Mededeling

Collapse
No announcement yet.

limewire virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • limewire virus

    MIJN probleem is dat mijn taakbeheer et niet meer doet
    als ik alt+ctrl+del doe gebeurt er niks als ik Windows/system32 en dubbelklik op taskmgr.exe
    dan staat er:
    Dit bestand wordt momenteel door een ander progama gebruikt
    en limewire open zich van zelf er komt een limwire icoon recht onder ik kan geen limewire opnenen ik heb nu limewire verwijdert maar mijn taakbeheer doet het niet

    ik heb dit virus gekeregen van limewire volgens mij want mijn oom zat om mijn computer

    Ik krijg nu ook zomaar reclames van internet ik heb mijn pop-up aan staan?



    mijn log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:50:28, on 8-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Documents and Settings\Daniel\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\documents and settings\daniel\local settings\application data\gduwuqd.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [_iexplorer] C:\Programdata\System\iexplorer.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Daniel\svchost.exe
    O4 - HKLM\..\Run: [d853cb5d] rundll32.exe "C:\WINDOWS\system32\ljlmrojo.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [_iexplorer] C:\Programdata\System\iexplorer.exe
    O4 - HKCU\..\Run: [gduwuqd] c:\documents and settings\daniel\local settings\application data\gduwuqd.exe gduwuqd
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172253956656
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camacvt.vmail.ch:82/activex/AxisCamControl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://www.smscity.nl/members/voip/smscity.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O24 - Desktop Component 1: (no name) - http://www.speedtaz.com/list.php

    --
    End of file - 13281 bytes

    ________________________

    MIJN ONLINE scan

    KASPERSKY ONLINE SCANNER REPORT
    Thursday, May 08, 2008 1:05:57 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/05/2008
    Kaspersky Anti-Virus database records: 666727


    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target Critical Areas
    C:\WINDOWS
    C:\DOCUME~1\Daniel\LOCALS~1\Temp\

    Scan Statistics
    Total number of scanned objects 29137
    Number of viruses found 2
    Number of infected objects 11
    Number of suspicious objects 0
    Duration of the scan process 00:49:19

    Infected Object Name Virus Name Last Action
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\regedit.exe Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{9C47913D-2561-452B-A9A4-1E9CA43659FF}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\9ycr1rt5418037t18g3e41.JPEG/BAT Infected: Trojan.BAT.Qhost.aa skipped

    C:\WINDOWS\system32\9ycr1rt5418037t18g3e41.JPEG QuickBatch: infected - 1 skipped

    C:\WINDOWS\system32\9ycr1rt5418037t18g3e41.JPEG UPX: infected - 1 skipped

    C:\WINDOWS\system32\9ycr1rt5418037t18g3e41.JPEG PE_Patch.UPX: infected - 1 skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\cmd.exe Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\ipconfig.exe Object is locked skipped

    C:\WINDOWS\system32\jodhjros.dll Infected: Trojan.Win32.Monder.gen skipped

    C:\WINDOWS\system32\ljlmrojo.dll Infected: Trojan.Win32.Monder.gen skipped

    C:\WINDOWS\system32\msnmsgr.exe/BAT Infected: Trojan.BAT.Qhost.aa skipped

    C:\WINDOWS\system32\msnmsgr.exe QuickBatch: infected - 1 skipped

    C:\WINDOWS\system32\msnmsgr.exe UPX: infected - 1 skipped

    C:\WINDOWS\system32\msnmsgr.exe PE_Patch.UPX: infected - 1 skipped

    C:\WINDOWS\system32\netstat.exe Object is locked skipped

    C:\WINDOWS\system32\ping.exe Object is locked skipped

    C:\WINDOWS\system32\regedt32.exe Object is locked skipped

    C:\WINDOWS\system32\taskkill.exe Object is locked skipped

    C:\WINDOWS\system32\taskmgr.exe Object is locked skipped

    C:\WINDOWS\system32\tracert.exe Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\system32\xxyvvWoL.dll Infected: Trojan.Win32.Monder.gen skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_29c.dat Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    C:\DOCUME~1\Daniel\LOCALS~1\Temp\lilo2 Object is locked skipped

    C:\DOCUME~1\Daniel\LOCALS~1\Temp\lilo3 Object is locked skipped

    C:\DOCUME~1\Daniel\LOCALS~1\Temp\lilo4 Object is locked skipped

    C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DF6693.tmp Object is locked skipped

    C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DF669F.tmp Object is locked skipped

    C:\DOCUME~1\Daniel\LOCALS~1\Temp\~DFB771.tmp Object is locked skipped

    Scan process completed.
    Last edited by daniel92; 08-05-08, 12:30.

  • #2
    ik krijg deze melding ook soms te zien als ik op internet ben sorry voor dubbel post maar ik kan het niet meer bewerken

    Comment


    • #3
      Download VirtumundoBegone (mirror)
      Sla dit op op je bureaublad.

      Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
      Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
      Als de fix klaar is, start je de pc opnieuw op.
      Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


      Start Hijackthis en vink alleen de volgende regels aan:
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O4 - HKLM\..\Run: [_iexplorer] C:\Programdata\System\iexplorer.exe
      O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Daniel\svchost.exe
      O4 - HKLM\..\Run: [d853cb5d] rundll32.exe "C:\WINDOWS\system32\ljlmrojo.dll",b
      O4 - HKCU\..\Run: [_iexplorer] C:\Programdata\System\iexplorer.exe
      O4 - HKCU\..\Run: [gduwuqd] c:\documents and settings\daniel\local settings\application data\gduwuqd.exe gduwuqd

      Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Start de computer in veilige modus.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Deckard's System Scanner naar je Bureaublad.
      • Sluit alle toepassingen en vensters.
      • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
      • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
      • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

      Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
      - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
      Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
      Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

