Mededeling

Collapse
No announcement yet.

win32/adware.virtumonde

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • win32/adware.virtumonde

    Hallo,

    Ik heb het volgende probleem op mijn vaders computer (ben uitwonend, en tentijde van dit bericht zit ik tot vanavond laat nog achter diezelfde computer, daarna elke donderdag de mogelijkheid tot repareren van het probleem).

    Om de zoveel tijd komt de melding dat er een virus is ontdekt (win32/adware.virtumonde), soms gebeurt dit 2x in 10 minuten. Ik klik op schoonmaken of in quarantaine zetten, maar beide geven geen oplossing.

    Heb in de tussentijd Hitman Pro al geprobeerd, maar dit mocht niet baten.

    HijackThis Log:
    ---------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:52:42, on 26-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [30d5b1aa] rundll32.exe "C:\WINDOWS\system32\cqaqnijl.dll",b
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BM33e68236] Rundll32.exe "C:\WINDOWS\system32\jfhusxon.dll",s
    O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - D:\Nero7Premium\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 5820 bytes
    ---------------------------------------

    Mvg,
    Paul.

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      VirtumundoBeGone log:
      -----------------------
      [04/26/2008, 20:24:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jacques\Bureaublad\VirtumundoBeGone.exe" )
      [04/26/2008, 20:24:47] - Detected System Information:
      [04/26/2008, 20:24:47] - Windows Version: 5.1.2600, Service Pack 2
      [04/26/2008, 20:24:47] - Current Username: Jacques (Admin)
      [04/26/2008, 20:24:47] - Windows is in NORMAL mode.
      [04/26/2008, 20:24:47] - Searching for Browser Helper Objects:
      [04/26/2008, 20:24:47] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 20:24:47] - BHO 2: {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} ()
      [04/26/2008, 20:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:24:47] - Checking for HKLM\...\Winlogon\Notify\khfDsqoO
      [04/26/2008, 20:24:47] - Found: HKLM\...\Winlogon\Notify\khfDsqoO - This is probably Virtumundo.
      [04/26/2008, 20:24:47] - Assigning {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} MSEvents Object
      [04/26/2008, 20:24:47] - BHO list has been changed! Starting over...
      [04/26/2008, 20:24:47] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 20:24:47] - BHO 2: {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} (MSEvents Object)
      [04/26/2008, 20:24:47] - ALERT: Found MSEvents Object!
      [04/26/2008, 20:24:47] - BHO 3: {e8ad1930-5dda-4b02-896e-aff23957a357} ()
      [04/26/2008, 20:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:24:47] - Checking for HKLM\...\Winlogon\Notify\rrjnmyub
      [04/26/2008, 20:24:47] - Key not found: HKLM\...\Winlogon\Notify\rrjnmyub, continuing.
      [04/26/2008, 20:24:47] - BHO 4: {F90578A8-1011-4EA1-A212-94F041B60B52} ()
      [04/26/2008, 20:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:24:47] - Checking for HKLM\...\Winlogon\Notify\pmnNGWPH
      [04/26/2008, 20:24:47] - Key not found: HKLM\...\Winlogon\Notify\pmnNGWPH, continuing.
      [04/26/2008, 20:24:47] - Finished Searching Browser Helper Objects
      [04/26/2008, 20:24:47] - *** Detected MSEvents Object
      [04/26/2008, 20:24:47] - Trying to remove MSEvents Object...
      [04/26/2008, 20:24:48] - Terminating Process: IEXPLORE.EXE
      [04/26/2008, 20:24:50] - Terminating Process: RUNDLL32.EXE
      [04/26/2008, 20:24:50] - Disabling Automatic Shell Restart
      [04/26/2008, 20:24:50] - Terminating Process: EXPLORER.EXE
      [04/26/2008, 20:24:51] - Suspending the NT Session Manager System Service
      [04/26/2008, 20:24:51] - Terminating Windows NT Logon/Logoff Manager
      [04/26/2008, 20:24:51] - Re-enabling Automatic Shell Restart
      [04/26/2008, 20:24:51] - File to disable: C:\WINDOWS\system32\khfDsqoO.dll
      [04/26/2008, 20:24:51] - Removing HKLM\...\Browser Helper Objects\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}
      [04/26/2008, 20:24:51] - Removing HKCR\CLSID\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}
      [04/26/2008, 20:24:51] - Adding Kill Bit for ActiveX for GUID: {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}
      [04/26/2008, 20:24:51] - Deleting ATLEvents/MSEvents Registry entries
      [04/26/2008, 20:24:51] - Removing HKLM\...\Winlogon\Notify\khfDsqoO
      [04/26/2008, 20:24:51] - Searching for Browser Helper Objects:
      [04/26/2008, 20:24:51] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/26/2008, 20:24:51] - BHO 2: {e8ad1930-5dda-4b02-896e-aff23957a357} ()
      [04/26/2008, 20:24:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:24:51] - Checking for HKLM\...\Winlogon\Notify\rrjnmyub
      [04/26/2008, 20:24:51] - Key not found: HKLM\...\Winlogon\Notify\rrjnmyub, continuing.
      [04/26/2008, 20:24:51] - BHO 3: {F90578A8-1011-4EA1-A212-94F041B60B52} ()
      [04/26/2008, 20:24:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [04/26/2008, 20:24:51] - Checking for HKLM\...\Winlogon\Notify\pmnNGWPH
      [04/26/2008, 20:24:51] - Key not found: HKLM\...\Winlogon\Notify\pmnNGWPH, continuing.
      [04/26/2008, 20:24:51] - Finished Searching Browser Helper Objects
      [04/26/2008, 20:24:51] - Finishing up...
      [04/26/2008, 20:24:51] - A restart is needed.
      [04/26/2008, 20:25:04] - Attempting to Restart via STOP error (Blue Screen!)
      -----------------------

