab Platinum 4.1.2.0 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
                EchoSub --> C:\Program Files\EchoSub\uninstall.exe
                Educatiepakket voor Microsoft Office --> MsiExec.exe /X{B348E585-E872-41DF-8234-E2D49917CFBB}
                eMule --> "C:\Program Files\eMule\Uninstall.exe"
                EPSON-printersoftware --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
                EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
                EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x13 -UnInstall
                EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x13 UNINST
                EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x13 UNINST
                EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
                EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x13 -u
                EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handboek --> C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\NLD\USE_G\DOCUNINS.EXE
                ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
                ESET Smart Security --> MsiExec.exe /I{355429F6-E060-4212-9655-AEA5E987C286}
                Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
                GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
                Grabster AV 400 --> MsiExec.exe /I{1E61538A-D482-4252-BBB7-D892FD52FC50}
                Groove Games\Land Of The Dead --> D:\Games\Groove Games\Land Of The Dead\System\Setup.exe uninstall "LandOfTheDead"
                HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
                Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
                Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
                HTML Password Lock 4.1 --> "C:\Program Files\HTML Password Lock\unins000.exe"
                KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
                Logitech QuickCam-software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x13
                Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0013 -removeonly
                Logitech® Camera-stuurprogramma --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
                LOTD Map & Audio Pack (Part 1 of 2) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Map & Audio Files Pack Part 1.exe
                LOTD Map & Audio Pack (Part 2 of 2) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Map & Audio Files Pack Part 2.exe
                LOTD Update Pack #1 (3/2/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 1.exe
                LOTD Update Pack #10 (8/24/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 10.exe
                LOTD Update Pack #11 (8/27/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 11.exe
                LOTD Update Pack #12 (9/2/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 12.exe
                LOTD Update Pack #13 (9/14/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 13.exe
                LOTD Update Pack #14 (9/19/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 14.exe
                LOTD Update Pack #15 (10/3/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 15.exe
                LOTD Update Pack #16 (10/21/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 16.exe
                LOTD Update Pack #17 (11/28/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 17.exe
                LOTD Update Pack #18 (1/7/07) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 18.exe
                LOTD Update Pack #19 (2/25/07) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 19.exe
                LOTD Update Pack #2 (3/6/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 2.exe
                LOTD Update Pack #20 (8/20/07) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 20.exe
                LOTD Update Pack #21 (10/06/07) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 21.exe
                LOTD Update Pack #22 (10/09/07) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 22.exe
                LOTD Update Pack #3 (3/30/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 3.exe
                LOTD Update Pack #4 (4/7/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 4.exe
                LOTD Update Pack #5 (4/28/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 5.exe
                LOTD Update Pack #6 (5/12/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 6.exe
                LOTD Update Pack #7 (5/18/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 7.exe
                LOTD Update Pack #8 (7/4/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 8.exe
                LOTD Update Pack #9 (8/1/06) --> D:\Games\Groove Games\Land Of The Dead\Uninstall LOTD Update Pack 9.exe
                Manager for Skype --> "C:\Program Files\Manager for Skype\uninstall.exe"
                Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x13
                Microsoft-invoegtoepassing Opslaan als PDF of XPS voor 2007 Microsoft Office-programma's --> MsiExec.exe /X{90120000-00B2-0413-0000-0000000FF1CE}
                Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
                Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
                Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
                Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170413-6000-11D3-8CFE-0150048383C9}
                Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
                Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
                Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
                Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
                Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
                Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
                Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
                Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
                Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
                Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
                Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
                Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
                Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
                Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
                Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
                Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
                Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2007 --> MsiExec.exe /I{07381881-E9B4-4DF6-A845-CAAFD093E477}
                Microsoft Wiskundehulp --> MsiExec.exe /I{07383840-959A-4B0D-8825-2C533F0DDB19}
                MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
                Nero 8 --> MsiExec.exe /X{D6D5CB84-0E6E-4E69-B300-C690B6911043}
                neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
                O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
                Pakket voor de provider van Microsoft Base-smartcardcryptografieservice --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
                Piranha Panic --> D:\Games\PiranhaPanic\uninstal.exe
                PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
                QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
                QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
                Radeon Omega Drivers v4.8.442 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
                RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
                Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
                Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
                Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
                Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
                Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
                Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
                SimpleCast (remove only) --> "C:\Program Files\SpacialAudio\SimpleCast\uninstall.exe"
                Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
                Sound Blaster Live! Value --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
                Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
                Teletekstbrowser versie 3.3 --> "C:\Program Files\Teletekstbrowser\unins000.exe"
                Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
                UnderCoverXP 1.19 --> "C:\Program Files\UnderCoverXP\unins000.exe"
                Unlocker 1.7.8 --> C:\Program Files\Unlocker\uninst.exe
                Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
                Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
                Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
                Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
                Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
                Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
                Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
                Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
                Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
                Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
                Update voor Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
                Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
                Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
                Update voor Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
                Update voor Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
                Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
                Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
                Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
                Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
                Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
                Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
                User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
                VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
                VisionGS BE --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\VisionGS BE\UnInst.log" "/APPNAME=VisionGS BE"
                VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
                Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
                Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
                Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
                Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
                Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
                Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
                Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
                Windows Presentation Foundation Language Pack (NLD) --> MsiExec.exe /X{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}
                Windows Workflow Foundation NL Language Pack --> MsiExec.exe /I{A06BD059-8EDE-41F3-B91A-73C2C6811187}
                WinRAR --> C:\Program Files\WinRAR\uninstall.exe
                WWW File Share Pro 4.0 --> "C:\Program Files\WWW File Share Pro\unins000.exe"
                XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
                xp-AntiSpy 3.96-7 --> C:\Program Files\xp-AntiSpy\uninst.exe
                Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


