Mededeling

Collapse
No announcement yet.

Virus / worm Worm.Win32.NetBooster

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus / worm Worm.Win32.NetBooster

    Heb sinds gisteren een naar ding op m'n PC. Verschijnselen:

    - Snelkoppelingen op desktop verdwenen
    - Nieuwe balk in IE
    - 3 Snelkoppeling naar plekken op internet
    - Taakmanager doet het niet meer (heb ik inmiddels hersteld)
    - Verschillende pop-ups:
    - Windows Security Alert
    - Windows Virus Alert (Worm.Win32.NetBooster)
    - Spyware Alert (Worm.WIn32.NetBooster2)
    - IE start zomaar vanzelf op

    Kreeg al dit fraais na het downloaden van een video-codec.

    Inmiddels SpyBot en AdAware gedraaid. Helpt nog niet echt.... Zou hulp heel erg fijn vinden.

    Mijn HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:36:43, on 24-04-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp\ConnectionMonitor.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\program files\argewebbackup\onlinebackupservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synology Data Replicator 3\Backup.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Workpace\WorkPace.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\PROGRA~1\Workpace\sv32_240.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\olgdqarf.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: HP913B50 HP0017A4913B50
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\khfgEVMc.dll (file missing)
    O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
    O2 - BHO: (no name) - {C0E84E5A-D863-42AC-9C09-062920C45B1B} - C:\WINDOWS\system32\opnmLbyW.dll (file missing)
    O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [38de41c4] rundll32.exe "C:\WINDOWS\system32\iflqdvqc.dll",b
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3672] command /c del "C:\WINDOWS\system32\iflqdvqc.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5898] cmd /c del "C:\WINDOWS\system32\iflqdvqc.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5470] command /c del "C:\WINDOWS\system32\opnmLbyW.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC889] cmd /c del "C:\WINDOWS\system32\opnmLbyW.dll_old"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Data Replicator 3] "C:\Program Files\Synology Data Replicator 3\Backup.exe" /MIN
    O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2614] command /c del "C:\WINDOWS\system32\iflqdvqc.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5298] cmd /c del "C:\WINDOWS\system32\iflqdvqc.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4866] command /c del "C:\WINDOWS\system32\opnmLbyW.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1087] cmd /c del "C:\WINDOWS\system32\opnmLbyW.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: WorkPace.LNK = C:\Program Files\Workpace\WorkPace.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-emea2.infor.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
    O16 - DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} (MapConnect Control) - http://www.wayfinder.com/maps/MapConnect.ocx
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O20 - Winlogon Notify: khfgEVMc - khfgEVMc.dll (file missing)
    O21 - SSODL: vadokmxt - {0A7C8FE2-84FF-4E58-8E7B-A68D242707DB} - C:\WINDOWS\vadokmxt.dll
    O21 - SSODL: wdpoefan - {59BFF390-1558-4258-BC1F-1C5930C0DCAC} - C:\WINDOWS\wdpoefan.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConnectionMonitor - SteelBytes - C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp\ConnectionMonitor.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: OnlineBackupService - BackupAgent B.V. - c:\program files\argewebbackup\onlinebackupservice.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 12801 bytes

  • #2
    Start Hijackthis en vink alleen de volgende regels aan:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\khfgEVMc.dll (file missing)
    O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
    O2 - BHO: (no name) - {C0E84E5A-D863-42AC-9C09-062920C45B1B} - C:\WINDOWS\system32\opnmLbyW.dll (file missing)
    O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll
    O4 - HKLM\..\Run: [38de41c4] rundll32.exe "C:\WINDOWS\system32\iflqdvqc.dll",b
    O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
    O20 - Winlogon Notify: khfgEVMc - khfgEVMc.dll (file missing)
    O21 - SSODL: vadokmxt - {0A7C8FE2-84FF-4E58-8E7B-A68D242707DB} - C:\WINDOWS\vadokmxt.dll
    O21 - SSODL: wdpoefan - {59BFF390-1558-4258-BC1F-1C5930C0DCAC} - C:\WINDOWS\wdpoefan.dll

    Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Bedankt! en resultaten

      OK, smeenk, ik heb al het huiswerk gedaan. Het is een stuk rustiger op m'n PC.

      Erg bedankt tot zover!!

      De logjes: ik doe de 'extra' van DSS in een apart bericht omdat anders het bericht te groot wordt.

