Mededeling

**smeenk** · 24-04-08, 22:58

Start Hijackthis en vink alleen de volgende regels aan:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\khfgEVMc.dll (file missing)
O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
O2 - BHO: (no name) - {C0E84E5A-D863-42AC-9C09-062920C45B1B} - C:\WINDOWS\system32\opnmLbyW.dll (file missing)
O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [38de41c4] rundll32.exe "C:\WINDOWS\system32\iflqdvqc.dll",b
O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
O20 - Winlogon Notify: khfgEVMc - khfgEVMc.dll (file missing)
O21 - SSODL: vadokmxt - {0A7C8FE2-84FF-4E58-8E7B-A68D242707DB} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {59BFF390-1558-4258-BC1F-1C5930C0DCAC} - C:\WINDOWS\wdpoefan.dll
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook een nieuw logje van Hijackthis

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord evenals extra.txt.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**kvmill** · 25-04-08, 13:43

Bedankt! en resultaten

OK, smeenk, ik heb al het huiswerk gedaan. Het is een stuk rustiger op m'n PC.

Erg bedankt tot zover!!

De logjes: ik doe de 'extra' van DSS in een apart bericht omdat anders het bericht te groot wordt.

Kees

RVAXO
=====

---RVAXO.exe Updated: 2008-04-24---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\khfgEVMc.dll__DELETE_ON_REBOOT
C:\WINDOWS\system32\WybLmnpo.ini2
C:\WINDOWS\wininit.ini
C:\WINDOWS\wdpoefan.dll
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\wxvgsdbq.exe
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\clkcnt.txt
C:\Documents and Settings\C.F. van Mill\Bureau~1\Error Cleaner.url
C:\Documents and Settings\C.F. van Mill\Bureau~1\Spyware&Malware Protection.url
C:\Documents and Settings\C.F. van Mill\Bureau~1\Privacy Protector.url
C:\Documents and Settings\C.F. van Mill\FAVORI~1\Error Cleaner.url
C:\Documents and Settings\C.F. van Mill\FAVORI~1\Privacy Protector.url
C:\Documents and Settings\C.F. van Mill\FAVORI~1\Spyware&Malware Protection.url

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

DSS main
=======

Deckard's System Scanner v20071014.68
Run by C.F. van Mill on 2008-04-25 13:28:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
52: 2008-04-25 11:28:27 UTC - RP601 - Deckard's System Scanner Restore Point
51: 2008-04-24 17:29:59 UTC - RP600 - Installed Ad-Aware 2007
50: 2008-04-24 07:01:19 UTC - RP599 - Software Distribution Service 3.0
49: 2008-04-23 15:38:10 UTC - RP598 - Last known good configuration
48: 2008-04-23 15:38:03 UTC - RP597 - Controlepunt van systeem