      RVAXO log:
      -----------------------
      ---RVAXO.exe Updated: 2008-04-25---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\BM33e68236.xml
      C:\WINDOWS\BM33e68236.txt
      C:\WINDOWS\system32\khfDsqoO.dll__DELETE_ON_REBOOT
      C:\WINDOWS\system32\HPWGNnmp.ini2
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\libssl32.dll
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\libcurl.dll

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------
      -----------------------

      Deckard's System Scanner main-log:
      -----------------------
      Deckard's System Scanner v20071014.68
      Run by Jacques on 2008-04-26 20:39:25
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      18: 2008-04-26 18:39:31 UTC - RP346 - Deckard's System Scanner Restore Point
      17: 2008-04-26 18:10:20 UTC - RP345 - Installed Trend Micro PC-cillin Internet Security 2007.
      16: 2008-04-26 15:43:05 UTC - RP344 - Windows XP Service Pack 2 is geïnstalleerd.
      15: 2008-04-24 21:05:16 UTC - RP343 - Removed Google Toolbar for Internet Explorer
      14: 2008-04-24 21:05:16 UTC - RP342 - Controlepunt van systeem


      -- First Restore Point --
      1: 2008-04-24 21:05:16 UTC - RP329 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Jacques.exe) ---------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:40:11, on 26-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      D:\Norton Ghost\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      D:\Norton Ghost\Agent\VProTray.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      D:\ScanSoft\OmniPageSE4\OpwareSE4.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
      C:\WINDOWS\system32\ctfmon.exe
      D:\DAEMON Tools\daemon.exe
      D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Documents and Settings\Jacques\Bureaublad\dss.exe
      C:\DOCUME~1\ADMINI~1.JAC\BUREAU~1\Jacques.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: {753a7593-2ffa-e698-20b4-add50391da8e} - {e8ad1930-5dda-4b02-896e-aff23957a357} - C:\WINDOWS\system32\rrjnmyub.dll
      O2 - BHO: (no name) - {F90578A8-1011-4EA1-A212-94F041B60B52} - (no file)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Norton Ghost\Agent\VProTray.exe"
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft\OmniPageSE4\OpwareSE4.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: NBService - Nero AG - D:\Nero7Premium\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\VProSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
      O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 7554 bytes