                -- Application Event Log -------------------------------------------------------

                No Errors/Warnings found.


                -- Security Event Log ----------------------------------------------------------

                No Errors/Warnings found.


                -- System Event Log ------------------------------------------------------------

                Event Record #/Type223 / Error
                Event Submitted/Written: 04/18/2008 11:42:39 PM
                Event ID/Source: 59 / SideBySide
                Event Description:
                Generate Activation Context mislukt voor C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll.
                Foutmelding voor referentie: De bewerking is voltooid.
                .

                Event Record #/Type222 / Error
                Event Submitted/Written: 04/18/2008 11:42:39 PM
                Event ID/Source: 58 / SideBySide
                Event Description:
                Syntaxisfout in het manifest- of beleidsbestand Manifestparseerfout: er is een ongeldig teken in de tekst gevonden.
                1 in regel Manifestparseerfout: er is een ongeldig teken in de tekst gevonden.
                2.

                Event Record #/Type221 / Error
                Event Submitted/Written: 04/18/2008 11:42:39 PM
                Event ID/Source: 59 / SideBySide
                Event Description:
                Generate Activation Context mislukt voor C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll.
                Foutmelding voor referentie: De bewerking is voltooid.
                .

                Event Record #/Type220 / Error
                Event Submitted/Written: 04/18/2008 11:42:39 PM
                Event ID/Source: 58 / SideBySide
                Event Description:
                Syntaxisfout in het manifest- of beleidsbestand Manifestparseerfout: er is een ongeldig teken in de tekst gevonden.
                1 in regel Manifestparseerfout: er is een ongeldig teken in de tekst gevonden.
                2.



                -- End of Deckard's System Scanner: finished at 2008-04-19 13:35:42 ------------
                • Citaat

                Comment

                • #9
                  Logjes lijken me schoon
                  • Citaat

                  Comment

                  • #10
                    Dank je wel smeenk voor de geweldige hulp Je krijgt van mij een 10 .

                    Mijn pc loopt weer als een gesmeerde naaimachine.

                    Groet,
                    HuBBy
                    • Citaat

                    Comment

                    • #11
                      Graag gedaan hoor

                      Doe dit nog:

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Dan denk ik dat we klaar zijn
                      • Citaat

                      Comment

                      • #12
                        Ok dat doe ik nog ff, nogmaals bedankt smeenk!
                        • Citaat

                        Comment

                        Vorige template Volgende
                        Sorry, you are not authorized to view this page
                        Working...
                        X