-- First Restore Point --
1: 2008-04-23 15:37:56 UTC - RP550 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as C.F. van Mill.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:47, on 25-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\argewebbackup\onlinebackupservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synology Data Replicator 3\Backup.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Workpace\WorkPace.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Workpace\sv32_240.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\C.F. van Mill\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\C.F. van Mill.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Data Replicator 3] "C:\Program Files\Synology Data Replicator 3\Backup.exe" /MIN
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WorkPace.LNK = C:\Program Files\Workpace\WorkPace.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-emea2.infor.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
O16 - DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} (MapConnect Control) - http://www.wayfinder.com/maps/MapConnect.ocx
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConnectionMonitor - Unknown owner - C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp\ConnectionMonitor.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OnlineBackupService - BackupAgent B.V. - c:\program files\argewebbackup\onlinebackupservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11041 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080425-131019-172 O4 - HKLM\..\Run: [38de41c4] rundll32.exe "C:\WINDOWS\system32\iflqdvqc.dll",b
backup-20080425-131019-333 O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
backup-20080425-131019-350 O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll
backup-20080425-131019-360 O21 - SSODL: wdpoefan - {59BFF390-1558-4258-BC1F-1C5930C0DCAC} - C:\WINDOWS\wdpoefan.dll
backup-20080425-131019-434 O21 - SSODL: vadokmxt - {0A7C8FE2-84FF-4E58-8E7B-A68D242707DB} - C:\WINDOWS\vadokmxt.dll
backup-20080425-131019-439 O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
backup-20080425-131019-535 O2 - BHO: (no name) - {C0E84E5A-D863-42AC-9C09-062920C45B1B} - C:\WINDOWS\system32\opnmLbyW.dll (file missing)
backup-20080425-131019-553 O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\khfgEVMc.dll (file missing)
backup-20080425-131019-636 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
backup-20080425-131019-638 O20 - Winlogon Notify: khfgEVMc - khfgEVMc.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 s24trans (WLAN-transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
R3 w29n51 (Stuurprogramma voor Intel(R) PRO/Wireless 2200BG-netwerkverbinding onder Windows XP) - c:\windows\system32\drivers\w29n51.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 BCOREUSB (BCOREUSB.Sys CSR test driver) - c:\windows\system32\drivers\bcoreusb.sys <Not Verified; CSR; Bluetooth USB Dongle Device Driver>
S3 BTDriver (Bluetooth virtuele-communicatiestuurprogramma) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTKRNL (Bluetooth bus-enumerator) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 DFUBTUSB (WIDCOMM USB Bluetooth Driver in DFU State) - c:\windows\system32\drivers\frmupgr.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
S3 IrCOMM2k (Virtual IR COM Port) - c:\windows\system32\drivers\ircomm2k.sys (file missing)
S3 IrDAFw2k (IrDA Forward Adapter) - c:\windows\system32\drivers\irdafw2k.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 RDID1057 (EDIROL UA-1EX) - c:\windows\system32\drivers\rdwm1057.sys <Not Verified; Roland Corporation; >
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 SynoDrService - c:\program files\synology data replicator 3\synodrservice.exe
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 ConnectionMonitor - "c:\docume~1\cfc324~1.van\locals~1\temp\connectionmonitor.exe" /run_service (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems SSL VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems SSL VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CSVirtA

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6233
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6233
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 21:32:00 406 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1170189130.job
2008-04-19 22:23:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-11 21:00:00 302 --a------ C:\WINDOWS\Tasks\Synology Data Replicator 3-PC004-C,F, van Mill.job
2007-12-31 03:00:00 1182 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
2006-11-19 23:38:40 438 --a------ C:\WINDOWS\Tasks\WM Recorder aanzetten.job
2006-11-19 23:38:26 204 --a------ C:\WINDOWS\Tasks\PC in slaapstand zetten.job

-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

2008-04-25 13:19:25 0 d-------- C:\RVAXO
2008-04-25 13:17:08 800916 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-25 13:17:08 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-24 19:32:46 0 d-------- C:\Program Files\Trend Micro
2008-04-24 19:30:09 0 d-------- C:\Program Files\Lavasoft
2008-04-24 19:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 19:29:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 18:49:00 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\TmpRecentIcons
2008-04-23 17:24:01 37888 --a------ C:\WINDOWS\system32\wvUljgGW.dll
2008-04-19 11:23:46 0 d-------- C:\Program Files\Apple Software Update
2008-04-05 11:29:51 0 d-------- C:\Program Files\iPod
2008-04-05 11:29:39 0 d-------- C:\Program Files\iTunes
2008-04-05 11:27:45 0 d-------- C:\Program Files\QuickTime
2008-03-28 17:02:52 96629 --a------ C:\WINDOWS\hpqins16.dat
2008-03-28 14:29:28 0 d-------- C:\Documents and Settings\C.F. van Mill\browser - logitech
2008-03-28 14:27:59 0 d-------- C:\Documents and Settings\C.F. van Mill\logitech
2008-03-28 14:27:12 0 d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-03-28 14:27:07 0 d-------- C:\Program Files\Logitech
2008-03-28 14:26:49 0 d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-03-28 14:22:37 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\InstallShield