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 CloneCD (CloneCD I/O Driver) - c:\windows\system32\drivers\clonecd.sys <Not Verified; Elaborate Bytes; CloneCD>
      R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
      R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
      R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
      R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
      R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
      R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

      S3 AVCamUSB20 (AVerTV USB 2.0) - c:\windows\system32\drivers\avtvcsmini20.sys (file missing)
      S3 Usb20Scan (USB 2.0 Still Image) - c:\windows\system32\drivers\cresscan.sys


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - "d:\pinnacle\shared files\programs\mediaserver\pmshost.exe" <Not Verified; Pinnacle Systems; Media Server>

      S3 NBService - d:\nero7premium\nero 7\nero backitup\nbservice.exe


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-03-26 and 2008-04-26 -----------------------------

      2008-04-26 20:35:35 0 d-------- C:\RVAXO
      2008-04-26 20:32:18 803317 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-04-26 20:32:18 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-04-26 20:16:50 10752 --a------ C:\WINDOWS\DCEBoot.exe
      2008-04-26 20:10:28 0 d-------- C:\Program Files\Trend Micro
      2008-04-26 19:54:10 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Macromedia
      2008-04-26 18:59:26 0 d-------- C:\WINDOWS\Prefetch
      2008-04-26 17:03:23 0 d-------- C:\Documents and Settings\Jacques\Application Data\Lavasoft
      2008-04-26 16:50:40 0 d-------- C:\Documents and Settings\Jacques\Application Data\PC Tools
      2008-04-26 16:47:31 0 d-------- C:\Documents and Settings\Jacques\Application Data\Webroot
      2008-04-26 16:19:33 0 d-------- C:\Program Files\Enigma Software Group
      2008-04-26 12:38:58 107072 --a------ C:\WINDOWS\system32\rrjnmyub.dll
      2008-04-26 11:48:10 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Micrografx
      2008-04-26 10:48:02 107072 --a------ C:\WINDOWS\system32\ycultlbp.dll
      2008-04-24 22:41:09 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Lavasoft
      2008-04-24 22:08:26 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-24 22:08:10 0 d-------- C:\Program Files\Spyware Doctor
      2008-04-24 22:08:10 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\PC Tools
      2008-04-24 22:07:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
      2008-04-24 22:07:41 0 d-------- C:\Program Files\Webroot
      2008-04-24 22:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
      2008-04-24 22:07:30 164 --a------ C:\install.dat
      2008-04-24 22:07:24 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Webroot
      2008-04-24 22:05:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-24 22:05:09 0 d-------- C:\Program Files\Lavasoft
      2008-04-24 22:04:35 0 d-------- C:\Program Files\SpywareBlaster
      2008-04-24 22:03:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-04-24 22:03:18 0 d-------- C:\Temp
      2008-04-24 21:59:33 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Local Settings
      2008-04-24 21:59:33 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Favorieten
      2008-04-24 21:59:33 0 d--hs---- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Cookies
      2008-04-24 21:59:33 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Bureaublad
      2008-04-24 21:59:33 0 dr-h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data
      2008-04-24 21:59:33 0 d---s---- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Application Data\Microsoft
      2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Sjablonen
      2008-04-24 21:59:32 0 dr-h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\SendTo
      2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Onlangs geopend
      2008-04-24 21:59:32 2359296 --ah----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\NTUSER.DAT
      2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Netwerkprinteromgeving
      2008-04-24 21:59:32 0 d--h----- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\NetHood
      2008-04-24 21:59:32 0 d-------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Mijn documenten
      2008-04-24 21:59:32 0 dr------- C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Menu Start
      2008-04-24 21:59:24 0 d--hs---- C:\WINDOWS\CSC
      2008-04-24 21:56:57 0 d-------- C:\Program Files\Hitman Pro
      2008-04-24 19:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Bimesoft
      2008-04-20 14:15:40 0 dr-h----- C:\Documents and Settings\Jacques\Onlangs geopend