      Comment


      • #4
        log van
        VirtumundoBeGone

        [05/08/2008, 18:19:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Daniel\Bureaublad\VirtumundoBeGone.exe" )
        [05/08/2008, 18:19:58] - Detected System Information:
        [05/08/2008, 18:19:58] - Windows Version: 5.1.2600, Service Pack 2
        [05/08/2008, 18:19:58] - Current Username: Daniel (Admin)
        [05/08/2008, 18:19:58] - Windows is in NORMAL mode.
        [05/08/2008, 18:19:58] - Searching for Browser Helper Objects:
        [05/08/2008, 18:19:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
        [05/08/2008, 18:19:58] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
        [05/08/2008, 18:19:58] - BHO 3: {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} ()
        [05/08/2008, 18:19:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:19:58] - No filename found. Continuing.
        [05/08/2008, 18:19:58] - BHO 4: {62B5CFDC-7B77-4850-95B2-1C88FE11B990} ()
        [05/08/2008, 18:19:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:19:58] - Checking for HKLM\...\Winlogon\Notify\xxyvvWoL
        [05/08/2008, 18:19:58] - Key not found: HKLM\...\Winlogon\Notify\xxyvvWoL, continuing.
        [05/08/2008, 18:19:58] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
        [05/08/2008, 18:19:58] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [05/08/2008, 18:19:58] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [05/08/2008, 18:19:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:19:58] - No filename found. Continuing.
        [05/08/2008, 18:19:58] - BHO 8: {89d49641-1e26-46db-b43e-801648b931ca} ()
        [05/08/2008, 18:19:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:19:58] - Checking for HKLM\...\Winlogon\Notify\jodhjros
        [05/08/2008, 18:19:58] - Key not found: HKLM\...\Winlogon\Notify\jodhjros, continuing.
        [05/08/2008, 18:19:58] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
        [05/08/2008, 18:19:58] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
        [05/08/2008, 18:19:58] - BHO 11: {AB692F9B-27FE-4511-8885-ED62BB45197B} (WebPerform Object)
        [05/08/2008, 18:19:58] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
        [05/08/2008, 18:19:58] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
        [05/08/2008, 18:19:58] - Finished Searching Browser Helper Objects
        [05/08/2008, 18:19:58] - Finishing up...
        [05/08/2008, 18:19:58] - Nothing found! Exiting...

        [05/08/2008, 18:20:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Daniel\Bureaublad\VirtumundoBeGone.exe" )
        [05/08/2008, 18:20:37] - Detected System Information:
        [05/08/2008, 18:20:37] - Windows Version: 5.1.2600, Service Pack 2
        [05/08/2008, 18:20:37] - Current Username: Daniel (Admin)
        [05/08/2008, 18:20:37] - Windows is in NORMAL mode.
        [05/08/2008, 18:20:37] - Searching for Browser Helper Objects:
        [05/08/2008, 18:20:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
        [05/08/2008, 18:20:37] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
        [05/08/2008, 18:20:37] - BHO 3: {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} ()
        [05/08/2008, 18:20:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:20:37] - No filename found. Continuing.
        [05/08/2008, 18:20:37] - BHO 4: {62B5CFDC-7B77-4850-95B2-1C88FE11B990} ()
        [05/08/2008, 18:20:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:20:37] - Checking for HKLM\...\Winlogon\Notify\xxyvvWoL
        [05/08/2008, 18:20:37] - Key not found: HKLM\...\Winlogon\Notify\xxyvvWoL, continuing.
        [05/08/2008, 18:20:37] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
        [05/08/2008, 18:20:37] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [05/08/2008, 18:20:37] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [05/08/2008, 18:20:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:20:37] - No filename found. Continuing.
        [05/08/2008, 18:20:37] - BHO 8: {89d49641-1e26-46db-b43e-801648b931ca} ()
        [05/08/2008, 18:20:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [05/08/2008, 18:20:37] - Checking for HKLM\...\Winlogon\Notify\jodhjros
        [05/08/2008, 18:20:37] - Key not found: HKLM\...\Winlogon\Notify\jodhjros, continuing.
        [05/08/2008, 18:20:37] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
        [05/08/2008, 18:20:37] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
        [05/08/2008, 18:20:37] - BHO 11: {AB692F9B-27FE-4511-8885-ED62BB45197B} (WebPerform Object)
        [05/08/2008, 18:20:37] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
        [05/08/2008, 18:20:37] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
        [05/08/2008, 18:20:37] - Finished Searching Browser Helper Objects
        [05/08/2008, 18:20:37] - Finishing up...
        [05/08/2008, 18:20:37] - Nothing found! Exiting...





        bij RVAXO heb ik een map gekreegen op de bureaublad met de naam
        %USERPROFILE%

        in deze map staat een map: Local Settings indeze map staat weer
        Application Data in deze map staat Microsoft in deze mak staat Feeds Cache
        daarin staat 4 mapen DILX05HF, FEVI9EAY, WWWFUKWG, YXMX45VJ en twee bedtanden desktop.ini en index.dat

        maar er is geen log van RVAXO

        Comment


        • #5
          Probeer deze eens: RemoveVideoActiveXObject.exe

          Comment


          • #6
            ---RVAXO.exe Updated: 2008-05-08---first run---
            Uninstallers:

            Files found:
            C:\WINDOWS\system32\LoWvvyxx.ini2
            C:\WINDOWS\system32\mcrh.tmp
            C:\DEL5.BAT

            Folders Found:
            C:\Program Files\FunWebProducts
            C:\Program Files\MyWebSearch

            Hosts-file was reset, If you use a custom hosts file please replace it...