-- Find3M Report ---------------------------------------------------------------

2008-04-25 13:24:16 545908 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-25 13:24:16 111954 --a------ C:\WINDOWS\system32\perfc013.dat
2008-04-24 21:46:19 4261 --a------ C:\Documents and Settings\C.F. van Mill\Application Data\ReIndex_log.txt
2008-04-24 19:29:22 0 d-------- C:\Program Files\Common Files
2008-04-24 19:00:12 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\Lavasoft
2008-04-23 18:33:04 0 d-------- C:\Program Files\Hitman Pro
2008-04-23 17:47:11 0 d-------- C:\Program Files\SpywareBlaster
2008-04-23 16:36:54 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\Fineprint save
2008-04-19 10:08:17 0 d-------- C:\Program Files\ArgewebBackup
2008-04-09 12:47:43 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\uTorrent
2008-03-29 23:36:34 0 d-------- C:\Program Files\WMR11
2008-03-28 20:39:51 0 d-------- C:\Program Files\Common Files\Nokia
2008-03-28 20:39:48 0 d-------- C:\Program Files\Common Files\PCSuite
2008-03-28 20:39:47 0 d-------- C:\Program Files\Nokia
2008-03-28 16:36:20 0 d-------- C:\Program Files\CDex
2008-03-28 14:27:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 14:42:11 0 d-------- C:\Program Files\FileZilla FTP Client
2008-03-22 14:41:42 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\FileZilla
2008-03-17 21:37:58 0 d-------- C:\Program Files\Synology Data Replicator 3
2008-03-13 20:49:43 0 d-------- C:\Program Files\RdDrv001
2008-03-13 09:27:40 0 d-------- C:\Program Files\PC Connectivity Solution
2008-03-13 09:27:39 0 d-------- C:\Program Files\PC Connectivity Solution(2)
2008-03-13 09:27:27 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\OfficeUpdate12
2008-03-12 15:07:47 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-12 14:09:03 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\Nokia
2008-03-07 20:57:11 0 d-------- C:\Program Files\RegVac Registry Cleaner
2008-03-07 20:55:50 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-02 22:41:46 0 d-------- C:\Program Files\Bonjour
2008-03-02 22:32:31 0 d-------- C:\Program Files\Mp3tag
2008-03-01 23:57:39 0 d-------- C:\Program Files\Rendezvous Proxy
2008-03-01 19:25:34 0 d-------- C:\Documents and Settings\C.F. van Mill\Application Data\MyTunesRSS3
2008-02-29 19:35:55 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-29 17:47:40 0 d-------- C:\Program Files\Winamp
2008-02-27 23:26:54 0 d-------- C:\Program Files\Softsqueeze-7.0a2
2008-02-27 12:41:39 0 d-------- C:\Program Files\Softsqueeze_3.5
2008-02-26 22:51:27 0 d-------- C:\Program Files\Get It Together
2008-02-26 19:25:47 0 d-------- C:\Program Files\Bitvise Tunnelier

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [13-09-2004 17:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"FinePrint Dispatcher v4"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe" [30-10-2002 16:47]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [19-04-2008 11:11]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [19-02-2006 03:41]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04-08-2004 13:00 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
"Data Replicator 3"="C:\Program Files\Synology Data Replicator 3\Backup.exe" [14-03-2008 17:32]

C:\Documents and Settings\C.F. van Mill\Menu Start\Programma's\Opstarten\
WorkPace.LNK - C:\Program Files\Workpace\WorkPace.exe [19-08-2005 14:30:00]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [19-02-2006 5:21:22]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [30-12-2002 11:55:42]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [27-01-2007 18:22:48]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a17e5a96-0dce-11da-8331-0013ce255803}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

-- End of Deckard's System Scanner: finished at 2008-04-25 13:30:11 ------------

En een nieuwe hijacktis
=================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:55, on 25-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\argewebbackup\onlinebackupservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synology Data Replicator 3\Backup.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Workpace\WorkPace.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Workpace\sv32_240.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Data Replicator 3] "C:\Program Files\Synology Data Replicator 3\Backup.exe" /MIN
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WorkPace.LNK = C:\Program Files\Workpace\WorkPace.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-emea2.infor.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://80.73.129.185/fotoxs/ImageUploader3.cab
O16 - DPF: {BE9B2B7C-6680-44E6-9F51-05384AD9C2FF} (MapConnect Control) - http://www.wayfinder.com/maps/MapConnect.ocx
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConnectionMonitor - Unknown owner - C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp\ConnectionMonitor.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OnlineBackupService - BackupAgent B.V. - c:\program files\argewebbackup\onlinebackupservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11012 bytes