      -- Find3M Report ---------------------------------------------------------------

      2008-04-26 20:40:13 483442 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-04-26 20:40:13 88762 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-04-26 17:46:33 0 d-------- C:\Program Files\Messenger
      2008-04-24 21:59:13 0 d-------- C:\Program Files\Google
      2008-03-23 15:45:08 0 d-------- C:\Documents and Settings\Jacques\Application Data\Ahead
      2008-02-23 19:57:05 30832 --a------ C:\Documents and Settings\Jacques\Application Data\GDIPFONTCACHEV1.DAT


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8ad1930-5dda-4b02-896e-aff23957a357}]
      26-04-2008 12:38 107072 --a------ C:\WINDOWS\system32\rrjnmyub.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F90578A8-1011-4EA1-A212-94F041B60B52}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
      "Norton Ghost 12.0"="D:\Norton Ghost\Agent\VProTray.exe" [28-03-2007 20:41]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20-07-2006 07:04]
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13-07-2006 08:12]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17-09-2007 01:07]
      "nwiz"="nwiz.exe" [17-09-2007 01:07 C:\WINDOWS\system32\nwiz.exe]
      "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14-01-2004 03:10]
      "NWEReboot"=""
      "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [11-03-2004 00:26]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17-09-2007 01:07]
      "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [14-05-2007 18:01]
      "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25-10-2006 10:03]
      "OpwareSE4"="D:\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04-02-2007 13:02]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 11:55]
      "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [08-03-2007 02:39]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 03:03]
      "DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [04-04-2007 00:29]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12-03-2007 13:49]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Snelle start.lnk - D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 22:05:26]
      Microsoft Office.lnk - D:\Microsoft Office\Office10\OSA.EXE [13-2-2001 10:01:04]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"




      -- End of Deckard's System Scanner: finished at 2008-04-26 20:41:19 ------------
      -----------------------

      Deckard's System Scanner extra-log:
      -----------------------
      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Professional (build 2600) SP 2.0
      Architecture: X86; Language: Dutch

      CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
      CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
      Percentage of Memory in Use: 38%
      Physical Memory (total/avail): 2031.1 MiB / 1245.84 MiB
      Pagefile Memory (total/avail): 3908.21 MiB / 3320.51 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1917.67 MiB

      C: is Fixed (NTFS) - 24.41 GiB total, 12.04 GiB free.
      D: is Fixed (NTFS) - 37.41 GiB total, 34.09 GiB free.
      E: is Fixed (NTFS) - 37.11 GiB total, 10.01 GiB free.
      F: is Fixed (NTFS) - 83.84 GiB total, 4.16 GiB free.
      G: is Fixed (NTFS) - 269.24 GiB total, 50.83 GiB free.
      H: is Fixed (NTFS) - 107.42 GiB total, 93.66 GiB free.
      I: is Fixed (NTFS) - 45.23 GiB total, 41.6 GiB free.
      J: is CDROM (No Media)
      K: is CDROM (No Media)
      L: is CDROM (No Media)
      M: is Removable (No Media)
      N: is Removable (No Media)
      O: is Removable (No Media)
      P: is Removable (No Media)
      Q: is CDROM (No Media)
      Y: is Fixed (NTFS) - 19.53 GiB total, 19.45 GiB free.
      Z: is Fixed (NTFS) - 12.86 GiB total, 8.06 GiB free.

      \\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 2 partitions
      \PARTITION0 (bootable) - Installable File System - 24.41 GiB - C:
      \PARTITION1 - Extended w/Extended Int 13 - 12.86 GiB - Z:

      \\.\PHYSICALDRIVE1 - Maxtor 6Y160P0 - 152.66 GiB - 2 partitions
      \PARTITION0 - Extended w/Extended Int 13 - 152.66 GiB - H: - I:

      \\.\PHYSICALDRIVE3 - WDC WD4000KS-00MNB0 - 372.61 GiB - 3 partitions
      \PARTITION0 - Installable File System - 83.84 GiB - F:
      \PARTITION1 - Installable File System - 269.24 GiB - G:
      \PARTITION2 - Installable File System - 19.53 GiB - Y:

      \\.\PHYSICALDRIVE2 - WDC WD800JD-22MSA1 - 74.53 GiB - 2 partitions
      \PARTITION0 - Installable File System - 37.41 GiB - D:
      \PARTITION1 - Installable File System - 37.11 GiB - E:

      \\.\PHYSICALDRIVE5 - Generic USB CF Reader USB Device

      \\.\PHYSICALDRIVE7 - Generic USB MS Reader USB Device

      \\.\PHYSICALDRIVE4 - Generic USB SD Reader USB Device

      \\.\PHYSICALDRIVE6 - Generic USB SM Reader USB Device



      -- Security Center -------------------------------------------------------------

      AUOptions is disabled.
      Windows Internal Firewall is disabled.