            --------------RVAXO.exe last run---------------
            Not deleted items:

            --------------RVAXO.exe finished----------------

            Comment


            • #7
              ik heb er 2 van dss

              de eerste heet extra.txt :
              Deckard's System Scanner v20071014.68
              Extra logfile - please post this as an attachment with your post.
              --------------------------------------------------------------------------------

              -- System Information ----------------------------------------------------------

              Microsoft Windows XP Home Edition (build 2600) SP 2.0
              Architecture: X86; Language: Dutch

              CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
              CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
              Percentage of Memory in Use: 47%
              Physical Memory (total/avail): 1022.54 MiB / 540.37 MiB
              Pagefile Memory (total/avail): 2464.29 MiB / 1940.35 MiB
              Virtual Memory (total/avail): 2047.88 MiB / 1921.12 MiB

              C: is Fixed (NTFS) - 232.88 GiB total, 179.08 GiB free.
              D: is Fixed (NTFS) - 232.88 GiB total, 232.59 GiB free.
              E: is CDROM (No Media)
              F: is Removable (No Media)
              G: is Removable (No Media)
              H: is Removable (No Media)
              I: is Removable (No Media)
              J: is Removable (No Media)
              K: is CDROM (No Media)

              \\.\PHYSICALDRIVE0 - ST3250820AS - 232.88 GiB - 1 partition
              \PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

              \\.\PHYSICALDRIVE1 - ST3250820AS - 232.88 GiB - 1 partition
              \PARTITION0 (bootable) - Installable File System - 232.88 GiB - D:

              \\.\PHYSICALDRIVE2 - Generic 2.0 Reader -CF USB Device

              \\.\PHYSICALDRIVE5 - Generic 2.0 Reader -MS USB Device

              \\.\PHYSICALDRIVE4 - Generic 2.0 Reader -SD USB Device

              \\.\PHYSICALDRIVE3 - Generic 2.0 Reader -SM USB Device

              \\.\PHYSICALDRIVE6 - Generic 2.0 Reader -xD USB Device



              -- Security Center -------------------------------------------------------------

              AUOptions is scheduled to auto-install.
              Windows Internal Firewall is enabled.

              FirstRunDisabled is set.
              AntiVirusDisableNotify is set.
              FirewallDisableNotify is set.

              FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
              AV: AVG 7.5.516 v7.5.516 (Grisoft)

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
              "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
              "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
              "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
              "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
              "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
              "C:\\Program Files\\Swapper\\Swapper.exe"="C:\\Program Files\\Swapper\\Swapper.exe:*:Enabled:Wambo"
              "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
              "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
              "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
              "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
              "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
              "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
              "C:\\Documents and Settings\\Daniel\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Daniel\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
              "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
              "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
              "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
              "C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"="C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall"
              "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
              "C:\\Nexon\\KartRider\\NMService.exe"="C:\\Nexon\\KartRider\\NMService.exe:*:Enabled:Nexon Messenger Core"
              "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer"
              "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
              "C:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"="C:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe:*:Enabled:Adobe Flash CS3"
              "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
              "C:\\Program Files\\demoxi\\identity\\0.8.1.590\\bin\\demoxi.exe"="C:\\Program Files\\demoxi\\identity\\0.8.1.590\\bin\\demoxi.exe:*:Enabled:demoxi"
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
              "C:\\Program Files\\demoxi\\identity\\0.8.1.660\\bin\\demoxi.exe"="C:\\Program Files\\demoxi\\identity\\0.8.1.660\\bin\\demoxi.exe:*:Enabled:demoxi"
              "C:\\Program Files\\demoxi\\identity\\0.8.1.694\\bin\\demoxi.exe"="C:\\Program Files\\demoxi\\identity\\0.8.1.694\\bin\\demoxi.exe:*:Enabled:demoxi"
              "C:\\Program Files\\demoxi\\identity\\0.8.1.1169\\bin\\demoxi.exe"="C:\\Program Files\\demoxi\\identity\\0.8.1.1169\\bin\\demoxi.exe:*:Enabled:demoxi"
              "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
              "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"


              -- Environment Variables -------------------------------------------------------

              ALLUSERSPROFILE=C:\Documents and Settings\All Users
              APPDATA=C:\Documents and Settings\Daniel\Application Data
              CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
              CLIENTNAME=Console
              CommonProgramFiles=C:\Program Files\Common Files
              COMPUTERNAME=LUIS
              ComSpec=C:\WINDOWS\system32\cmd.exe
              FP_NO_HOST_CHECK=NO
              HOMEDRIVE=C:
              HOMEPATH=\Documents and Settings\Daniel
              LOGONSERVER=\\LUIS
              NUMBER_OF_PROCESSORS=2
              OS=Windows_NT
              Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
              PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
              PROCESSOR_ARCHITECTURE=x86
              PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
              PROCESSOR_LEVEL=15
              PROCESSOR_REVISION=0407
              ProgramFiles=C:\Program Files
              PROMPT=$P$G
              QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
              SESSIONNAME=Console
              SystemDrive=C:
              SystemRoot=C:\WINDOWS
              TEMP=C:\DOCUME~1\Daniel\LOCALS~1\Temp
              TMP=C:\DOCUME~1\Daniel\LOCALS~1\Temp
              USERDOMAIN=LUIS
              USERNAME=Daniel
              USERPROFILE=C:\Documents and Settings\Daniel
              windir=C:\WINDOWS


              -- User Profiles ---------------------------------------------------------------

              luis manuel (admin)
              Daniel (admin)
              Miguel (admin)