      Kees


      RVAXO
      =====

      ---RVAXO.exe Updated: 2008-04-24---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\khfgEVMc.dll__DELETE_ON_REBOOT
      C:\WINDOWS\system32\WybLmnpo.ini2
      C:\WINDOWS\wininit.ini
      C:\WINDOWS\wdpoefan.dll
      C:\WINDOWS\vadokmxt.dll
      C:\WINDOWS\dpevflbg.dll
      C:\WINDOWS\wxvgsdbq.exe
      C:\WINDOWS\olgdqarf.exe
      C:\WINDOWS\system32\packet.dll
      C:\WINDOWS\system32\wpcap.dll
      C:\WINDOWS\system32\clkcnt.txt
      C:\Documents and Settings\C.F. van Mill\Bureau~1\Error Cleaner.url
      C:\Documents and Settings\C.F. van Mill\Bureau~1\Spyware&Malware Protection.url
      C:\Documents and Settings\C.F. van Mill\Bureau~1\Privacy Protector.url
      C:\Documents and Settings\C.F. van Mill\FAVORI~1\Error Cleaner.url
      C:\Documents and Settings\C.F. van Mill\FAVORI~1\Privacy Protector.url
      C:\Documents and Settings\C.F. van Mill\FAVORI~1\Spyware&Malware Protection.url

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------



      DSS main
      =======

      Deckard's System Scanner v20071014.68
      Run by C.F. van Mill on 2008-04-25 13:28:19
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      52: 2008-04-25 11:28:27 UTC - RP601 - Deckard's System Scanner Restore Point
      51: 2008-04-24 17:29:59 UTC - RP600 - Installed Ad-Aware 2007
      50: 2008-04-24 07:01:19 UTC - RP599 - Software Distribution Service 3.0
      49: 2008-04-23 15:38:10 UTC - RP598 - Last known good configuration
      48: 2008-04-23 15:38:03 UTC - RP597 - Controlepunt van systeem


      -- First Restore Point --
      1: 2008-04-23 15:37:56 UTC - RP550 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as C.F. van Mill.exe) ---------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:29:47, on 25-04-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\basfipm.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      c:\program files\argewebbackup\onlinebackupservice.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\vssvc.exe
      C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Synology Data Replicator 3\Backup.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Workpace\WorkPace.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
      C:\PROGRA~1\Workpace\sv32_240.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
      C:\Documents and Settings\C.F. van Mill\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\C.F. van Mill.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Data Replicator 3] "C:\Program Files\Synology Data Replicator 3\Backup.exe" /MIN
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: WorkPace.LNK = C:\Program Files\Workpace\WorkPace.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-emea2.infor.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
      O16 - DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} (MapConnect Control) - http://www.wayfinder.com/maps/MapConnect.ocx
      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
      O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: ConnectionMonitor - Unknown owner - C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp\ConnectionMonitor.exe (file missing)
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
      O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: OnlineBackupService - BackupAgent B.V. - c:\program files\argewebbackup\onlinebackupservice.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
      O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

      --
      End of file - 11041 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20080425-131019-172 O4 - HKLM\..\Run: [38de41c4] rundll32.exe "C:\WINDOWS\system32\iflqdvqc.dll",b
      backup-20080425-131019-333 O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
      backup-20080425-131019-350 O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll
      backup-20080425-131019-360 O21 - SSODL: wdpoefan - {59BFF390-1558-4258-BC1F-1C5930C0DCAC} - C:\WINDOWS\wdpoefan.dll
      backup-20080425-131019-434 O21 - SSODL: vadokmxt - {0A7C8FE2-84FF-4E58-8E7B-A68D242707DB} - C:\WINDOWS\vadokmxt.dll
      backup-20080425-131019-439 O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
      backup-20080425-131019-535 O2 - BHO: (no name) - {C0E84E5A-D863-42AC-9C09-062920C45B1B} - C:\WINDOWS\system32\opnmLbyW.dll (file missing)
      backup-20080425-131019-553 O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\khfgEVMc.dll (file missing)
      backup-20080425-131019-636 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      backup-20080425-131019-638 O20 - Winlogon Notify: khfgEVMc - khfgEVMc.dll (file missing)

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
      R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
      R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
      R2 s24trans (WLAN-transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
      R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
      R3 w29n51 (Stuurprogramma voor Intel(R) PRO/Wireless 2200BG-netwerkverbinding onder Windows XP) - c:\windows\system32\drivers\w29n51.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>