      FirstRunDisabled is set.
      UpdatesDisableNotify is set.

      FW: Trend Micro PC-cillin Internet Security v15 (Trend Micro, Inc.)
      AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1234 (Trend Micro, Inc.)

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

      [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
      "D:\\Pinnacle\\Studio 10\\programs\\RM.exe"="D:\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
      "D:\\Pinnacle\\Studio 10\\programs\\Studio.exe"="D:\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
      "D:\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="D:\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
      "D:\\Pinnacle\\Studio 10\\programs\\umi.exe"="D:\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
      "D:\\NewsSearcher\\NewsSearcher.exe"="D:\\NewsSearcher\\NewsSearcher.exe:*:Enabled:NewsSearcher"
      "D:\\Nero7Premium\\Nero 7\\Nero ShowTime\\ShowTime.exe"="D:\\Nero7Premium\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\Jacques\Application Data
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=JACQUES-7CCA63C
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\Jacques
      LOGONSERVER=\\JACQUES-7CCA63C
      NUMBER_OF_PROCESSORS=2
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;D:\Pinnacle\Shared Files;D:\Pinnacle\Shared Files\Filter
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0f06
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\Jacques\LOCALS~1\Temp
      TMP=C:\DOCUME~1\Jacques\LOCALS~1\Temp
      USERDOMAIN=JACQUES-7CCA63C
      USERNAME=Jacques
      USERPROFILE=C:\Documents and Settings\Jacques
      windir=C:\WINDOWS


      -- User Profiles ---------------------------------------------------------------

      Jacques (admin)
      Administrator.JACQUES-7CCA63C (admin)