              -- Add/Remove Programs ---------------------------------------------------------

              --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
              --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
              --> C:\WINDOWS\IsUn0413.exe -fC:\WINDOWS\orun32.isu
              --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
              Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
              Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
              Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
              Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
              Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
              Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
              Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
              Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
              Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
              Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
              Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
              Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
              Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
              Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
              Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
              Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\893d493b790ce9f4aa22ca64b20a26b\Setup.exe
              Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
              Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
              Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
              Adobe Flash Video Encoder --> MsiExec.exe /I{37D0B3E0-A45F-4F7F-B331-4092C46B2EEF}
              Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
              Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
              Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
              Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
              Adobe Setup --> MsiExec.exe /I{1C5F707F-0943-4E21-9848-9C25CBC2A76E}
              Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
              Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
              Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
              Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
              Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
              Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
              Animation Shop 3 Try And Buy --> MsiExec.exe /I{4B2B78EC-5111-4C0E-A955-0D84BBA49740}
              µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
              AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
              AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
              AXIS Media Control --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
              Beach King --> C:\PROGRA~1\Davilex\BEACHK~1\UNINST32.EXE C:\PROGRA~1\Davilex\BEACHK~1\INSTALL.LOG
              benficawpv04.zip --> C:\PROGRA~1\FILESU~1\BENFIC~1.ZIP\UNWISE.EXE C:\PROGRA~1\FILESU~1\BENFIC~1.ZIP\INSTALL.LOG
              Beveiligingsupdate for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
              Beveiligingsupdate for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB926247) --> "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
              Beveiligingsupdate voor Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
              Camtasia Studio 4 --> MsiExec.exe /I{1BA16E5A-72B9-44B7-9FDA-FB6CE7FF6C0C}
              CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
              cladDVD.NET v3.5.7 --> MsiExec.exe /I{29391B62-5DC8-4EAC-8ED7-7DDD5CFEFCAD}
              Compatibiliteitspakket voor het 2007 Microsoft Office system --> MsiExec.exe /X{90120000-0020-0413-0000-0000000FF1CE}
              DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
              DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
              DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
              DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
              DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
              Easy Cover Print 2.3 --> C:\PROGRA~1\EASYCO~1\UNWISE.EXE C:\PROGRA~1\EASYCO~1\INSTALL.LOG
              Expert Pool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Psygnosis\Expert Pool\Uninst.isu"
              Extensie voor Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{91897B2C-B407-48C2-A76C-E6AC47A9B6A0}
              Favorit --> "c:\documents and settings\daniel\local settings\application data\gduwuqd.exe" -uninstall
              FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x13 ControlPanel
              Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
              Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
              GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
              HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
              Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
              Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB898900) --> "C:\WINDOWS\$NtUninstallKB898900$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB910728) --> "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB912475) --> "C:\WINDOWS\$NtUninstallKB912475$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB913538) --> "C:\WINDOWS\$NtUninstallKB913538$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB914841) --> "C:\WINDOWS\$NtUninstallKB914841$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB917021) --> "C:\WINDOWS\$NtUninstallKB917021$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB917730) --> "C:\WINDOWS\$NtUninstallKB917730$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB921411) --> "C:\WINDOWS\$NtUninstallKB921411$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB923232) --> "C:\WINDOWS\$NtUninstallKB923232$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB924867) --> "C:\WINDOWS\$NtUninstallKB924867$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB924941) --> "C:\WINDOWS\$NtUninstallKB924941$\spuninst\spuninst.exe"
              Hotfix voor Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
              IconEdit32 --> C:\PROGRA~1\ICONED~1\UNWISE.EXE C:\PROGRA~1\ICONED~1\INSTALL.LOG
              InternetGameBox --> C:\Program Files\InternetGameBox\uninst.exe
              InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
              J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
              J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
              Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
              Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
              Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
              Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
              Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
              KB888111: High Definition Audio --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
              KB898458: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
              KB923723: Beveiligingsupdate voor Step by Step Interactive Training --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
              L&H TTS3000 Nederlands --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSDUN.inf, Uninstall
              Lexmark 1200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
              Livebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x13
              LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
              Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
              Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x13 UNINSTALL
              Logitech Legacy USB Camera-stuurprogrammapakket --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.40.1235\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.40" /clone_wait /hide_progress
              Logitech QuickCam-stuurprogrammapakket --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
              Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
              Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
              Markeringviewer (Windows Live Toolbar) --> MsiExec.exe /X{1509FC50-85B6-4F17-8223-423B86BF7FE3}
              Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
              Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
              Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
              Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
              Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
              Microsoft Office Groove MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00BA-0413-0000-0000000FF1CE}
              Microsoft Office InfoPath MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}
              Microsoft Office OneNote MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}
              Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
              Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
              Microsoft Office PowerPoint Viewer 2007 (Dutch) --> MsiExec.exe /X{95120000-00AF-0413-0000-0000000FF1CE}
              Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
              Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
              Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
              Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
              Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
              Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
              Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
              Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
              Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850413-6000-11D3-8CFE-0150048383C9}
              Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
              Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
              Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
              Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
              Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
              Microsoft Works --> MsiExec.exe /I{A2A0A82F-025F-458d-A0CD-9BB2320804B5}
              MP3 Player Utilities 4.00 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
              MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
              Nero 6 Enterprise Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
              neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
              Norton™ Security Scan --> MsiExec.exe /I{666CF041-77BE-414E-9A9D-0A227E9B48F8}
              NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
              Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
              PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
              Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
              PLAYSTATION(R)Network Downloader --> MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
              Pocketwoordenboeken --> "C:\WINDOWS\Pocketwoordenboeken\uninstall.exe" "/U:C:\Program Files\Pocketwoordenboeken\Uninstall\uninstall.xml"
              PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
              PTFB Pro 3.3.5.0 --> "C:\Program Files\Technology Lighthouse\PTFB Pro\unins000.exe"
              QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
              RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
              Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
              Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
              Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
              Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
              Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
              Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
              Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
              Sitecom Wireless Network USB Adapter Turbo G WL-172 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
              Smart Menu's (Windows Live Toolbar) --> MsiExec.exe /X{DC54F2F8-C26F-4D22-B92D-7075BC626106}
              SopCast 3.0.1 --> C:\Program Files\SopCast\uninst.exe
              Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
              Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
              Update voor Windows XP (KB896427) --> "C:\WINDOWS\$NtUninstallKB896427$\spuninst\spuninst.exe"
              Update voor Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe"
              Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
              Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
              Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
              Update voor Windows XP (KB908521) --> "C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
              Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
              Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
              Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
              Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
              Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
              Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
              Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
              Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
              Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
              Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
              Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
              Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
              Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
              Update voor Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
              VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
              VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
              Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
              WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
              WebIQ Technology Engine --> C:\WINDOWS\system32\WebIQEngineSetup.exe u
              Win AVI HelixSDK --> "C:\Program Files\WinAVI Video Converter\HelixSDK\unins000.exe"
              WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
              Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
              Windows Live aanmeldhulp --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
              Windows Live Favorites voor Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
              Windows Live Fotogalerij --> MsiExec.exe /X{CE1F009A-A02C-47B7-81EA-8EB758E6931D}
              Windows Live installer --> MsiExec.exe /X{A258173E-F308-475A-951B-F1BF76A4451B}
              Windows Live Mail --> MsiExec.exe /I{DB8DEC88-4D53-4A3A-964A-D22509D27455}
              Windows Live Messenger --> MsiExec.exe /X{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}
              Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {CE0E8D6F-1F0A-433A-98E1-2096568E968F}
              Windows Live Toolbar --> MsiExec.exe /X{CE0E8D6F-1F0A-433A-98E1-2096568E968F}
              Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
              Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
              Windows XP Winter Fun Pack for Windows Movie Maker 2 --> MsiExec.exe /I{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}
              WinRAR --> C:\Program Files\WinRAR\uninstall.exe