      S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
      S3 BCOREUSB (BCOREUSB.Sys CSR test driver) - c:\windows\system32\drivers\bcoreusb.sys <Not Verified; CSR; Bluetooth USB Dongle Device Driver>
      S3 BTDriver (Bluetooth virtuele-communicatiestuurprogramma) - c:\windows\system32\drivers\btport.sys (file missing)
      S3 BTKRNL (Bluetooth bus-enumerator) - c:\windows\system32\drivers\btkrnl.sys (file missing)
      S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
      S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
      S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
      S3 DFUBTUSB (WIDCOMM USB Bluetooth Driver in DFU State) - c:\windows\system32\drivers\frmupgr.sys (file missing)
      S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)
      S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
      S3 IrCOMM2k (Virtual IR COM Port) - c:\windows\system32\drivers\ircomm2k.sys (file missing)
      S3 IrDAFw2k (IrDA Forward Adapter) - c:\windows\system32\drivers\irdafw2k.sys (file missing)
      S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
      S3 RDID1057 (EDIROL UA-1EX) - c:\windows\system32\drivers\rdwm1057.sys <Not Verified; Roland Corporation; >
      S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
      S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
      S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
      S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
      S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
      S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
      S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
      S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 AntiVirScheduler (AntiVir Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>
      R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
      R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
      R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
      R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
      R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
      R2 SynoDrService - c:\program files\synology data replicator 3\synodrservice.exe
      R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
      R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

      S2 ConnectionMonitor - "c:\docume~1\cfc324~1.van\locals~1\temp\connectionmonitor.exe" /run_service (file missing)
      S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
      Description: Cisco Systems SSL VPN Adapter
      Device ID: ROOT\NET\0000
      Manufacturer: Cisco Systems
      Name: Cisco Systems SSL VPN Adapter
      PNP Device ID: ROOT\NET\0000
      Service: CSVirtA

      Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
      Description: Nokia 6233
      Device ID: ROOT\WPD\0000
      Manufacturer: Nokia
      Name: Nokia 6233
      PNP Device ID: ROOT\WPD\0000
      Service: WUDFRd


      -- Scheduled Tasks -------------------------------------------------------------

      2008-04-24 21:32:00 406 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1170189130.job
      2008-04-19 22:23:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      2008-04-11 21:00:00 302 --a------ C:\WINDOWS\Tasks\Synology Data Replicator 3-PC004-C,F, van Mill.job
      2007-12-31 03:00:00 1182 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
      2006-11-19 23:38:40 438 --a------ C:\WINDOWS\Tasks\WM Recorder aanzetten.job
      2006-11-19 23:38:26 204 --a------ C:\WINDOWS\Tasks\PC in slaapstand zetten.job


      -- Files created between 2008-03-25 and 2008-04-25 -----------------------------

      2008-04-25 13:19:25 0 d-------- C:\RVAXO
      2008-04-25 13:17:08 800916 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-04-25 13:17:08 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-04-24 19:32:46 0 d-------- C:\Program Files\Trend Micro
      2008-04-24 19:30:09 0 d-------- C:\Program Files\Lavasoft
      2008-04-24 19:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-04-24 19:29:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-23 18:49:00 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\TmpRecentIcons
      2008-04-23 17:24:01 37888 --a------ C:\WINDOWS\system32\wvUljgGW.dll
      2008-04-19 11:23:46 0 d-------- C:\Program Files\Apple Software Update
      2008-04-05 11:29:51 0 d-------- C:\Program Files\iPod
      2008-04-05 11:29:39 0 d-------- C:\Program Files\iTunes
      2008-04-05 11:27:45 0 d-------- C:\Program Files\QuickTime
      2008-03-28 17:02:52 96629 --a------ C:\WINDOWS\hpqins16.dat
      2008-03-28 14:29:28 0 d-------- C:\Documents and Settings\C.F. van Mill\browser - logitech
      2008-03-28 14:27:59 0 d-------- C:\Documents and Settings\C.F. van Mill\logitech
      2008-03-28 14:27:12 0 d-------- C:\Program Files\Common Files\Remote Control Software Common
      2008-03-28 14:27:07 0 d-------- C:\Program Files\Logitech
      2008-03-28 14:26:49 0 d-------- C:\Program Files\Common Files\Remote Control USB Driver
      2008-03-28 14:22:37 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\InstallShield