**kvmill** · 25-04-08, 13:45

Extra-log van DSS

Nog even de 'extra'-log van DSS:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1015.36 MiB / 511.96 MiB
Pagefile Memory (total/avail): 1674.69 MiB / 1251.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.26 MiB

C: is Fixed (NTFS) - 93.07 GiB total, 71.85 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS721010G9AT00 - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 94.1 MiB
\PARTITION1 (bootable) - Installable File System - 93.07 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v 6.38.1.62
(AntiVir PersonalProducts GmbH)
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) Outdated
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) Disabled
AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH)
AV: NOD32 antivirus systeem 2.50 v2.50 (Eset) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"C:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"C:\\Program Files\\IrCOMM2k\\irmon2k.exe"="C:\\Program Files\\IrCOMM2k\\irmon2k.exe:*:Enabled:IrDA Monitor"
"C:\\Program Files\\Microsoft SQL Server\\MSSQL\\Binn\\sqlservr.exe"="C:\\Program Files\\Microsoft SQL Server\\MSSQL\\Binn\\sqlservr.exe:*:Enabled:SQL Server Windows NT"
"C:\\Program Files\\Sony Handheld\\HOTSYNC.EXE"="C:\\Program Files\\Sony Handheld\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Common Files\\Adobe\\ESD\\AdobeDownloadManager.exe"="C:\\Program Files\\Common Files\\Adobe\\ESD\\AdobeDownloadManager.exe:*

isabled:Adobe Download Manager"
"C:\\Program Files\\Osborn Software\\Advanced File Security 3.0 Basic\\Advanced File Security 3.0 Basic.exe"="C:\\Program Files\\Osborn Software\\Advanced File Security 3.0 Basic\\Advanced File Security 3.0 Basic.exe:*

isabled:Advanced File Security 3.0 Basic"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*

isabled

xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*

isabled:Microsoft Management Console"
"C:\\Program Files\\FTP Commander\\Ftpcomm.exe"="C:\\Program Files\\FTP Commander\\Ftpcomm.exe:*:Enabled:Ftpcomm"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:[email protected] User Interface"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\C.F. van Mill\\Bureaublad\\wake\\Wake On LAN Ex.exe"="C:\\Documents and Settings\\C.F. van Mill\\Bureaublad\\wake\\Wake On LAN Ex.exe:*:Enabled:Wake-up computers that are turned off across the local network."
"C:\\Program Files\\Florian Grubert\\Admins PowerSwitch\\PwrSwtch.exe"="C:\\Program Files\\Florian Grubert\\Admins PowerSwitch\\PwrSwtch.exe:*:Enabled:PwrSwtch"
"C:\\Program Files\\IPCheck Server Monitor 5\\IPCheckServer.exe"="C:\\Program Files\\IPCheck Server Monitor 5\\IPCheckServer.exe:*:Enabled:IPCheck_Server_Monitor_Webserver"
"C:\\Program Files\\LeechFTP\\Leechftp.exe"="C:\\Program Files\\LeechFTP\\Leechftp.exe:*

isabled:LeechFTP"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\ArgewebBackup\\OnlineBackupClient.exe"="C:\\Program Files\\ArgewebBackup\\OnlineBackupClient.exe:*:Enabled:OnlineBackupClient"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Windows\\DSAssistant\\Application\\DSAssistant.exe"="D:\\Windows\\DSAssistant\\Application\\DSA ssistant.exe:*:Enabled:Synology Assistant"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:FTP-bestandsoverdrachtprogramma"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Synology Data Replicator II\\Backup.exe"="C:\\Program Files\\Synology Data Replicator II\\Backup.exe:*:Enabled

ata Replicator"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Program Files\\On2Share\\On2Share MediaServer.exe"="C:\\Program Files\\On2Share\\On2Share MediaServer.exe:*:Enabled:On2Share Media Server"
"C:\\Program Files\\Cidero\\MediaController.exe"="C:\\Program Files\\Cidero\\MediaController.exe:*:Enabled:MediaController"
"C:\\Program Files\\Synology Data Replicator 3\\Backup.exe"="C:\\Program Files\\Synology Data Replicator 3\\Backup.exe:*:Enabled

ata Replicator"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\C.F. van Mill\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC004
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\C.F. van Mill
LANG=NL
LOGONSERVER=\\PC004
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\PHP\extensions;C:\Program Files\Bitvise Tunnelier;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Unixutils\usr\local\wbin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp
TMP=C:\DOCUME~1\CFC324~1.VAN\LOCALS~1\Temp
USERDOMAIN=PC004
USERNAME=C.F. van Mill
USERPROFILE=C:\Documents and Settings\C.F. van Mill
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