              -- Application Event Log -------------------------------------------------------

              Event Record #/Type7640 / Warning
              Event Submitted/Written: 05/08/2008 07:14:55 PM
              Event ID/Source: 4149 / Ci
              Event Description:
              Het USN-logboek voor NTFS-volume c: kan niet worden gelezen. De foutcode is 0xC000003E.
              Het volume blijft off line totdat de Indexing-service (cisvc) opnieuw is gestart.

              Event Record #/Type7632 / Warning
              Event Submitted/Written: 05/08/2008 07:08:05 PM
              Event ID/Source: 1001 / MsiInstaller
              Event Description:
              De detectie van product {945AC98B-3DC8-45BE-BAE0-22CEEE37A103}, functie QuickCam is mislukt tijdens het aanvragen van onderdeel {C207503F-9631-4AF6-8CD2-D11260DBA3C5}

              Event Record #/Type7631 / Warning
              Event Submitted/Written: 05/08/2008 07:08:05 PM
              Event ID/Source: 1004 / MsiInstaller
              Event Description:
              De detectie van product {945AC98B-3DC8-45BE-BAE0-22CEEE37A103}, functie QuickCam, onderdeel {B52C7B4D-F46F-438C-ADF2-05A138C57757} is mislukt. De bron HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey bestaat niet.

              Event Record #/Type7630 / Warning
              Event Submitted/Written: 05/08/2008 07:08:05 PM
              Event ID/Source: 1001 / MsiInstaller
              Event Description:
              De detectie van product {945AC98B-3DC8-45BE-BAE0-22CEEE37A103}, functie QuickCam is mislukt tijdens het aanvragen van onderdeel {C207503F-9631-4AF6-8CD2-D11260DBA3C5}

              Event Record #/Type7629 / Warning
              Event Submitted/Written: 05/08/2008 07:08:05 PM
              Event ID/Source: 1004 / MsiInstaller
              Event Description:
              De detectie van product {945AC98B-3DC8-45BE-BAE0-22CEEE37A103}, functie QuickCam, onderdeel {B52C7B4D-F46F-438C-ADF2-05A138C57757} is mislukt. De bron HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey bestaat niet.



              -- Security Event Log ----------------------------------------------------------

              No Errors/Warnings found.


              -- System Event Log ------------------------------------------------------------

              Event Record #/Type53478 / Error
              Event Submitted/Written: 05/08/2008 07:07:30 PM
              Event ID/Source: 7026 / Service Control Manager
              Event Description:
              De volgende opstartstuurprogramma's zijn niet geladen:
              removigbb

              Event Record #/Type53448 / Error
              Event Submitted/Written: 05/08/2008 06:58:11 PM
              Event ID/Source: 7026 / Service Control Manager
              Event Description:
              De volgende opstartstuurprogramma's zijn niet geladen:
              removigbb

              Event Record #/Type53419 / Error
              Event Submitted/Written: 05/08/2008 06:42:40 PM
              Event ID/Source: 7026 / Service Control Manager
              Event Description:
              De volgende opstartstuurprogramma's zijn niet geladen:
              removigbb

              Event Record #/Type53404 / Error
              Event Submitted/Written: 05/08/2008 06:39:18 PM
              Event ID/Source: 7026 / Service Control Manager
              Event Description:
              De volgende opstartstuurprogramma's zijn niet geladen:
              removigbb

              Event Record #/Type53357 / Error
              Event Submitted/Written: 05/08/2008 06:34:37 PM
              Event ID/Source: 7026 / Service Control Manager
              Event Description:
              De volgende opstartstuurprogramma's zijn niet geladen:
              removigbb



              -- End of Deckard's System Scanner: finished at 2008-05-08 19:15:55 ------------

              Comment


              • #8
                de tweede is main.txt :

                Deckard's System Scanner v20071014.68
                Run by Daniel on 2008-05-08 19:11:59
                Computer is in Normal Mode.
                --------------------------------------------------------------------------------

                -- System Restore --------------------------------------------------------------



                -- Last 5 Restore Point(s) --
                60: 2008-05-08 16:55:04 UTC - RP388 - Deckard's System Scanner Restore Point
                59: 2008-05-08 13:35:20 UTC - RP387 - Geïnstalleerd RollerCoaster Tycoon 2
                58: 2008-05-08 13:34:52 UTC - RP386 - Geïnstalleerd RollerCoaster Tycoon 2
                57: 2008-05-08 13:34:12 UTC - RP385 - Verwijderd RollerCoaster Tycoon 2
                56: 2008-05-07 10:09:04 UTC - RP384 - Last known good configuration


                -- First Restore Point --
                1: 2008-05-07 10:06:43 UTC - RP329 - Installed Windows IDNMitigationAPIs.


                Backed up registry hives.
                Performed disk cleanup.