      -- Find3M Report ---------------------------------------------------------------

      2008-04-25 13:24:16 545908 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-04-25 13:24:16 111954 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-04-24 21:46:19 4261 --a------ C:\Documents and Settings\C.F. van Mill\Application Data\ReIndex_log.txt
      2008-04-24 19:29:22 0 d-------- C:\Program Files\Common Files
      2008-04-24 19:00:12 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\Lavasoft
      2008-04-23 18:33:04 0 d-------- C:\Program Files\Hitman Pro
      2008-04-23 17:47:11 0 d-------- C:\Program Files\SpywareBlaster
      2008-04-23 16:36:54 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\Fineprint save
      2008-04-19 10:08:17 0 d-------- C:\Program Files\ArgewebBackup
      2008-04-09 12:47:43 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\uTorrent
      2008-03-29 23:36:34 0 d-------- C:\Program Files\WMR11
      2008-03-28 20:39:51 0 d-------- C:\Program Files\Common Files\Nokia
      2008-03-28 20:39:48 0 d-------- C:\Program Files\Common Files\PCSuite
      2008-03-28 20:39:47 0 d-------- C:\Program Files\Nokia
      2008-03-28 16:36:20 0 d-------- C:\Program Files\CDex
      2008-03-28 14:27:00 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-03-22 14:42:11 0 d-------- C:\Program Files\FileZilla FTP Client
      2008-03-22 14:41:42 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\FileZilla
      2008-03-17 21:37:58 0 d-------- C:\Program Files\Synology Data Replicator 3
      2008-03-13 20:49:43 0 d-------- C:\Program Files\RdDrv001
      2008-03-13 09:27:40 0 d-------- C:\Program Files\PC Connectivity Solution
      2008-03-13 09:27:39 0 d-------- C:\Program Files\PC Connectivity Solution(2)
      2008-03-13 09:27:27 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\OfficeUpdate12
      2008-03-12 15:07:47 0 d-------- C:\Program Files\Microsoft ActiveSync
      2008-03-12 14:09:03 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\Nokia
      2008-03-07 20:57:11 0 d-------- C:\Program Files\RegVac Registry Cleaner
      2008-03-07 20:55:50 0 d-------- C:\Program Files\NCH Swift Sound
      2008-03-02 22:41:46 0 d-------- C:\Program Files\Bonjour
      2008-03-02 22:32:31 0 d-------- C:\Program Files\Mp3tag
      2008-03-01 23:57:39 0 d-------- C:\Program Files\Rendezvous Proxy
      2008-03-01 19:25:34 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\MyTunesRSS3
      2008-02-29 19:35:55 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
      2008-02-29 17:47:40 0 d-------- C:\Program Files\Winamp
      2008-02-27 23:26:54 0 d-------- C:\Program Files\Softsqueeze-7.0a2
      2008-02-27 12:41:39 0 d-------- C:\Program Files\Softsqueeze_3.5
      2008-02-26 22:51:27 0 d-------- C:\Program Files\Get It Together
      2008-02-26 19:25:47 0 d-------- C:\Program Files\Bitvise Tunnelier


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Apoint"="C:\Program Files\Apoint\Apoint.exe" [13-09-2004 17:33]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
      "FinePrint Dispatcher v4"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe" [30-10-2002 16:47]
      "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [19-04-2008 11:11]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [19-02-2006 03:41]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [04-08-2004 13:00 C:\WINDOWS\system32\bthprops.cpl]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
      "Data Replicator 3"="C:\Program Files\Synology Data Replicator 3\Backup.exe" [14-03-2008 17:32]

      C:\Documents and Settings\C.F. van Mill\Menu Start\Programma's\Opstarten\
      WorkPace.LNK - C:\Program Files\Workpace\WorkPace.exe [19-08-2005 14:30:00]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [19-02-2006 5:21:22]
      hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [30-12-2002 11:55:42]
      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [27-01-2007 18:22:48]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
      "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
      "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs BthServ


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a17e5a96-0dce-11da-8331-0013ce255803}]
      AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe




      -- End of Deckard's System Scanner: finished at 2008-04-25 13:30:11 ------------


      En een nieuwe hijacktis
      =================

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:33:55, on 25-04-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\basfipm.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      c:\program files\argewebbackup\onlinebackupservice.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\vssvc.exe
      C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Synology Data Replicator 3\Backup.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Workpace\WorkPace.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
      C:\PROGRA~1\Workpace\sv32_240.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Data Replicator 3] "C:\Program Files\Synology Data Replicator 3\Backup.exe" /MIN
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: WorkPace.LNK = C:\Program Files\Workpace\WorkPace.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-emea2.infor.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
      O16 - DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} (MapConnect Control) - http://www.wayfinder.com/maps/MapConnect.ocx
      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
      O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: ConnectionMonitor - Unknown owner - C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp\ConnectionMonitor.exe (file missing)
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
      O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: OnlineBackupService - BackupAgent B.V. - c:\program files\argewebbackup\onlinebackupservice.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
      O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