C.F. van Mill (admin)
G.A. van Mill
Administrator (admin)
Gast.PC004 (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003}
Adobe Reader for Pocket PC 2.0 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896}
Advanced File Security 3.0 Basic --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Advanced File Security 3.0 Basic
ALNO AG Küchenplaner 0.96a --> "C:\Program Files\ALNO\KPL_096a\unins000.exe"
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArgewebBackup --> "C:\Program Files\ArgewebBackup\unins000.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Baan --> C:\WINDOWS\Baan\Uninst\Setup.exe -funsetup.ins
Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896422) -->
Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB939373) --> "C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB942830) --> "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB942831) --> "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Bitvise Tunnelier 4.26 (remove only) --> "C:\Program Files\Bitvise Tunnelier\uninst.exe" Tunnelier
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1043
Broadcom ASF Management Applications --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Cisco SSL VPN Client --> C:\Program Files\Cisco Systems\SSL VPN Client\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Davilex Business --> MsiExec.exe /X{E354850E-1320-4608-8D53-D12372788A82}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanel
Documents To Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C89C4BEA-3B9A-414A-9392-9CE4EC5C63BF}\Setup.exe" -vzUNINST
DriveImage XML --> "C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
FileZilla Client 3.0.8.1 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
FinePrint 2000 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst4.exe /uninstall
Free WMA to MP3 Converter 1.16 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2100 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart Premier Software 6.5 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\Hewlett-Packard\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
hp psc 2100 series --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java MP3 PlugIn --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Java\jre1.6.0_03\Uninst.isu"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Logitech Harmony Remote Software 7 --> C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0013 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Small Business Editie 2003 --> MsiExec.exe /I{91CA0413-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
MindManager 4.0 --> C:\PROGRA~1\Mindjet\MINDMA~1\UNWISE.EXE C:\PROGRA~1\Mindjet\MINDMA~1\INSTALL.LOG
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanel
Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (nl)"
Mp3tag v2.40 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x13 ControlPanelAnyText
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_dut_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater --> MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
Nugget Ping 2.5 --> "C:\Program Files\Nugget Ping\unins000.exe"
OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Palm Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
PalmSource Package Installer 1.5 --> C:\Program Files\Sony Handheld\PackageInstaller\PackageInstallerUninstall.exe
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PC Wizard 2008.1.80 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
PE Builder 3.1.10a --> "c:\Program Files\pebuilder3110a\unins000.exe"
PhotoFiltre --> "c:\Program Files\PhotoFiltre\Uninst.exe"
PHP 4.4.1 --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
PictureGear 4.6Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{464D0521-C5A5-439E-A039-2D1EE8035F9F}\Setup.exe"
Postbank Girotel Zakelijk - Versie 4.0 --> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\Postbank\Postbank Girotel Zakelijk\Uninst.isu"
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quick StartUp 1.2 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Control USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Rendezvous Proxy 0.22 --> C:\Program Files\Rendezvous Proxy\uninstall.exe
RssReader --> MsiExec.exe /I{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shop for HP Supplies --> C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ for Pocket PC 2.0 --> "C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\unins000.exe"
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Synology Data Replicator 3 --> MsiExec.exe /I{8E310838-457C-4269-B177-3EFB300CBDDC}
Teletekstbrowser versie 3.3 --> "C:\Program Files\Teletekstbrowser\unins000.exe"
Unix Utilities for Yahoo! Widgets --> C:\Program Files\Pixoria\Konfabulator\UnixUtils\uninstall.exe
Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update voor Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Vim 6.4 (self-installing) --> C:\Program Files\Vim\vim64\uninstall-gui.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows-stuurprogrammapakket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows-stuurprogrammapakket - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows-stuurprogrammapakket - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows-stuurprogrammapakket - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WM Recorder 11.0 --> C:\Program Files\WMR11\Uninstal.exe
WM Recorder 11.2 --> C:\Program Files\WMR11\Uninstal.exe
WM Recorder 12.0 --> C:\Program Files\WMR11\Uninstal.exe
WorkPace 2.51 --> "C:\WINDOWS\wpuninst.exe" C:\Program Files\Workpace\wpuninst.dat
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets --> C:\PROGRA~1\Pixoria\KONFAB~1\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type43414 / Warning
Event Submitted/Written: 04/25/2008 01:23:57 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie Platform is mislukt tijdens het aanvragen van onderdeel {7BA39C00-ED40-417C-8C5C-3804B2DDD646}