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
      --> C:\WINDOWS\UNRecode.exe /UNINSTALL
      --> D:\Nero7Premium\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      7-Zip 4.32 --> "D:\7-Zip\Uninstall.exe"
      Aangifte inkomstenbelasting 2007 --> d:\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
      Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
      Adobe Download Manager 2.2 (alleen verwijderen) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
      Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 7.0.9 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A70900000002}
      Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
      ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
      Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
      Beveiligingsupdate voor Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
      Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
      Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
      Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0413.dll"
      Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
      Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
      Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
      CanoScan 8800F --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805 /L0x0013
      CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
      CDisplay 1.8 --> D:\CDisplay\unins000.exe
      CloneCD --> C:\WINDOWS\IsUninst.exe -f"d:\dvd progjes\Elaborate Bytes\CloneCD\Uninst.isu"
      Compatibiliteitspakket voor het 2007 Microsoft Office system --> MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
      Corel(R) DESIGNER(TM) 9 --> MsiExec.exe /I{E54A8977-22E8-4A64-BF2C-E60FE122733A}
      DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
      DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DVD Decrypter (Remove Only) --> "D:\DVD progjes\DVD Decrypter\uninstall.exe"
      DVD Shrink 3.2 --> "D:\DVD Shrink\unins000.exe"
      EVEREST Ultimate Edition v3.01 --> "D:\EVEREST Ultimate Edition\unins000.exe"
      FLAC 1.1.4b (remove only) --> D:\FLAC\uninstall.exe
      FreeRIP v2.70 --> "d:\Program Files\FreeRIP2\unins000.exe"
      High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
      HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
      HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Bureaublad\HijackThis.exe" /uninstall
      Hitman Pro --> "C:\Program Files\Hitman Pro\unins000.exe"
      Hotfix for MSXML 2 (KB887606) --> "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-NLD$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB897338) --> "C:\WINDOWS\$NtUninstallKB897338$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB898900) --> "C:\WINDOWS\$NtUninstallKB898900$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB913538) --> "C:\WINDOWS\$NtUninstallKB913538$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB917021) --> "C:\WINDOWS\$NtUninstallKB917021$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB918093) --> "C:\WINDOWS\$NtUninstallKB918093$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB918997) --> "C:\WINDOWS\$NtUninstallKB918997$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB921411) --> "C:\WINDOWS\$NtUninstallKB921411$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB924867) --> "C:\WINDOWS\$NtUninstallKB924867$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB924941) --> "C:\WINDOWS\$NtUninstallKB924941$\spuninst\spuninst.exe"
      Hotfix voor Windows XP (KB928388) --> "C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
      Intel(R) Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
      InterVideo FilterSDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A15ED800-19FF-11D5-AF7F-0050BA1191E9}\setup.exe" REMOVEALL
      Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
      Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
      Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
      Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
      KB898458: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
      LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
      Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
      Micrografx Picture Publisher 10 --> MsiExec.exe /I{04AABF6D-55C5-4779-ABF9-992016E913A2}
      Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft Office XP Professional --> MsiExec.exe /I{91110413-6000-11D3-8CFE-0050048383C9}
      Microsoft SQL Server Desktop Engine (PINNACLESYS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
      Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
      Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
      MIDI MP3 Converter 3.00 --> "D:\MIDI MP3 Converter\unins000.exe"
      MIKSOFT Mobile AMR converter --> "C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe"
      MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
      Nero 7 Premium --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1043}
      neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
      NewsLeecher --> "D:\NewsLeecher\uninstall.exe"
      NewsSearcher --> "D:\NewsSearcher\Uninstall.exe"
      Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}
      NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
      Pakket voor de provider van Microsoft Base-smartcardcryptografieservice --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
      Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x13 UNINSTALL
      Pinnacle MediaServer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x13 UNINSTALL
      PowerQuest PartitionMagic Pro 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}\Setup.exe"
      Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
      QuickPar 0.9 --> D:\QuickPar\uninst.exe
      RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
      ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
      SilverFast CanonSDK-SE 6.5.0r7a --> d:\SilverFast Application\SilverFast CanonSDK-SE\uninst.exe
      SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
      SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x13 -removeonly
      Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
      Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
      SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
      Studio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x13 UNINSTALL
      System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
      Terugwaartse compatibiliteit van Windows Rights Management Client SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
      Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
      Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
      Update voor Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe"
      Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
      Update voor Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
      Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
      Update voor Windows XP (KB908521) --> "C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
      Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
      Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
      Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
      Update voor Windows XP (KB916846) --> "C:\WINDOWS\$NtUninstallKB916846$\spuninst\spuninst.exe"
      Update voor Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
      Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
      Update voor Windows XP (KB922120) --> "C:\WINDOWS\$NtUninstallKB922120$\spuninst\spuninst.exe"
      Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
      Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      Windows Rights Management Client met Service Pack 2 --> MsiExec.exe /X{13902DA3-1CE3-47E8-A42F-440FFC2BAC2F}
      WinRail 5.0 --> D:\WINRAI~1.0\UNWISE.EXE D:\WINRAI~1.0\INSTALL.LOG
      WinRAR --> D:\WinRAR\uninstall.exe


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type11554 / Warning
      Event Submitted/Written: 04/26/2008 08:35:46 PM
      Event ID/Source: 19011 / MSSQL$PINNACLESYS
      Event Description:
      (SpnRegister) : Error 1355

      Event Record #/Type11545 / Warning
      Event Submitted/Written: 04/26/2008 08:27:01 PM
      Event ID/Source: 19011 / MSSQL$PINNACLESYS
      Event Description:
      (SpnRegister) : Error 1355

      Event Record #/Type11540 / Error
      Event Submitted/Written: 04/26/2008 08:11:58 PM
      Event ID/Source: 8 / crypt32
      Event Description:
      Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> opvragen van de automatische update van het basislijstvolgordenummer van derden is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode verlopen is.