      --
      End of file - 11012 bytes

      Comment


      • #4
        Extra-log van DSS

        Nog even de 'extra'-log van DSS:


        Deckard's System Scanner v20071014.68
        Extra logfile - please post this as an attachment with your post.
        --------------------------------------------------------------------------------

        -- System Information ----------------------------------------------------------

        Microsoft Windows XP Professional (build 2600) SP 2.0
        Architecture: X86; Language: Dutch

        CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
        Percentage of Memory in Use: 49%
        Physical Memory (total/avail): 1015.36 MiB / 511.96 MiB
        Pagefile Memory (total/avail): 1674.69 MiB / 1251.54 MiB
        Virtual Memory (total/avail): 2047.88 MiB / 1889.26 MiB

        C: is Fixed (NTFS) - 93.07 GiB total, 71.85 GiB free.
        D: is CDROM (No Media)

        \\.\PHYSICALDRIVE0 - HTS721010G9AT00 - 93.16 GiB - 2 partitions
        \PARTITION0 - Unknown - 94.1 MiB
        \PARTITION1 (bootable) - Installable File System - 93.07 GiB - C:



        -- Security Center -------------------------------------------------------------

        AUOptions is scheduled to auto-install.
        Windows Internal Firewall is enabled.

        FirstRunDisabled is set.

        AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
        AV: AntiVir PersonalEdition Classic Virus Protection v 6.38.1.62
        (AntiVir PersonalProducts GmbH)
        AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) Outdated
        AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) Disabled
        AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
        AV: NOD32 antivirus systeem 2.50 v2.50 (Eset) Disabled Outdated

        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
        "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
        "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

        [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
        "C:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
        "C:\\Program Files\\IrCOMM2k\\irmon2k.exe"="C:\\Program Files\\IrCOMM2k\\irmon2k.exe:*:Enabled:IrDA Monitor"
        "C:\\Program Files\\Microsoft SQL Server\\MSSQL\\Binn\\sqlservr.exe"="C:\\Program Files\\Microsoft SQL Server\\MSSQL\\Binn\\sqlservr.exe:*:Enabled:SQL Server Windows NT"
        "C:\\Program Files\\Sony Handheld\\HOTSYNC.EXE"="C:\\Program Files\\Sony Handheld\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
        "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
        "C:\\Program Files\\Common Files\\Adobe\\ESD\\AdobeDownloadManager.exe"="C:\\Program Files\\Common Files\\Adobe\\ESD\\AdobeDownloadManager.exe:*isabled:Adobe Download Manager"
        "C:\\Program Files\\Osborn Software\\Advanced File Security 3.0 Basic\\Advanced File Security 3.0 Basic.exe"="C:\\Program Files\\Osborn Software\\Advanced File Security 3.0 Basic\\Advanced File Security 3.0 Basic.exe:*isabled:Advanced File Security 3.0 Basic"
        "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019"
        "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*isabled:Microsoft Management Console"
        "C:\\Program Files\\FTP Commander\\Ftpcomm.exe"="C:\\Program Files\\FTP Commander\\Ftpcomm.exe:*:Enabled:Ftpcomm"
        "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
        "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
        "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
        "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
        "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:[email protected] User Interface"
        "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
        "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
        "C:\\Documents and Settings\\C.F. van Mill\\Bureaublad\\wake\\Wake On LAN Ex.exe"="C:\\Documents and Settings\\C.F. van Mill\\Bureaublad\\wake\\Wake On LAN Ex.exe:*:Enabled:Wake-up computers that are turned off across the local network."
        "C:\\Program Files\\Florian Grubert\\Admins PowerSwitch\\PwrSwtch.exe"="C:\\Program Files\\Florian Grubert\\Admins PowerSwitch\\PwrSwtch.exe:*:Enabled:PwrSwtch"
        "C:\\Program Files\\IPCheck Server Monitor 5\\IPCheckServer.exe"="C:\\Program Files\\IPCheck Server Monitor 5\\IPCheckServer.exe:*:Enabled:IPCheck_Server_Monitor_Webserver"
        "C:\\Program Files\\LeechFTP\\Leechftp.exe"="C:\\Program Files\\LeechFTP\\Leechftp.exe:*isabled:LeechFTP"
        "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
        "C:\\Program Files\\ArgewebBackup\\OnlineBackupClient.exe"="C:\\Program Files\\ArgewebBackup\\OnlineBackupClient.exe:*:Enabled:OnlineBackupClient"
        "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
        "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
        "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
        "D:\\Windows\\DSAssistant\\Application\\DSAssistant.exe"="D:\\Windows\\DSAssistant\\Application\\DSA ssistant.exe:*:Enabled:Synology Assistant"
        "C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:FTP-bestandsoverdrachtprogramma"
        "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
        "C:\\Program Files\\Synology Data Replicator II\\Backup.exe"="C:\\Program Files\\Synology Data Replicator II\\Backup.exe:*:Enabledata Replicator"
        "C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
        "C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
        "C:\\Program Files\\On2Share\\On2Share MediaServer.exe"="C:\\Program Files\\On2Share\\On2Share MediaServer.exe:*:Enabled:On2Share Media Server"
        "C:\\Program Files\\Cidero\\MediaController.exe"="C:\\Program Files\\Cidero\\MediaController.exe:*:Enabled:MediaController"
        "C:\\Program Files\\Synology Data Replicator 3\\Backup.exe"="C:\\Program Files\\Synology Data Replicator 3\\Backup.exe:*:Enabledata Replicator"
        "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
        "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