                -- HijackThis (run as Daniel.exe) ----------------------------------------------

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 19:15:00, on 8-5-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\LEXBCES.EXE
                C:\WINDOWS\system32\LEXPPS.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                C:\Program Files\Bonjour\mDNSResponder.exe
                C:\WINDOWS\system32\cisvc.exe
                C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                C:\WINDOWS\system32\nvsvc32.exe
                C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                C:\WINDOWS\system32\PnkBstrA.exe
                C:\WINDOWS\system32\tcpsvcs.exe
                C:\WINDOWS\System32\snmp.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                C:\WINDOWS\RTHDCPL.EXE
                C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
                C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                C:\Program Files\QuickTime\QTTask.exe
                C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
                C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                C:\WINDOWS\system32\RUNDLL32.EXE
                C:\WINDOWS\system32\rundll32.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
                C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\WINDOWS\explorer.exe
                C:\Documents and Settings\Daniel\Bureaublad\dss.exe
                C:\PROGRA~1\TRENDM~1\HIJACK~1\Daniel.exe
                C:\WINDOWS\system32\cidaemon.exe

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                O2 - BHO: (no name) - {4AE1098F-C6CB-4B99-AEDD-483DAEF9D65F} - C:\WINDOWS\system32\xxyvvWoL.dll
                O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - (no file)
                O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O2 - BHO: (no name) - {89d49641-1e26-46db-b43e-801648b931ca} - C:\WINDOWS\system32\jodhjros.dll
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
                O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
                O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [d853cb5d] rundll32.exe "C:\WINDOWS\system32\ljlmrojo.dll",b
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
                O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
                O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
                O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
                O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab
                O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
                O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
                O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172253956656
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camacvt.vmail.ch:82/activex/AxisCamControl.cab
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://www.smscity.nl/members/voip/smscity.CAB
                O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
                O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                O20 - Winlogon Notify: awtttssR - awtttssR.dll (file missing)
                O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
                O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

                --
                End of file - 13891 bytes

                -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

                backup-20080508-183045-111 O4 - HKCU\..\Run: [gduwuqd] c:\documents and settings\daniel\local settings\application data\gduwuqd.exe gduwuqd
                backup-20080508-183045-297 O4 - HKCU\..\Run: [_iexplorer] C:\Programdata\System\iexplorer.exe
                backup-20080508-183045-308 O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Daniel\svchost.exe
                backup-20080508-183045-529 O4 - HKLM\..\Run: [_iexplorer] C:\Programdata\System\iexplorer.exe
                backup-20080508-183045-611 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

                -- File Associations -----------------------------------------------------------

                .reg - regfile - shell\open\command - "regedit.exe" "%1"


                -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

                R1 oreans32 - c:\windows\system32\drivers\oreans32.sys

                S1 removigbb (Driver para remover Gb Plugin) - c:\windrv.sys (file missing)
                S3 AdfuUd (%USB\VID_10D6&PID_1160.DeviceDesc%) - c:\windows\system32\drivers\adfuud.sys
                S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
                S3 RT73 (Sitecom Wireless Network USB Adapter RT73 Turbo G Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


                -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

                R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

                S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


                -- Device Manager: Disabled ----------------------------------------------------

                No disabled devices found.


                -- Scheduled Tasks -------------------------------------------------------------

                2008-05-08 18:17:00 256 --a------ C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job
                2008-05-02 17:15:00 390 --a------ C:\WINDOWS\Tasks\Easy Onderhoud.job


                -- Files created between 2008-04-08 and 2008-05-08 -----------------------------

                2008-05-08 19:10:12 217675 --ahs---- C:\WINDOWS\system32\LoWvvyxx.ini2
                2008-05-08 19:07:10 0 d-------- C:\RVAXO
                2008-05-08 18:36:24 821063 --a------ C:\WINDOWS\system32\RVAXO.bat
                2008-05-08 18:36:24 69632 --a------ C:\WINDOWS\system32\remove.exe
                2008-05-08 18:24:14 0 d--hs---- C:\Documents and Settings\Daniel\Onlangs geopend
                2008-05-08 11:49:50 0 d-------- C:\Program Files\Trend Micro
                2008-05-08 00:16:02 2112 --a------ C:\WINDOWS\system32\sxnbsdus.exe
                2008-05-08 00:15:58 96832 --a------ C:\WINDOWS\system32\ljlmrojo.dll
                2008-05-08 00:12:58 106560 --a------ C:\WINDOWS\system32\jodhjros.dll
                2008-05-07 23:56:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                2008-05-07 23:56:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
                2008-05-07 23:14:27 0 d-------- C:\Documents and Settings\Daniel\Application Data\iTelevision
                2008-05-07 12:06:23 280576 --a------ C:\WINDOWS\system32\xxyvvWoL.dll
                2008-05-07 12:04:01 0 --a------ C:\WINDOWS\system32\taskkill.exe
                2008-05-07 12:03:58 0 d--hs---- C:\Documents and Settings\Daniel\!
                2008-05-07 12:01:23 0 d-------- C:\WINDOWS\system32\bkEur05
                2008-04-30 14:13:19 16766201 -----n--- C:\avg7qt.dat
                2008-04-29 15:40:21 65549 --a------ C:\WINDOWS\BricoPackUninst.cmd
                2008-04-29 15:36:53 6116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
                2008-04-29 15:36:23 0 d-------- C:\WINDOWS\BricoPacks
                2008-04-29 15:22:06 0 d-------- C:\Program Files\InternetGameBox
                2008-04-25 15:24:35 0 d-------- C:\Program Files\Microsoft Silverlight
                2008-04-19 15:53:25 0 d-------- C:\Program Files\SAGEM
                2008-04-16 18:01:40 0 d-------- C:\NVIDIA
                2008-04-16 17:55:35 0 d-------- C:\Program Files\filehippo.com