      Event Record #/Type11523 / Warning
      Event Submitted/Written: 04/26/2008 08:04:26 PM
      Event ID/Source: 19011 / MSSQL$PINNACLESYS
      Event Description:
      (SpnRegister) : Error 1355

      Event Record #/Type11520 / Warning
      Event Submitted/Written: 04/26/2008 08:01:52 PM
      Event ID/Source: 1015 / MsiInstaller
      Event Description:
      Kan geen verbinding met de server maken. Fout: 0x8007043C



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type29041 / Error
      Event Submitted/Written: 04/26/2008 08:37:53 PM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
      om de server
      {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

      Event Record #/Type29040 / Error
      Event Submitted/Written: 04/26/2008 08:37:52 PM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
      om de server
      {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

      Event Record #/Type29038 / Error
      Event Submitted/Written: 04/26/2008 08:37:50 PM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM kreeg foutmelding '%%1058' bij het starten van de NMIndexingService-service met de argumenten ''
      om de server
      {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7} te starten

      Event Record #/Type29016 / Error
      Event Submitted/Written: 04/26/2008 08:32:48 PM
      Event ID/Source: 7026 / Service Control Manager
      Event Description:
      De volgende opstartstuurprogramma's zijn niet geladen:
      Fips
      intelppm
      PCLEPCI
      tmtdi

      Event Record #/Type29015 / Error
      Event Submitted/Written: 04/26/2008 08:32:48 PM
      Event ID/Source: 7001 / Service Control Manager
      Event Description:
      De Trend Micro Proxy Service-service is afhankelijk van de Trend Micro TDI Driver-service, die vanwege de volgende fout niet kan worden gestart:
      %%31



      -- End of Deckard's System Scanner: finished at 2008-04-26 20:41:19 ------------
      -----------------------

      Comment


      • #4
        Start Hijackthis en vink alleen de volgende regels aan:
        O2 - BHO: {753a7593-2ffa-e698-20b4-add50391da8e} - {e8ad1930-5dda-4b02-896e-aff23957a357} - C:\WINDOWS\system32\rrjnmyub.dll
        O2 - BHO: (no name) - {F90578A8-1011-4EA1-A212-94F041B60B52} - (no file)
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

        Herstart nu even je computer.

        Post na de herstart een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:59:08, on 26-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.5730.0013)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          D:\Norton Ghost\Agent\VProTray.exe
          C:\Program Files\Analog Devices\Core\smax4pnp.exe
          C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          D:\ScanSoft\OmniPageSE4\OpwareSE4.exe
          C:\Program Files\Spyware Doctor\pctsTray.exe
          C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
          C:\WINDOWS\system32\ctfmon.exe
          D:\DAEMON Tools\daemon.exe
          D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
          D:\Norton Ghost\Agent\VProSvc.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
          D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
          C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
          C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          R:\HiJackThis.exe
          C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Norton Ghost\Agent\VProTray.exe"
          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
          O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
          O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
          O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
          O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft\OmniPageSE4\OpwareSE4.exe"
          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
          O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: NBService - Nero AG - D:\Nero7Premium\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\VProSvc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
          O23 - Service: Trend Micro Beveiliging tegen spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
          O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
          O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
          O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

          --
          End of file - 7156 bytes

          Comment


          • #6
            Verwijder de volgende map:
            C:\Documents and Settings\Administrator.JACQUES-7CCA63C\Bureaublad\backups

            Verwijder de volgende bestanden indien aanwezig:
            C:\WINDOWS\system32\rrjnmyub.dll
            C:\WINDOWS\system32\ycultlbp.dll

            Maak dan je prullenbak leeg.

            Vertel of er nog problemen zijn

            Comment


            • #7
              De eerste map staat in geen enkele "Documents & Users" map.

              Van de 2 bestanden was enkelt de 2de aanwezig, en toen ik ging verrifieren of het werkelijk dit bestand was verdween hij onder mijn neus kort nadat ik een melding kreeg van een Trojan, die ook meteen weer verwijderd werd. En sindsdien is het bestand niet terug gekomen.

              Wat moet ik nu doen?

              Comment


              • #8
                Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Doe daarna eens een volledige systeemscan met je virusscanner en laat alles verwijderen dat gevonden wordt

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X