        -- Environment Variables -------------------------------------------------------

        ALLUSERSPROFILE=C:\Documents and Settings\All Users
        APPDATA=C:\Documents and Settings\C.F. van Mill\Application Data
        CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
        CommonProgramFiles=C:\Program Files\Common Files
        COMPUTERNAME=PC004
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Documents and Settings\C.F. van Mill
        LANG=NL
        LOGONSERVER=\\PC004
        NUMBER_OF_PROCESSORS=1
        OS=Windows_NT
        Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\PHP\extensions;C:\Program Files\Bitvise Tunnelier;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Unixutils\usr\local\wbin
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        PROCESSOR_ARCHITECTURE=x86
        PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0d08
        ProgramFiles=C:\Program Files
        PROMPT=$P$G
        QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
        SESSIONNAME=Console
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp
        TMP=C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp
        USERDOMAIN=PC004
        USERNAME=C.F. van Mill
        USERPROFILE=C:\Documents and Settings\C.F. van Mill
        windir=C:\WINDOWS


        -- User Profiles ---------------------------------------------------------------

        C.F. van Mill (admin)
        G.A. van Mill
        Administrator (admin)
        Gast.PC004 (guest)


        -- Add/Remove Programs ---------------------------------------------------------

        --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
        --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
        Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
        Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
        Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
        Adobe Reader for Pocket PC 2.0 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896}
        Advanced File Security 3.0 Basic --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Advanced File Security 3.0 Basic
        ALNO AG Küchenplaner 0.96a --> "C:\Program Files\ALNO\KPL_096a\unins000.exe"
        ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
        Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
        Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
        ArgewebBackup --> "C:\Program Files\ArgewebBackup\unins000.exe"
        µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
        Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
        Baan --> C:\WINDOWS\Baan\Uninst\Setup.exe -funsetup.ins
        Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
        Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB896422) -->
        Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB939373) --> "C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB942830) --> "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB942831) --> "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
        Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
        Bitvise Tunnelier 4.26 (remove only) --> "C:\Program Files\Bitvise Tunnelier\uninst.exe" Tunnelier
        Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
        Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
        Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1043
        Broadcom ASF Management Applications --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
        Cisco SSL VPN Client --> C:\Program Files\Cisco Systems\SSL VPN Client\uninstall.exe
        Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
        Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
        Davilex Business --> MsiExec.exe /X{E354850E-1320-4608-8D53-D12372788A82}
        Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanel
        Documents To Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C89C4BEA-3B9A-414A-9392-9CE4EC5C63BF}\Setup.exe" -vzUNINST
        DriveImage XML --> "C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
        EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
        FileZilla Client 3.0.8.1 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
        FinePrint 2000 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst4.exe /uninstall
        Free WMA to MP3 Converter 1.16 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
        Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
        HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
        Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
        Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
        Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
        HP Customer Participation Program 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
        HP Document Viewer 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
        HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
        HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
        HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
        HP Photo and Imaging 2.0 - hp psc 2100 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
        HP Photosmart Premier Software 6.5 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
        HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\Hewlett-Packard\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
        hp psc 2100 series --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
        HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
        HP Solution Center 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
        Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
        Intel(R) Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
        Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
        Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
        IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
        iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
        J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
        J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
        J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
        J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
        Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
        Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
        Java MP3 PlugIn --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Java\jre1.6.0_03\Uninst.isu"
        Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
        Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
        Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
        Logitech Harmony Remote Software 7 --> C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0013 -removeonly
        Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
        mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
        mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
        mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
        mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
        Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
        Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
        Microsoft Office Small Business Editie 2003 --> MsiExec.exe /I{91CA0413-6000-11D3-8CFE-0150048383C9}