Event Record #/Type43413 / Warning
Event Submitted/Written: 04/25/2008 01:23:57 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie PCSuite, onderdeel {9B373FD2-8E0A-4A76-80C7-63B6521FD237} is mislukt. De bron HKEY_CURRENT_USER\Software\Nokia\ bestaat niet.

Event Record #/Type43412 / Warning
Event Submitted/Written: 04/25/2008 01:23:57 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie Platform is mislukt tijdens het aanvragen van onderdeel {7BA39C00-ED40-417C-8C5C-3804B2DDD646}

Event Record #/Type43411 / Warning
Event Submitted/Written: 04/25/2008 01:23:57 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie PCSuite, onderdeel {9B373FD2-8E0A-4A76-80C7-63B6521FD237} is mislukt. De bron HKEY_CURRENT_USER\Software\Nokia\ bestaat niet.

Event Record #/Type43410 / Warning
Event Submitted/Written: 04/25/2008 01:23:57 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
De detectie van product {A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}, functie Platform is mislukt tijdens het aanvragen van onderdeel {7BA39C00-ED40-417C-8C5C-3804B2DDD646}

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type159926 / Warning
Event Submitted/Written: 04/23/2008 05:44:22 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Deze computer kan het netwerkadres niet vernieuwen (van de DHCP-
server) voor de netwerkkaart met netwerkadres 0013CE255803. De volgende fout is
opgetreden:
%%1223.
De computer zal doorgaan om zelf een adres van de netwerkadresserver
(DHCP-server) proberen te krijgen.

Event Record #/Type159915 / Warning
Event Submitted/Written: 04/23/2008 05:31:38 PM / 04/23/2008 05:32:01 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Bluetooth-koppelingssleutels kunnen niet door Windows op de lokale zender worden opgeslagen, omdat niet kan worden bepaald of de juite beveiliging voor het apparaat is ingeschakeld.

Event Record #/Type159913 / Warning
Event Submitted/Written: 04/23/2008 05:31:33 PM / 04/23/2008 05:32:01 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type159907 / Error
Event Submitted/Written: 04/23/2008 05:30:19 PM
Event ID/Source: 10010 / DCOM
Event Description:
De server {B286F068-5B17-4AE8-989B-8F9A199C47BA} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd.

Event Record #/Type159885 / Warning
Event Submitted/Written: 04/23/2008 05:27:49 PM / 04/23/2008 05:28:12 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Bluetooth-koppelingssleutels kunnen niet door Windows op de lokale zender worden opgeslagen, omdat niet kan worden bepaald of de juite beveiliging voor het apparaat is ingeschakeld.

-- End of Deckard's System Scanner: finished at 2008-04-25 13:30:11 ------------

**smeenk** · 25-04-08, 23:01

Verwijder dit bestand:
C:\WINDOWS\system32\wvUljgGW.dll

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Zijn alle problemen nu voorbij?

**kvmill** · 26-04-08, 20:46

Alles lijkt goed nu

Huiswerk deel 2 ook uitgevoerd. Ik zie geen vreemde verschijnselen meer. Ik denk dat alle maatregelen afdoende zijn geweest.

Nogmaals bedankt voor de snelle en deskundige hulp!

Kees

**smeenk** · 26-04-08, 21:14

Graag gedaan hoor Kees

Mededeling

Virus / worm Worm.Win32.NetBooster

Virus / worm Worm.Win32.NetBooster

Comment

Comment

Comment

Comment

Comment

Comment