                -- Find3M Report ---------------------------------------------------------------

                2008-05-08 18:25:12 0 d-------- C:\Documents and Settings\Daniel\Application Data\AVG7
                2008-05-08 18:24:28 0 d-------- C:\Documents and Settings\Daniel\Application Data\LimeWire
                2008-05-08 15:34:18 0 d--h----- C:\Program Files\InstallShield Installation Information
                2008-05-08 15:00:09 0 d-------- C:\Program Files\Yahoo!
                2008-05-05 19:15:08 0 d-------- C:\Program Files\WarRock
                2008-05-04 22:03:54 0 d-------- C:\Documents and Settings\Daniel\Application Data\uTorrent
                2008-04-29 15:42:08 0 d-------- C:\Program Files\Movie Maker
                2008-04-29 15:40:21 219136 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Besturingssysteem Microsoft® Windows®>
                2008-04-20 15:53:53 0 d-------- C:\Program Files\SopCast
                2008-04-18 18:53:59 0 d-------- C:\Documents and Settings\Daniel\Application Data\Adobe
                2008-04-17 16:04:17 0 d-------- C:\Program Files\Google
                2008-03-30 12:10:12 477824 --a------ C:\WINDOWS\system32\perfh013.dat
                2008-03-30 12:10:12 86136 --a------ C:\WINDOWS\system32\perfc013.dat
                2008-03-29 21:49:25 0 d-------- C:\Program Files\Cheat Engine
                2008-03-21 12:15:23 196608 --a------ C:\WINDOWS\system32\wge.exe
                2008-03-21 12:15:23 83974 --a------ C:\WINDOWS\system32\msnmsgr.exe
                2008-03-20 21:54:38 0 d-------- C:\Documents and Settings\Daniel\Application Data\Web Page Maker V2
                2008-03-19 21:46:04 0 d-------- C:\Documents and Settings\Daniel\Application Data\LimeWirePlus


                -- Registry Dump ---------------------------------------------------------------

                *Note* empty entries & legit default entries are not shown


                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE1098F-C6CB-4B99-AEDD-483DAEF9D65F}]
                07-05-2008 12:06 280576 --a------ C:\WINDOWS\system32\xxyvvWoL.dll

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}]

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89d49641-1e26-46db-b43e-801648b931ca}]
                08-05-2008 00:12 106560 --a------ C:\WINDOWS\system32\jodhjros.dll

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [07-01-2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
                "RTHDCPL"="RTHDCPL.EXE" [12-09-2006 16:58 C:\WINDOWS\RTHDCPL.EXE]
                "SkyTel"="SkyTel.EXE" [16-05-2006 18:04 C:\WINDOWS\SkyTel.exe]
                "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05-12-2007 01:41]
                "nwiz"="nwiz.exe" [05-12-2007 01:41 C:\WINDOWS\system32\nwiz.exe]
                "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [13-07-2006 07:21]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
                "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29-06-2007 06:24]
                "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 08:00]
                "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [29-01-2008 17:41]
                "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 11:25]
                "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25-10-2007 17:33]
                "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25-02-2008 12:23]
                "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 23:16]
                "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05-12-2007 01:41]
                "d853cb5d"="C:\WINDOWS\system32\ljlmrojo.dll" [08-05-2008 00:15]

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]
                "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
                "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03-05-2007 12:41]
                "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [18-07-2007 17:55]
                "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [24-11-2007 23:51]

                C:\Documents and Settings\Daniel\Menu Start\Programma's\Opstarten\
                RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [19-3-2007 0:05:02]

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                "DisableRegistryTools"=0 (0x0)

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttssR]
                awtttssR.dll

                [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                "Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyvvWoL

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
                @="Service"

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
                @="Volume shadow copy"

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
                path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
                backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel^Menu Start^Programma's^Opstarten^Microsoft Office Groove.lnk]
                path=C:\Documents and Settings\Daniel\Menu Start\Programma's\Opstarten\Microsoft Office Groove.lnk
                backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
                "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\demoxi identity]
                "C:\Program Files\demoxi\identity\0.8.1.660\bin\demoxi.exe"

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
                "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
                "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                C:\WINDOWS\system32\NeroCheck.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


                [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
                "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



                -- End of Deckard's System Scanner: finished at 2008-05-08 19:15:55 ------------

                Comment


                • #9
                  Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
                  Dubbelklik op KillAFile.exe om de tool te starten.
                  In het keuzemenu kies je voor optie 1:
                  1: Delete a file on reboot
                  Wanneer deze melding verschijnt
                  Code:
                  Insert full path and filename to delete.
                  and then press enter:
                  tik je dit in: C:\WINDOWS\system32\xxyvvWoL.dll
                  Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
                  Sta dit toe.
                  Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

                  Comment


                  • #10
                    KILLAFILE - logfile


                    Running from: "C:\Documents and Settings\Daniel\Bureaublad"

                    Delete on reboot: C:\WINDOWS\system32\xxyvvWoL.dll

                    --- Rebooting the computer ---

                    C:\WINDOWS\system32\xxyvvWoL.dll not deleted


                    Finished!

                    Comment


                    • #11
                      Download The Avenger en pak het programma uit op je bureaublad.
                      Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
                      In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:


                      Folders to delete:
                      C:\WINDOWS\system32\bkEur05

                      Files to delete:
                      C:\WINDOWS\system32\LoWvvyxx.ini
                      C:\WINDOWS\system32\LoWvvyxx.ini2
                      C:\WINDOWS\system32\sxnbsdus.exe
                      C:\WINDOWS\system32\ljlmrojo.dll
                      C:\WINDOWS\system32\jodhjros.dll
                      C:\WINDOWS\system32\xxyvvWoL.dll
                      C:\WINDOWS\system32\taskkill.exe


                      Klik daarna op de knop Execute.
                      The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                      Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

                      Comment


                      • #12
                        Logfile of The Avenger Version 2.0, (c) by Swandog46
                        http://swandog46.geekstogo.com

                        Platform: Windows XP

                        *******************

                        Script file opened successfully.
                        Script file read successfully.

                        Backups directory opened successfully at C:\Avenger

                        *******************

                        Beginning to process script file:

                        Rootkit scan active.
                        No rootkits found!