        Microsoft SQL Server Desktop Engine --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
        Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
        MindManager 4.0 --> C:\PROGRA~1\Mindjet\MINDMA~1\UNWISE.EXE C:\PROGRA~1\Mindjet\MINDMA~1\INSTALL.LOG
        mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
        mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
        mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
        Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanel
        Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (nl)"
        Mp3tag v2.40 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
        mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
        mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
        mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
        mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
        mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
        MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
        mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
        mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
        mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
        mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
        Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
        Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
        Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
        NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanelAnyText
        Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
        Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_dut_web.exe
        Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
        Nokia Software Updater --> MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
        Nugget Ping 2.5 --> "C:\Program Files\Nugget Ping\unins000.exe"
        OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
        Palm Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
        PalmSource Package Installer 1.5 --> C:\Program Files\Sony Handheld\PackageInstaller\PackageInstallerUninstall.exe
        PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
        PC Wizard 2008.1.80 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
        PE Builder 3.1.10a --> "c:\Program Files\pebuilder3110a\unins000.exe"
        PhotoFiltre --> "c:\Program Files\PhotoFiltre\Uninst.exe"
        PHP 4.4.1 --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
        PictureGear 4.6Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{464D0521-C5A5-439E-A039-2D1EE8035F9F}\Setup.exe"
        Postbank Girotel Zakelijk - Versie 4.0 --> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\Postbank\Postbank Girotel Zakelijk\Uninst.isu"
        PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
        Quick StartUp 1.2 --> "C:\Program Files\Quick StartUp\unins000.exe"
        QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
        QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
        RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
        Remote Control USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
        Rendezvous Proxy 0.22 --> C:\Program Files\Rendezvous Proxy\uninstall.exe
        RssReader --> MsiExec.exe /I{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}
        Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
        Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
        Shop for HP Supplies --> C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
        Skype™ for Pocket PC 2.0 --> "C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\unins000.exe"
        SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
        SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
        SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
        Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
        SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
        Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
        Synology Data Replicator 3 --> MsiExec.exe /I{8E310838-457C-4269-B177-3EFB300CBDDC}
        Teletekstbrowser versie 3.3 --> "C:\Program Files\Teletekstbrowser\unins000.exe"
        Unix Utilities for Yahoo! Widgets --> C:\Program Files\Pixoria\Konfabulator\UnixUtils\uninstall.exe
        Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
        Update voor Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
        Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
        Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
        Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
        Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
        Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
        Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
        Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
        Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
        Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
        Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
        Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
        Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
        Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
        Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
        Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
        Vim 6.4 (self-installing) --> C:\Program Files\Vim\vim64\uninstall-gui.exe
        Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
        Windows-stuurprogrammapakket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
        Windows-stuurprogrammapakket - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
        Windows-stuurprogrammapakket - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
        Windows-stuurprogrammapakket - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
        Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
        Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
        WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
        WinRAR --> C:\Program Files\WinRAR\uninstall.exe
        WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
        WM Recorder 11.0 --> C:\Program Files\WMR11\Uninstal.exe
        WM Recorder 11.2 --> C:\Program Files\WMR11\Uninstal.exe
        WM Recorder 12.0 --> C:\Program Files\WMR11\Uninstal.exe
        WorkPace 2.51 --> "C:\WINDOWS\wpuninst.exe" C:\Program Files\Workpace\wpuninst.dat
        Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
        Yahoo! Widgets --> C:\PROGRA~1\Pixoria\KONFAB~1\uninstall.exe


        -- Application Event Log -------------------------------------------------------

        Event Record #/Type43414 / Warning
        Event Submitted/Written: 04/25/2008 01:23:57 PM
        Event ID/Source: 1001 / MsiInstaller
        Event Description:
        De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie Platform is mislukt tijdens het aanvragen van onderdeel {7BA39C00-ED40-417C-8C5C-3804B2DDD646}

        Event Record #/Type43413 / Warning
        Event Submitted/Written: 04/25/2008 01:23:57 PM
        Event ID/Source: 1004 / MsiInstaller
        Event Description:
        De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie PCSuite, onderdeel {9B373FD2-8E0A-4A76-80C7-63B6521FD237} is mislukt. De bron HKEY_CURRENT_USER\Software\Nokia\ bestaat niet.