                        Folder "C:\WINDOWS\system32\bkEur05" deleted successfully.
                        File "C:\WINDOWS\system32\LoWvvyxx.ini" deleted successfully.
                        File "C:\WINDOWS\system32\LoWvvyxx.ini2" deleted successfully.
                        File "C:\WINDOWS\system32\sxnbsdus.exe" deleted successfully.
                        File "C:\WINDOWS\system32\ljlmrojo.dll" deleted successfully.
                        File "C:\WINDOWS\system32\jodhjros.dll" deleted successfully.
                        File "C:\WINDOWS\system32\xxyvvWoL.dll" deleted successfully.
                        File "C:\WINDOWS\system32\taskkill.exe" deleted successfully.

                        Completed script processing.

                        *******************

                        Finished! Terminate.


                        _________

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 20:01:59, on 8-5-2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\LEXBCES.EXE
                        C:\WINDOWS\system32\LEXPPS.EXE
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\system32\NOTEPAD.EXE
                        C:\WINDOWS\RTHDCPL.EXE
                        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                        C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
                        C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                        C:\Program Files\QuickTime\QTTask.exe
                        C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
                        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                        C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                        C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                        C:\Program Files\Bonjour\mDNSResponder.exe
                        C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
                        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                        C:\WINDOWS\system32\cisvc.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
                        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                        C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
                        C:\WINDOWS\system32\nvsvc32.exe
                        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                        C:\WINDOWS\system32\PnkBstrA.exe
                        C:\WINDOWS\system32\tcpsvcs.exe
                        C:\WINDOWS\System32\snmp.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Internet Explorer\IEXPLORE.EXE
                        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                        C:\WINDOWS\system32\cidaemon.exe
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                        O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - (no file)
                        O2 - BHO: (no name) - {5FAF2C8D-2EB7-470F-A43E-4BD2D0C34685} - C:\WINDOWS\system32\xxyvvWoL.dll (file missing)
                        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O2 - BHO: (no name) - {89d49641-1e26-46db-b43e-801648b931ca} - C:\WINDOWS\system32\jodhjros.dll (file missing)
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
                        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                        O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
                        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                        O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
                        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [d853cb5d] rundll32.exe "C:\WINDOWS\system32\ljlmrojo.dll",b
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
                        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                        O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
                        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                        O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                        O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                        O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
                        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
                        O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab
                        O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
                        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                        O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
                        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
                        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172253956656
                        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                        O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camacvt.vmail.ch:82/activex/AxisCamControl.cab
                        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                        O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://www.smscity.nl/members/voip/smscity.CAB
                        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
                        O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                        O20 - Winlogon Notify: awtttssR - awtttssR.dll (file missing)
                        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                        O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                        O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
                        O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                        O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

                        --
                        End of file - 13847 bytes
                        Last edited by daniel92; 08-05-08, 20:02.

                        Comment


                        • #13
                          Start Hijackthis en vink alleen de volgende regels aan:
                          O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - (no file)
                          O2 - BHO: (no name) - {5FAF2C8D-2EB7-470F-A43E-4BD2D0C34685} - C:\WINDOWS\system32\xxyvvWoL.dll (file missing)
                          O2 - BHO: (no name) - {89d49641-1e26-46db-b43e-801648b931ca} - C:\WINDOWS\system32\jodhjros.dll (file missing)
                          O4 - HKLM\..\Run: [d853cb5d] rundll32.exe "C:\WINDOWS\system32\ljlmrojo.dll",b
                          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
                          O20 - Winlogon Notify: awtttssR - awtttssR.dll (file missing)

                          Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

                          Herstart je computer.

                          Post na de herstart een nieuw logje van Hijackthis

                          Comment


                          • #14
                            ik zie geen O4 - HKLM\..\Run: [d853cb5d] rundll32.exe "C:\WINDOWS\system32\ljlmrojo.dll",b

                            log :

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 23:26:47, on 8-5-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\LEXBCES.EXE
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\WINDOWS\system32\LEXPPS.EXE
                            C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
                            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                            C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                            C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\Program Files\Bonjour\mDNSResponder.exe
                            C:\WINDOWS\system32\cisvc.exe
                            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                            C:\WINDOWS\RTHDCPL.EXE
                            C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
                            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                            C:\Program Files\QuickTime\QTTask.exe
                            C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
                            C:\WINDOWS\system32\nvsvc32.exe
                            C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                            C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                            C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
                            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                            C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\WINDOWS\system32\PnkBstrA.exe
                            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                            C:\WINDOWS\system32\PnkBstrB.exe
                            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
                            C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                            C:\WINDOWS\system32\tcpsvcs.exe
                            C:\WINDOWS\System32\snmp.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
                            C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                            C:\Program Files\Internet Explorer\IEXPLORE.EXE
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
                            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
                            O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                            O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                            O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
                            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                            O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                            O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                            O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                            O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                            O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
                            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
                            O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                            O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
                            O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                            O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                            O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                            O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
                            O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
                            O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab
                            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                            O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
                            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
                            O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172253956656
                            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                            O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://camacvt.vmail.ch:82/activex/AxisCamControl.cab
                            O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                            O16 - DPF: {BC4B2F36-CC7E-4995-ADF6-EAB4F4C4BA14} (IaxClientOcx Control) - http://www.smscity.nl/members/voip/smscity.CAB
                            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game05.zylom.com/activex/zylomgamesplayer.cab
                            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                            O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - http://static.photobox.co.uk/sg/common/uploader_uni.cab
                            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                            O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
                            O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                            O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
                            O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
                            O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
                            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                            O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                            O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

                            --
                            End of file - 13162 bytes

                            Comment


                            • #15
                              Logje ziet er goed uit

                              Open de map RVAXO op je bureaublad nog een keer.
                              Dubbelklik RunMe.cmd en wacht geduldig tot het venster sluit.
                              Zoek nu het volgende bestand eens op: C:\RVAXO-Vfind.log
                              Post de inhoud van dit logje in je volgende bericht

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X