        Event Record #/Type43412 / Warning
        Event Submitted/Written: 04/25/2008 01:23:57 PM
        Event ID/Source: 1001 / MsiInstaller
        Event Description:
        De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie Platform is mislukt tijdens het aanvragen van onderdeel {7BA39C00-ED40-417C-8C5C-3804B2DDD646}

        Event Record #/Type43411 / Warning
        Event Submitted/Written: 04/25/2008 01:23:57 PM
        Event ID/Source: 1004 / MsiInstaller
        Event Description:
        De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie PCSuite, onderdeel {9B373FD2-8E0A-4A76-80C7-63B6521FD237} is mislukt. De bron HKEY_CURRENT_USER\Software\Nokia\ bestaat niet.

        Event Record #/Type43410 / Warning
        Event Submitted/Written: 04/25/2008 01:23:57 PM
        Event ID/Source: 1001 / MsiInstaller
        Event Description:
        De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie Platform is mislukt tijdens het aanvragen van onderdeel {7BA39C00-ED40-417C-8C5C-3804B2DDD646}



        -- Security Event Log ----------------------------------------------------------

        No Errors/Warnings found.


        -- System Event Log ------------------------------------------------------------

        Event Record #/Type159926 / Warning
        Event Submitted/Written: 04/23/2008 05:44:22 PM
        Event ID/Source: 1003 / Dhcp
        Event Description:
        Deze computer kan het netwerkadres niet vernieuwen (van de DHCP-
        server) voor de netwerkkaart met netwerkadres 0013CE255803. De volgende fout is
        opgetreden:
        %%1223.
        De computer zal doorgaan om zelf een adres van de netwerkadresserver
        (DHCP-server) proberen te krijgen.

        Event Record #/Type159915 / Warning
        Event Submitted/Written: 04/23/2008 05:31:38 PM / 04/23/2008 05:32:01 PM
        Event ID/Source: 18 / BTHUSB
        Event Description:
        Bluetooth-koppelingssleutels kunnen niet door Windows op de lokale zender worden opgeslagen, omdat niet kan worden bepaald of de juite beveiliging voor het apparaat is ingeschakeld.

        Event Record #/Type159913 / Warning
        Event Submitted/Written: 04/23/2008 05:31:33 PM / 04/23/2008 05:32:01 PM
        Event ID/Source: 4 / b57w2k
        Event Description:
        Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

        Event Record #/Type159907 / Error
        Event Submitted/Written: 04/23/2008 05:30:19 PM
        Event ID/Source: 10010 / DCOM
        Event Description:
        De server {B286F068-5B17-4AE8-989B-8F9A199C47BA} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd.

        Event Record #/Type159885 / Warning
        Event Submitted/Written: 04/23/2008 05:27:49 PM / 04/23/2008 05:28:12 PM
        Event ID/Source: 18 / BTHUSB
        Event Description:
        Bluetooth-koppelingssleutels kunnen niet door Windows op de lokale zender worden opgeslagen, omdat niet kan worden bepaald of de juite beveiliging voor het apparaat is ingeschakeld.



        -- End of Deckard's System Scanner: finished at 2008-04-25 13:30:11 ------------

        Comment


        • #5
          Verwijder dit bestand:
          C:\WINDOWS\system32\wvUljgGW.dll

          Je Java software is verouderd.
          Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
          Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
          • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
          • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
          • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
          • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
          • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
          • Herhaal dit tot alle oudere versies verdwenen zijn.
          • Na het verwijderen van alle oudere versies, herstart je pc.
          • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


          Download ATF cleaner (mirror)(gemaakt door Atribune)

          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

          Dubbelklik op ATF cleaner om het programma te starten.
          Op het tabblad "Main", plaats je een vinkje bij Select All.
          Klik op de knop Empty Selected.

          Het volgende doen als je ook FireFox als browser hebt:
          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
          Klik op de knop Empty Selected.

          Het volgende doen als je ook Opera als browser hebt:
          Klik op tabblad "Opera", plaats een vinkje bij Select All.
          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          Klik op de knop Empty Selected.
          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

          Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
          Kijk hier hoe je je systeemherstel moet uitschakelen.
          Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

          Zijn alle problemen nu voorbij?

          Comment


          • #6
            Alles lijkt goed nu

            Huiswerk deel 2 ook uitgevoerd. Ik zie geen vreemde verschijnselen meer. Ik denk dat alle maatregelen afdoende zijn geweest.

            Nogmaals bedankt voor de snelle en deskundige hulp!

            Kees

            Comment


            • #7
              Graag gedaan hoor Kees

              Comment

              Sorry, you are not authorized to view this page
              Working...
              X